Skip to main content

Traffic Policy

Overview

This module allows you to assign a policy to your endpoints containing a series of inbound and outbound rules that can be used to influence and control traffic to and from your upstream service.

Policy rules are composed of expressions that filter the traffic on which they are applicable and actions that should take effect.

Example Usage

ngrok http 80 --policy-file /path/to/policy.yml
policy.yml
inbound:
- name: FooBarParamNotFound
expressions:
- "'bar' in getQueryParam('foo')"
actions:
- type: "custom-response"
config:
status_code: 404
content: not found
headers:
content-type: text/plain
- name: "BazCookieForLargeRequests"
expressions:
- "!hasReqCookie('baz')"
- "req.content_length > 5000"
actions:
- type: deny
outbound:
- name: "LogUnsuccessfulRequests"
expressions:
- "res.status_code < 200 && res.status_code >= 300"
actions:
- type: log
config:
metadata:
hostport: example.com:443
success: false

Behavior

Policy rules are evaluated sequentially in the order they are configured with inbound rules taking effect before the upstream server is reached and outbound rules taking effect after the upstream server responds. Whether or not the configured actions are performed is determined at runtime by the expressions.

Expression Evaluation

Policy expressions are written using the Common Expression Language (CEL). Policy expressions must evaluate to true in order for policy actions to take effect. There is no behavioral difference between adding multiple expressions to a single policy rule and having one single expression with multiple statements logically conjoined together (i.e. ["1 == 1 && 2 == 2"] is the same s ["1 == 1", "2 == 2"]).

If no expressions are specified on a policy rule, its actions will always take effect.

See expressions for variable and macro definitions.

Action Execution

If a policy's expressions are evaluated as a match against a connection, the policy's actions will be executed. If multiple actions are defined on a policy, the actions will execute sequentially.

See actions for all available actions.

Reference

Configuration

ParameterDescription
inboundA list of policy rules that will be applied to inbound traffic in the order specified.
outboundA list of policy rules that will be applied to outbound traffic in the order specified.
namePolicy rules can optionally be given a name for convenience.
expressionsA list of CEL expressions that filter which traffic a policy rule will apply to.
actionsA list of actions that will execute sequentially if the associated policy rule's expressions all match on the traffic.
typeThe type of action.
configThe configuration details of how an action should execute. Each action has its own configuration structure.

Edges

Traffic Policy is an HTTPS Edge module which can be applied to Routes.

The Traffic Policy module can be configured via the ngrok dashboard or API.