Overview
The Block Path feature is designed to deny access to specific request paths. When a user attempts to access a blocked path, the service will return an HTTP 403 Forbidden response.
This is useful for hiding admin pages, preventing access to sensitive endpoints, and blocking specific API routes.
Configuration Options
Regex Defines the list of comma separated path patterns that should be blocked.
Uses regular expressions for flexible pattern matching.
Supports blocking subpaths and dynamic routes.
Incorrect regex patterns may cause the plugin to fail.
Example Scenario
Consider the following configuration:
Regex: ^/admin(.*),^/private/.*Request Flow:
Request # |
Request Path |
Allowed? |
Reason |
|---|---|---|---|
1 |
/admin |
❌ No |
Blocked by regex |
2 |
/public |
✅ Yes |
Blocked by regex |
3 |
/admin/settings |
❌ No |
Not listed in blocked paths. |
4 |
/private/data |
❌ No |
Blocked by regex |
Use Cases
Admin Panel Protection: Prevent unauthorized access to admin endpoints.
API Endpoint Security: Block access to sensitive internal API paths.
Content Restriction: Hide specific URLs from public access.
By configuring Block Path correctly, you can secure your app’s endpoints, prevent unauthorized access, and enforce route-level restrictions.