apisix/docs/en/latest/plugins/uri-blocker.md

---
title: uri-blocker
---

<!--
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
-->

## Summary

- [**Name**](#name)
- [**Attributes**](#attributes)
- [**How To Enable**](#how-to-enable)
- [**Test Plugin**](#test-plugin)
- [**Disable Plugin**](#disable-plugin)

## Name

The plugin helps we intercept user requests, we only need to indicate the `block_rules`.

## Attributes

| Name          | Type          | Requirement | Default | Valid      | Description                                                                 |
| ------------- | ------------- | ----------- | ------- | ---------- | --------------------------------------------------------------------------- |
| block_rules   | array[string] | required    |         |            | Regular filter rule array. Each of these items is a regular rule. If the current request URI hits any one of them, set the response code to rejected_code to exit the current user request. Example: `["root.exe", "root.m+"]`. |
| rejected_code | integer       | optional    | 403     | [200, ...] | The HTTP status code returned when the request URI hit any of `block_rules` |

## How To Enable

Here's an example, enable the `uri blocker` plugin on the specified route:

```shell
curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/*",
    "plugins": {
        "uri-blocker": {
            "block_rules": ["root.exe", "root.m+"]
        }
    },
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    }
}'
```

## Test Plugin

```shell
$ curl -i http://127.0.0.1:9080/root.exe?a=a
HTTP/1.1 403 Forbidden
Date: Wed, 17 Jun 2020 13:55:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Server: APISIX web server

... ...
```

## Disable Plugin

When you want to disable the `uri blocker` plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:

```shell
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/*",
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    }
}'
```

The `uri blocker` plugin has been disabled now. It works for other plugins.
docs: Added title to markdown under `docs` (#3685) 2021-02-26 21:40:08 +08:00			`---`
			`title: uri-blocker`
			`---`

feature: implemented plugin `uri-blocklist` . (#1727) first step: #1617 2020-06-22 14:45:55 +08:00			`<!--`
			`#`
			`# Licensed to the Apache Software Foundation (ASF) under one or more`
			`# contributor license agreements. See the NOTICE file distributed with`
			`# this work for additional information regarding copyright ownership.`
			`# The ASF licenses this file to You under the Apache License, Version 2.0`
			`# (the "License"); you may not use this file except in compliance with`
			`# the License. You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`#`
			`-->`

docs: Added title to markdown under `docs` (#3685) 2021-02-26 21:40:08 +08:00			`## Summary`
feature: implemented plugin `uri-blocklist` . (#1727) first step: #1617 2020-06-22 14:45:55 +08:00
			`- [Name](#name)`
			`- [Attributes](#attributes)`
			`- [How To Enable](#how-to-enable)`
			`- [Test Plugin](#test-plugin)`
			`- [Disable Plugin](#disable-plugin)`

			`## Name`

			The plugin helps we intercept user requests, we only need to indicate the `block_rules`.

			`## Attributes`

doc: plugin attributes format unification (#2278) * [WIP] doc api unify * [WIP] doc api unify * doc api format * fix typo 2020-09-23 08:11:27 +08:00			`\| Name \| Type \| Requirement \| Default \| Valid \| Description \|`
			`\| ------------- \| ------------- \| ----------- \| ------- \| ---------- \| --------------------------------------------------------------------------- \|`
			\| block_rules \| array[string] \| required \| \| \| Regular filter rule array. Each of these items is a regular rule. If the current request URI hits any one of them, set the response code to rejected_code to exit the current user request. Example: `["root.exe", "root.m+"]`. \|
			\| rejected_code \| integer \| optional \| 403 \| [200, ...] \| The HTTP status code returned when the request URI hit any of `block_rules` \|
feature: implemented plugin `uri-blocklist` . (#1727) first step: #1617 2020-06-22 14:45:55 +08:00
			`## How To Enable`

			Here's an example, enable the `uri blocker` plugin on the specified route:

			```shell
Revert "refactor: separate admin and proxy port in default config (#2802)" (#2871) This reverts commit b13f16744541bfbd02ae87814f77eb5893e2d859. Co-authored-by: Vinci Xu <277040271@qq.com> 2020-11-28 19:05:14 +08:00			`curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '`
feature: implemented plugin `uri-blocklist` . (#1727) first step: #1617 2020-06-22 14:45:55 +08:00			`{`
			`"uri": "/*",`
			`"plugins": {`
			`"uri-blocker": {`
			`"block_rules": ["root.exe", "root.m+"]`
			`}`
			`},`
			`"upstream": {`
			`"type": "roundrobin",`
			`"nodes": {`
			`"127.0.0.1:1980": 1`
			`}`
			`}`
			`}'`
			```

			`## Test Plugin`

			```shell
			`$ curl -i http://127.0.0.1:9080/root.exe?a=a`
			`HTTP/1.1 403 Forbidden`
			`Date: Wed, 17 Jun 2020 13:55:41 GMT`
			`Content-Type: text/html; charset=utf-8`
			`Content-Length: 150`
			`Connection: keep-alive`
			`Server: APISIX web server`

			`... ...`
			```

			`## Disable Plugin`

doc: update uri-blocker plugin docs (#1997) 2020-08-05 19:13:19 +08:00			When you want to disable the `uri blocker` plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:
feature: implemented plugin `uri-blocklist` . (#1727) first step: #1617 2020-06-22 14:45:55 +08:00
			```shell
Revert "refactor: separate admin and proxy port in default config (#2802)" (#2871) This reverts commit b13f16744541bfbd02ae87814f77eb5893e2d859. Co-authored-by: Vinci Xu <277040271@qq.com> 2020-11-28 19:05:14 +08:00			`curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '`
feature: implemented plugin `uri-blocklist` . (#1727) first step: #1617 2020-06-22 14:45:55 +08:00			`{`
			`"uri": "/*",`
			`"upstream": {`
			`"type": "roundrobin",`
			`"nodes": {`
			`"127.0.0.1:1980": 1`
			`}`
			`}`
			`}'`
			```

			The `uri blocker` plugin has been disabled now. It works for other plugins.