docs/en/latest/plugins/ua-restriction.md

title: ua-restriction

Summary

Name
Attributes
How To Enable
Test Plugin
Disable Plugin

Name

The ua-restriction can restrict access to a Service or a Route by allowlist and denylist User-Agent header.

Attributes

Name	Type	Requirement	Default	Valid	Description
bypass_missing	boolean	optional	false		Whether to bypass the check when the User-Agent header is missing
allowlist	array[string]	optional			A list of allowed User-Agent headers.
denylist	array[string]	optional			A list of denied User-Agent headers.
message	string	optional	Not allowed.	length range: [1, 1024]	Message of deny reason.

Any of allowlist or denylist can be optional, and can work together in this order: allowlist->denylist

The message can be user-defined.

How To Enable

Creates a route or service object, and enable plugin ua-restriction.

curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/index.html",
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    },
    "plugins": {
        "ua-restriction": {
             "bypass_missing": true,
             "allowlist": [
                 "my-bot1",
                 "(Baiduspider)/(\\d+)\\.(\\d+)"
             ],
             "denylist": [
                 "my-bot2",
                 "(Twitterspider)/(\\d+)\\.(\\d+)"
             ]
        }
    }
}'

Default returns {"message":"Not allowed"} when rejected. If you want to use a custom message, you can configure it in the plugin section.

"plugins": {
    "ua-restriction": {
        "denylist": [
            "my-bot2",
            "(Twitterspider)/(\\d+)\\.(\\d+)"
        ],
        "message": "Do you want to do something bad?"
    }
}

Test Plugin

Requests from normal User-Agent:

$ curl http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...

Requests with the bot User-Agent:

$ curl http://127.0.0.1:9080/index.html --header 'User-Agent: Twitterspider/2.0'
HTTP/1.1 403 Forbidden

Disable Plugin

When you want to disable the ua-restriction plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:

$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/index.html",
    "plugins": {},
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    }
}'

The ua-restriction plugin has been disabled now. It works for other plugins.