Hi
What’s the best way to restrict access based on path part?
For example: I want to enable policy access for “/foo” but restrict it for “/foo/{foo_id}/bar” and “/foo/{foo_id}/bar2” etc.
Define a regex in the policy “Path-based permissions” where it checks if after “/organizations/“ there isn’t a “/“ with negative lookahead?
I tried regex “/organizations/?((?!/).)*” but I could still access “/foo/{foo_id}/bar”.
Hi Tarmo,
you can do this by configuring access_rights.
This documentation should help.
Kos @ Tyk Support Team
Thanks for the reply.
I used the policy “Path-based permissions” in the dashboard to configure access_rights.
I tried regex “/foo/?((?!/).)*$” but adding the “$” negated all path-based permissions and allowed all requests. Does it use some special syntax to mark the end of string? Could there be a bug where it doesn’t recognize the “$”?
Hi Tarmo,
can you provide an example of a test RegEx, a test URL, and an expected output?
This works as a whitelist, as the documentation says: “Granular path control allows you to define which methods and paths a key is allowed to access on a per API-version basis.”
You can test the whitelist/blacklist features in the Endpoint Designer too.
Do you want to allow access to /organizations but not to /organizations/ , /organizations/abc ?
Thanks,
Kos @ Tyk Support Team
I want to enable policy access for “/organizations” and “/organizations/aa-123” but restrict it for “/organizations/aa-123/bar” and “/organizations/aa-123/bar2” etc.
I tried regex “/organizations/?((?!/).)*$” but adding the “$” negated all path-based permissions and allowed all requests.
Hope that helps
Is “$” not supported as a way to mark end of the path in Tyk? Is there a substitute?
Hi Tarmo,
one of my colleagues was able to reproduce your issue.
If you add this /organizations(/[A-Za-z0-9_-]*/?)?$ RegEx in your Policy -> Path-based permission should work.
Thanks,
Kos @ Tyk Support Team