Server name matcher

Warning

This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.

.xds.type.matcher.v3.ServerNameMatcher

[.xds.type.matcher.v3.ServerNameMatcher proto]

Matches a fully qualified server name against a set of domain names with optional wildcards.

{
  "domain_matchers": []
}
domain_matchers

(repeated .xds.type.matcher.v3.ServerNameMatcher.DomainMatcher) Match a server name by multiple domain matchers. Each domain, exact or wildcard, must appear at most once across all the domain matchers.

The server name will be matched against all wildcard domains starting from the longest suffix, i.e. www.example.com input will be first matched against www.example.com, then *.example.com, then *.com, then *, until the associated matcher action accepts the input. Note that wildcards must be on a dot border, and values like *w.example.com are invalid.

.xds.type.matcher.v3.ServerNameMatcher.DomainMatcher

[.xds.type.matcher.v3.ServerNameMatcher.DomainMatcher proto]

Specifies a set of exact and wildcard domains and a match action. The wildcard symbol * must appear at most once as the left-most part of the domain on a dot border. The wildcard matches one or more non-empty domain parts.

{
  "domains": [],
  "on_match": "{...}"
}
domains

(repeated string, REQUIRED) A non-empty set of domain names with optional wildcards, e.g. www.example.com, *.com, or *.

on_match

(.xds.type.matcher.v3.Matcher.OnMatch) Match action to apply when the server name matches any of the domain names in the matcher.