diff --git a/src/main/java/com/glean/proxy/filters/LegacyRequestFilter.java b/src/main/java/com/glean/proxy/filters/LegacyRequestFilter.java index 6745061..49eae5f 100644 --- a/src/main/java/com/glean/proxy/filters/LegacyRequestFilter.java +++ b/src/main/java/com/glean/proxy/filters/LegacyRequestFilter.java @@ -36,11 +36,23 @@ public HttpResponse clientToProxyRequest(HttpObject httpObject) { final String[] splitPath = httpRequest.uri().split("/", 4); if (splitPath.length < 3) { LOGGER.severe(String.format("Unexpected legacy request format: %s", httpRequest.uri())); + return createBadRequestResponse("Bad Request to URI: " + httpRequest.uri()); } - if (!"webhook".equals(splitPath[2])) { - LOGGER.severe(String.format("Unknown intent: %s", splitPath[2])); - return null; + + final String intent = splitPath[2]; + + boolean isIntentAllowed = switch (intent) { + case "webhook" -> true; + case "api", "rest" -> legacyProxy.isApiIngressAllowed(); + default -> false; + }; + + if (!isIntentAllowed) { + LOGGER.severe(String.format("Unknown or disallowed intent: %s (allowApiIngress=%s)", + intent, legacyProxy.isApiIngressAllowed())); + return createBadRequestResponse("Bad Request to URI: " + httpRequest.uri()); } + final String path = httpRequest.uri(); final String target = legacyProxy.getTargetURL(path); diff --git a/src/main/java/com/glean/proxy/filters/helpers/OnPremisesProxy.java b/src/main/java/com/glean/proxy/filters/helpers/OnPremisesProxy.java index 80aca0a..85cbcd4 100644 --- a/src/main/java/com/glean/proxy/filters/helpers/OnPremisesProxy.java +++ b/src/main/java/com/glean/proxy/filters/helpers/OnPremisesProxy.java @@ -46,6 +46,10 @@ public boolean shouldUpgradeProtocol() { return protocolUpgrade; } + public boolean isApiIngressAllowed() { + return allowApiIngress; + } + public String getTargetURLForUpgradedProtocol(String pathWithPrefix) { return String.format( "%s%s", webhookTarget.replaceFirst("^http://", "https://"), pathWithPrefix);