代码拉取完成,页面将自动刷新
| title | keywords | description | ||||
|---|---|---|---|---|---|---|
referer-restriction |
|
This document contains information about the Apache APISIX referer-restriction Plugin. |
The referer-restriction Plugin can be used to restrict access to a Service or a Route by whitelisting/blacklisting the Referer request header.
| Name | Type | Required | Default | Valid values | Description |
|---|---|---|---|---|---|
| whitelist | array[string] | False | List of hostnames to whitelist. A hostname can start with * for wildcard. |
||
| blacklist | array[string] | False | List of hostnames to blacklist. A hostname can start with * for wildcard. |
||
| message | string | False | Your referer host is not allowed | [1, 1024] | Message returned when access is not allowed. |
| bypass_missing | boolean | False | false | When set to true, bypasses the check when the Referer request header is missing or malformed. |
:::info IMPORTANT
Only one of whitelist or blacklist attribute must be specified. They cannot work together.
:::
You can enable the Plugin on a specific Route or a Service as shown below:
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
},
"plugins": {
"referer-restriction": {
"bypass_missing": true,
"whitelist": [
"xx.com",
"*.xx.com"
]
}
}
}'
Once you have configured the Plugin as shown above, you can test it by setting Referer: http://xx.com/x:
curl http://127.0.0.1:9080/index.html -H 'Referer: http://xx.com/x'
HTTP/1.1 200 OK
...
Now, if you make a request with Referer: http://yy.com/x, the request will be blocked:
curl http://127.0.0.1:9080/index.html -H 'Referer: http://yy.com/x'
HTTP/1.1 403 Forbidden
...
{"message":"Your referer host is not allowed"}
Since we have set bypass_missing to true a request without the Referer header will be successful as the check is skipped:
curl http://127.0.0.1:9080/index.html
HTTP/1.1 200 OK
...
To disable the referer-restriction Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。