Field Policies
An extra layer of security for ensuring no unwanted values are passed through a request.
Field Policies allow for blocking or specifically allowing certain fields with set values from being used in the requests body or headers.
Configure them by using access.fieldPolicies like so:
settings:
access:
fieldPolicies:
"@number":
- value: "+123400002"
action: block
- value: "+12340000[1-9]"
matchType: regex
action: allow
Set the wanted action on encounter, available options are block and allow.
note
Supported request keys:
. Variables | @ Body | # Headers |
|---|---|---|
| ❌ | ✅ | ✅ |
Match Types
Available options for matchType are:
| Value Type | Match Type | Notes | |
|---|---|---|---|
| string | equals | pattern ~= string | case-incensitive |
| string | contains | pattern.Contains(string) | case-incensitive |
| string | prefix | string.StartsWith(pattern) | case-incensitive |
| string | suffix | string.EndsWith(pattern) | case-incensitive |
| string | regex | example: [^\S] only non-whitespace | regex |
| string | glob | example: [abc] only a|b|c | glob-style pattern |
warning
Remember that some symbols have special meanings in regex, a good rule of thumb is:
- If it is a special character, it probably needs to be escaped (
/) - Otherwise test your pattern on a regex testing site
Behavior
| Allow | Block | Result |
|---|---|---|
number=+123400003 | — | number may only be +123400003 |
| — | number=+123400002 | number may not be +123400002 |
message=hello | number=+123400002 | number may not be +123400002message may only be hello |
number=+123400003 | number=+12340000[1-9] (regex) | number may not be +123400001 through 9 except 123400003 |
Rules
- Field-scoped (policies for
adon't affect policies forb)
- Default: allow all
- Allow rules exist: default block
- Only block rules exist: default allow
- Explicit allow overrides block