Listen path matching rules

It seems unclear how the listen_path is matched. I’m using the supplied docker version running on OSX, so it has three API definitions for the portal, and I’ve added one.

The listen path is:
/v1/
If I access
http://my.host.name/v1/events
it hits the target. Unexpectedly, so does
http://my.host.name/v1x/events
If I access
http://my.host.name/xv1/events
it does not. I would only expect the first to hit the target and second to fail, as the third does.

Hi, are you using the community edition?

Can you share your API settings?

Yes, I’m using the free Pro version as part of the available OSX Docker install. I’ve since re-created the docker containers and get a different behaviour.

The second case above now fails as I would expect, but I see the following:
Listen path: /v1/foo/
if I access
http://my.host.name/v1/xxx/events
it hits the target. I would expect that to fail.

{
    "id": "5887c408b2c06900012ea960",
    "name": "Event Service",
    "slug": "event-service",
    "api_id": "fc02bbb78bf8465f41af97e0aeb40660",
    "org_id": "5886bd28b2c06900013a4c46",
    "use_keyless": true,
    "use_oauth2": false,
    "use_openid": false,
    "openid_options": {
        "providers": [],
        "segregate_by_client": false
    },
    "oauth_meta": {
        "allowed_access_types": [],
        "allowed_authorize_types": [],
        "auth_login_redirect": ""
    },
    "auth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": ""
    },
    "use_basic_auth": false,
    "enable_jwt": false,
    "use_standard_auth": false,
    "enable_coprocess_auth": false,
    "jwt_signing_method": "",
    "jwt_source": "",
    "jwt_identity_base_field": "",
    "jwt_client_base_field": "",
    "jwt_policy_field_name": "",
    "notifications": {
        "shared_secret": "",
        "oauth_on_keychange_url": ""
    },
    "enable_signature_checking": false,
    "hmac_allowed_clock_skew": -1,
    "base_identity_provided_by": "",
    "definition": {
        "location": "url",
        "key": "version"
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "v1": {
                "name": "v1",
                "expires": "",
                "paths": {
                    "ignored": [],
                    "white_list": [],
                    "black_list": []
                },
                "use_extended_paths": true,
                "extended_paths": {
                    "white_list": [
                        {
                            "path": "/events/{event_id}",
                            "method_actions": {
                                "DELETE": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                },
                                "GET": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                },
                                "PATCH": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                }
                            }
                        },
                        {
                            "path": "/events",
                            "method_actions": {
                                "GET": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                },
                                "POST": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                }
                            }
                        }
                    ],
                    "cache": [
                        "/events/{event_id}"
                    ],
                    "transform_response_headers": [
                        {
                            "delete_headers": [],
                            "add_headers": {
                                "x-tyk-cache-action-set": "1",
                                "x-tyk-cache-action-set-ttl": "300"
