As of Linkerd 2.14, when I specify AuthorizationPolicy on a HTTPRoute it automatically makes all unspecified routes deny? I remember this from one of the workshops https://www.youtube.com/watch?v=hzj65jVtEwc Thus if I just want to deny access only to /internal/ , I have to allow access and enumerat…

I tried this with a config like: --- apiVersion: policy.linkerd.io/v1beta1 kind: Server metadata: name: web-server namespace: emojivoto spec: podSelector: matchLabels: app: web-svc port: http --- apiVersion: policy.linkerd.io/v1beta1 kind: HTTPRoute metadata: name: web-internal-…

Interesting question. I believe we support regex matching for paths in HTTPRoutes using the Rust regex library . Unfortunately this library does not support lookahead, so something like ^(?!internal) won’t work. There are ways to create negative regular expressions but it won’t be pretty. You could …

Thanks @william , will test this out and let you know how it goes.

@Alex would you be able to explain why requiredAuthenticationRefs: [] works in this case? The reason I ask, is there seems to be a conflict in behaviour when setting requiredAuthenticationRefs If I set a requiredAuthenticationRefs containing an MTLSAuthentication which allows all identities, this …

Deny 1 route in an application with many HTTP endpoints?

Linkerd General Discussion

william September 12, 2023, 5:30pm 3

Try making one HTTPRoute (and ServerAuthorization, etc) for /internal/ that denies traffic accordingly, and a second HTTPRoute (and SA, etc) for * that allows traffic. Precedence rules for HTTPRoute should apply.

Topic		Replies	Views
AuthorizationPolicy does not appear to work with gateway HTTPRoute's Linkerd General Discussion configuration	1	65	August 20, 2025
HTTPRoute not working on subsequent calls Linkerd General Discussion proxy , configuration	6	1260	September 28, 2023
Envoy httproute conflict with linkerd URLRewrite filter is not supported Linkerd General Discussion	4	21	February 19, 2026
Linkerd View ServerAuthorization Linkerd General Discussion proxy	1	363	October 26, 2023
Authorization Policies: Allow specific non-meshed pod access to meshed pod Linkerd General Discussion configuration	3	498	May 4, 2023

Deny 1 route in an application with many HTTP endpoints?

Related topics