Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

regex matcher on filter chain matching #171

Open
Shikugawa opened this issue Oct 14, 2021 · 2 comments
Open

regex matcher on filter chain matching #171

Shikugawa opened this issue Oct 14, 2021 · 2 comments

Comments

@Shikugawa
Copy link
Collaborator

Shikugawa commented Oct 14, 2021

This is related with #140

The current filter chain matches by prefix or equality, but matching by regular expression will make the rules more expressive. For example, a use case could require authentication if the service is hoge1.test.com and hoge2.test.com.

@incfly
Copy link

incfly commented Oct 19, 2021

configuration with regex can be complicated. Istio has long discussion around support for regex in authz policy, but does not introduce due to the complexity. Also we'll have to dig deep when regex can be subjected to the CVE issues. See https://istio.io/latest/news/security/istio-security-2019-003/ for an example.

@incfly
Copy link

incfly commented Oct 19, 2021

#140 iteself can be supported with a new knob to deny by default if not match. Right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants