Skip to main content
Version: 2.8

ua-restriction

Summary#

Name#

The ua-restriction can restrict access to a Service or a Route by allowlist and denylist User-Agent header.

Attributes#

NameTypeRequirementDefaultValidDescription
bypass_missingbooleanoptionalfalseWhether to bypass the check when the User-Agent header is missing
allowlistarray[string]optionalA list of allowed User-Agent headers.
denylistarray[string]optionalA list of denied User-Agent headers.
messagestringoptionalNot allowed.length range: [1, 1024]Message of deny reason.

Any of allowlist or denylist can be optional, and can work together in this order: allowlist->denylist

The message can be user-defined.

How To Enable#

Creates a route or service object, and enable plugin ua-restriction.

curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '{    "uri": "/index.html",    "upstream": {        "type": "roundrobin",        "nodes": {            "127.0.0.1:1980": 1        }    },    "plugins": {        "ua-restriction": {             "bypass_missing": true,             "allowlist": [                 "my-bot1",                 "(Baiduspider)/(\\d+)\\.(\\d+)"             ],             "denylist": [                 "my-bot2",                 "(Twitterspider)/(\\d+)\\.(\\d+)"             ]        }    }}'

Default returns {"message":"Not allowed"} when rejected. If you want to use a custom message, you can configure it in the plugin section.

"plugins": {    "ua-restriction": {        "denylist": [            "my-bot2",            "(Twitterspider)/(\\d+)\\.(\\d+)"        ],        "message": "Do you want to do something bad?"    }}

Test Plugin#

Requests from normal User-Agent:

$ curl http://127.0.0.1:9080/index.html -iHTTP/1.1 200 OK...

Requests with the bot User-Agent:

$ curl http://127.0.0.1:9080/index.html --header 'User-Agent: Twitterspider/2.0'HTTP/1.1 403 Forbidden

Disable Plugin#

When you want to disable the ua-restriction plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:

$ curl http://127.0.0.1:2379/v2/keys/apisix/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d value='{    "uri": "/index.html",    "plugins": {},    "upstream": {        "type": "roundrobin",        "nodes": {            "39.97.63.215:80": 1        }    }}'

The ua-restriction plugin has been disabled now. It works for other plugins.