                            },
                            "path": "/events/{event_id}",
                            "method": "GET",
                            "act_on": false
                        }
                    ]
                },
                "global_headers": {
                    "X-WF-Api-Secret": "secret"
                },
                "global_headers_remove": [],
                "global_size_limit": 0,
                "override_target": ""
            }
        }
    },
    "uptime_tests": {
        "check_list": [],
        "config": {
            "expire_utime_after": 0,
            "service_discovery": {
                "use_discovery_service": false,
                "query_endpoint": "",
                "use_nested_query": false,
                "parent_data_path": "",
                "data_path": "",
                "port_data_path": "",
                "target_path": "",
                "use_target_list": false,
                "cache_timeout": 0,
                "endpoint_returns_list": false
            },
            "recheck_wait": 0
        }
    },
    "proxy": {
        "preserve_host_header": false,
        "listen_path": "/v1/",
        "target_url": "http://event-service.some_host.com",
        "strip_listen_path": false,
        "enable_load_balancing": false,
        "target_list": [],
        "check_host_against_uptime_tests": false,
        "service_discovery": {
            "use_discovery_service": false,
            "query_endpoint": "",
            "use_nested_query": false,
            "parent_data_path": "",
            "data_path": "",
            "port_data_path": "",
            "target_path": "",
            "use_target_list": false,
            "cache_timeout": 0,
            "endpoint_returns_list": false
        }
    },
    "disable_rate_limit": false,
    "disable_quota": false,
    "custom_middleware": {
        "pre": [
            {
               "name": "samplePreProcessMiddleware",
               "path": "/opt/tyk-gateway/middleware/sample_pre.js",
               "require_session": false
           }
       ],
        "post": [],
        "post_key_auth": [],
        "auth_check": {
            "name": "",
            "path": "",
            "require_session": false
        },
        "response": [],
        "driver": "",
        "id_extractor": {
            "extract_from": "",
            "extract_with": "",
            "extractor_config": {}
        }
    },
    "custom_middleware_bundle": "",
    "cache_options": {
        "cache_timeout": 600,
        "enable_cache": true,
        "cache_all_safe_requests": false,
        "cache_response_codes": [],
        "enable_upstream_cache_control": true
    },
    "session_lifetime": 0,
    "active": true,
    "auth_provider": {
        "name": "",
        "storage_engine": "",
        "meta": {}
    },
    "session_provider": {
        "name": "",
        "storage_engine": "",
        "meta": null
    },
    "event_handlers": {
        "events": {}
    },
    "enable_batch_request_support": false,
    "enable_ip_whitelisting": false,
    "allowed_ips": [],
    "dont_set_quota_on_create": false,
    "expire_analytics_after": 0,
    "response_processors": [
        {
            "name": "header_injector",
            "options": {}
        }
    ],
    "CORS": {
        "enable": false,
        "allowed_origins": [],
        "allowed_methods": [],
        "allowed_headers": [],
        "exposed_headers": [],
        "allow_credentials": false,
        "max_age": 0,
        "options_passthrough": false,
        "debug": false
    },
    "domain": "api.dev.westfield.io",
    "do_not_track": false,
    "tags": [],
    "enable_context_vars": false
}

