Require request authentication, but exclude specific paths

In version 1.4 it was possible to require request authentication, but exclude certain paths (see excludedPaths: https://istio.io/v1.4/docs/reference/config/security/istio.authentication.v1alpha1/#Jwt-TriggerRule).

In version 1.7 it’s documented how to require a JWT for specific paths (see https://istio.io/latest/docs/tasks/security/authentication/authn-policy/#require-valid-tokens-per-path). Is it possible to require it on all paths, but exclude certain ones? I have tried setting notPaths, but it doesn’t seem to work.

Thanks

You can set notPaths instead of paths: https://istio.io/latest/docs/reference/config/security/authorization-policy/#Operation

1 Like