Access Middleware

Access middleware is used to restrict access to specific routes or route paths. This helps secure your application by preventing unauthorized access to sensitive endpoints.

Key Features

• Rule: To block all subpaths of a route, append /* to the path explicitly.

• Tip: Always test configurations thoroughly in a staging environment before applying them to production.

---

Example: Access Middleware Configuration

The following example demonstrates how to define blocked paths using the access middleware:

middlewares:
# Middleware configuration to block specific paths
    - name: api-blocked-paths
      type: access
      paths:
        - /swagger-ui       # Blocks only /swagger-ui
        - /v2/swagger-ui    # Blocks only /v2/swagger-ui
        - /api-docs/*       # Explicitly blocks /api-docs and all subpaths
     # rule: # Optional
       # statusCode: 404 #  # Optional, Custom status code, default 403

Explanation:

• /swagger-ui: Only the exact path /swagger-ui is blocked.
• /v2/swagger-ui: Only the exact path /v2/swagger-ui is blocked.
• /api-docs/*: The path /api-docs and all subpaths (e.g., /api-docs/v1) are blocked due to the /* wildcard.

Applying Access Middleware to Routes

Here’s how to attach the access middleware to a specific route:

routes:
  - path: /protected
    name: protected
    rewrite: /
    backends:
    - endpoint: https://example.com
    methods: [POST, PUT, GET]
    healthCheck: {}
    cors: {}
    middlewares:
      - api-blocked-paths

Best Practices

• Consistency: Ensure all sensitive paths are accounted for in the middleware configuration.
• Granularity: Use /* judiciously to block subpaths where necessary.
• Testing: Validate all configurations in a non-production environment before deployment.

By adhering to these guidelines, you can effectively use access middleware to secure your application routes.