The listen path is /v1/ so everything under /v1/ will be proxied, the white list should stop anything else from getting through except /events though.

It could be the slashes though, can you try removing the leading slashes from your path definitions (events and events/*).

If I remove the leading slash from the path definition for events, I get:

{
“error”: “Requested endpoint is forbidden”
}

Ok, it might be easier for yu to share the api definition, can you share it?

{
    "id": "588a992e92dac000016fd855",
    "name": "Event Service",
    "slug": "event-service",
    "api_id": "31f3da9dd55342c15a9f2e4ac21ed2d7",
    "org_id": "588a8daf92dac000019a992a",
    "use_keyless": false,
    "use_oauth2": false,
    "use_openid": false,
    "openid_options": {
        "providers": [],
        "segregate_by_client": false
    },
    "oauth_meta": {
        "allowed_access_types": [],
        "allowed_authorize_types": [],
        "auth_login_redirect": ""
    },
    "auth": {
        "use_param": true,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "api_key"
    },
    "use_basic_auth": false,
    "enable_jwt": false,
    "use_standard_auth": true,
    "enable_coprocess_auth": false,
    "jwt_signing_method": "",
    "jwt_source": "",
    "jwt_identity_base_field": "",
    "jwt_client_base_field": "",
    "jwt_policy_field_name": "",
    "notifications": {
        "shared_secret": "",
        "oauth_on_keychange_url": ""
    },
    "enable_signature_checking": false,
    "hmac_allowed_clock_skew": -1,
    "base_identity_provided_by": "",
    "definition": {
        "location": "url",
        "key": "version"
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "v1": {
                "name": "v1",
                "expires": "",
                "paths": {
                    "ignored": [],
                    "white_list": [],
                    "black_list": []
                },
                "use_extended_paths": true,
                "extended_paths": {
                    "white_list": [
                        {
                            "path": "/events/{event_id}",
                            "method_actions": {
                                "DELETE": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                },
                                "GET": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                },
                                "PATCH": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                }
                            }
                        },
                        {
                            "path": "/events",
                            "method_actions": {
                                "GET": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                },
                                "POST": {
                                    "action": "no_action",
                                    "code": 200,
                                    "data": "",
                                    "headers": {}
                                }
                            }
                        }
                    ],
                    "cache": [
                        "/events/{event_id}"
                    ],
                    "transform_response_headers": [
                        {
                            "delete_headers": [],
                            "add_headers": {
                                "x-tyk-cache-action-set": "1",
                                "x-tyk-cache-action-set-ttl": "300"
                            },
                            "path": "/events/{event_id}",
                            "method": "GET",
                            "act_on": false
                        }
                    ]
                },
                "global_headers": {
                    "X-WF-Api-Secret": "Shhh...it's secret!"
                },
                "global_headers_remove": [],
                "global_size_limit": 0,
                "override_target": ""
            }
        }
    },
    "uptime_tests": {
        "check_list": [],
        "config": {
            "expire_utime_after": 0,
            "service_discovery": {
                "use_discovery_service": false,
                "query_endpoint": "",
                "use_nested_query": false,
                "parent_data_path": "",
                "data_path": "",
                "port_data_path": "",
                "target_path": "",
                "use_target_list": false,
                "cache_timeout": 0,
                "endpoint_returns_list": false
            },
            "recheck_wait": 0
        }
    },
    "proxy": {
        "preserve_host_header": false,
        "listen_path": "/v1/",
        "target_url": "http://event-service.uat.wflops.net",
        "strip_listen_path": false,
        "enable_load_balancing": false,
        "target_list": [],
        "check_host_against_uptime_tests": false,
        "service_discovery": {
            "use_discovery_service": false,
            "query_endpoint": "",
            "use_nested_query": false,
            "parent_data_path": "",
            "data_path": "",
            "port_data_path": "",
            "target_path": "",
            "use_target_list": false,
            "cache_timeout": 0,
            "endpoint_returns_list": false
        }
    },
    "disable_rate_limit": false,
    "disable_quota": false,
    "custom_middleware": {
        "pre": [
            {
                "name": "addRequestIdMiddleware",
                "path": "/opt/tyk-gateway/middleware/add_request_id.js",
                "require_session": false
            }

        ],
        "post": [],
        "driver": "python",
        "post_key_auth": [],
        "auth_check": {
            "name": "",
            "path": "",
            "require_session": false
        },
        "response": [],
        "driver": "",
        "id_extractor": {
            "extract_from": "",
            "extract_with": "",
            "extractor_config": {}
        }
    },
    "custom_middleware_bundle": "",
    "cache_options": {
        "cache_timeout": 600,
        "enable_cache": false,
        "cache_all_safe_requests": false,
        "cache_response_codes": [],
        "enable_upstream_cache_control": false
    },
    "session_lifetime": 0,
    "active": true,
    "auth_provider": {
        "name": "",
        "storage_engine": "",
        "meta": {}
    },
    "session_provider": {
        "name": "",
        "storage_engine": "",
        "meta": null
    },
    "event_handlers": {
        "events": {}
    },
    "enable_batch_request_support": false,
    "enable_ip_whitelisting": false,
    "allowed_ips": [],
    "dont_set_quota_on_create": false,
    "expire_analytics_after": 0,
    "response_processors": [
        {
            "name": "header_injector",
            "options": {}
        }
    ],
    "CORS": {
        "enable": false,
        "allowed_origins": [],
        "allowed_methods": [],
        "allowed_headers": [],
        "exposed_headers": [],
        "allow_credentials": false,
        "max_age": 0,
        "options_passthrough": false,
        "debug": false
    },
    "domain": "api.dev.io",
    "do_not_track": false,
    "tags": [],
    "enable_context_vars": false
}