I am trying to implement two denier rules.
I have this requirement to only allow traffic to certain hostnames and certain URL paths to be public the rest of the access needs to be whitelisted
E.g.
hostname: myhost.example.com - allow all
Hostname: api.example.com - allow only certain URL path, /public is allowed for public access.
I was able todo this on Nginx ingress without any issues.
On istio I was able to do the first one with using match rules as request.host != myhost.example.com
When I tried to create second set of rules, handlers and instances the second rule interferes with first rule. As in the second rule is applied regardless first rule. Seems having muiltple rules cause conflicts.
So tried to combine both the rules
source.labels["istio"] == "ingressgateway" &&(match(request.host, “myhost.*”) || match(request.path, “/public*) )
But this does not seem work, any suggestions or ideas are welcome. Thanks in advance
(Typing from mobile sorry for the formatting)