authorityFilter is the right tool when the port is part of the match criteria. It pairs well with TLS related actions and with upstream routing because both depend on the destination authority being known early in the connection lifecycle.
Use authorityFilter when both the host and the port matter for the match. It is the right filter for development setups where the same hostname is served on multiple ports, for matching non default TLS ports, or for distinguishing a debug instance from a production instance on the same domain.
Typical situations:
api.internal.example.com:8443.The filter evaluates on the onAuthorityReceived scope, so it fires as soon as Fluxzy parses the CONNECT or the absolute target. If you only care about the host and not the port, use hostFilter, it is more concise.
Attach a client certificate to outbound traffic going to your internal payments service on 8443, leaving any other port untouched.
rules:
- filter:
typeKind: AuthorityFilter
port: 8443
pattern: payments.internal.example.com
operation: Exact
actions:
- typeKind: SetClientCertificateAction
clientCertificate:
retrieveMode: FromPkcs12
pkcs12File: /etc/fluxzy/payments-client.p12
pkcs12Password: changeit
Simulate a slow link only for a development service running on port 5000 while keeping the rest of the workload at full speed.
rules:
- filter:
typeKind: AuthorityFilter
port: 5000
pattern: dev.example.com
operation: Exact
actions:
- typeKind: AverageThrottleAction
bandwidthBytesPerSeconds: 64000
Return a canned response for any HTTPS subdomain of legacy.example.com to verify the upstream code path before the real backend is ready.
rules:
- filter:
typeKind: AuthorityFilter
port: 443
pattern: legacy.example.com
operation: EndsWith
actions:
- typeKind: MockedResponseAction
response:
statusCode: 200
body:
type: fromString
text: '{"status":"mocked"}'
contentType: application/json
Select exchange according to hostname and a port
Evaluation scope defines the timing where this filter will be applied.
onAuthorityReceived This scope denotes the moment fluxzy is aware the destination authority. In a regular proxy connection, it will occur the moment where fluxzy parsed the CONNECT request.
authorityFilter
The following table describes the customizable properties available for this filter:
| Property | Type | Description | DefaultValue |
|---|---|---|---|
| port | int32 | The remote port | 0 |
| pattern | string | The string pattern to search | |
| operation | exact | contains | startsWith | endsWith | regex | The search operation performed | exact |
| caseSensitive | boolean | true if the Search should be case sensitive | false |
| inverted | boolean | Negate the filter result | false |
The following examples apply a comment to the filtered exchange
Select only request from host fluxzy.io at port 8080.
rules:
- filter:
typeKind: AuthorityFilter
port: 8080
description: Authority (Host and port)
pattern: fluxzy.io
operation: Exact
actions:
- typeKind: ApplyCommentAction
comment: filter was applied
Select any exchanges going to a subdomain of google.com at port 443.
rules:
- filter:
typeKind: AuthorityFilter
port: 443
description: Authority (Host and port)
pattern: google.com
operation: EndsWith
actions:
- typeKind: ApplyCommentAction
comment: filter was applied
View definition of AuthorityFilter for .NET integration.
The following filters are related to this filter:
authorityFilter takes both a hostname pattern and a port, hostFilter only matches the hostname. Use authorityFilter when the port is part of what makes the target unique.
Yes, port is required and is matched exactly. Set it to the expected listening port, for example 443 for HTTPS or 8443 for a non standard TLS endpoint.
Yes. Set operation to Regex and supply a regular expression in pattern. Default operation is Exact for authorityFilter.
Yes. The onAuthorityReceived scope is triggered by both CONNECT requests and direct HTTP requests, so authorityFilter works in transparent and explicit proxy modes.