About application policy precedence
Access Gateway applications can have multiple policies. Each policy is associated with a URI, a rule type and other information. When a request is received for application with multiple policies, policies are evaluated in precedence order.
In general policies are evaluated in the following order:
- Custom policy - Custom policies are evaluated first, in the order in which they were entered chronologically. Earliest added to most recent.
- Longest to shortest - For example /a/b/c is evaluated before /a/b.
- For policies of the same length , case sensitive policies are evaluated before case insensitive policies.
- Default policy, specified by '/' is applied.
The following are example policy URI and their behavior:
URI rule and example | Case sensitive | Case insensitive |
---|---|---|
Custom | Evaluated before all other URIs policies. Evaluated in order originally entered. |
|
URI rule: /a/b/C Example:/a/b/C |
/a - does not match.
/a/b - does not match. /a/b/c - does not match. |
/a - does not match. /a/b - does not match. /a/b/c - matches if no case sensitive rule. /a/b/C - matches |
URI rule: /a/b/C |
/a - does not match. |
/a - does not match. |
URI rule: /a/b Example:/a/b |
/a - does not match. /a/b - matches. |
/a - does not match. /a/b matches if no case sensitive rule. |
URI rule: /a |
/a- matches. |
/a - matches if no case sensitive match. |
Default ("/") rule | Matches anything not matched by a prior rules. |
Additional examples, shown in order of precedence.
URI |
Case sensitive |
Comment |
---|---|---|
/a/b/c |
Yes |
Case sensitive has higher precedence then the same URI insentive. |
/a/b/c |
No |
|
/a/f |
Yes |
Both marked case sensitive, same number of elements (two) sorted lexicographically.
|
/a/b |
Yes |
|
/a/e |
No |
Both marked case insensitive, same number of elements (two) sorted lexicographically, but after case sensitive two element rules.
|
/a/b |
No |
|
/a |
No |
|
In general, sorting order is determined by:
- Custom policies: Custom policies are evaluated first and within custom policies evaluated in order entered.
- Total number of elements in URI: For example /a/b/c has three elements split by "/" (forward slash) in resource path.
- Case sensitivity: Case sensitive policies sort above case insensitive policies with the same number of elements.
- Lexicographic order: Policies are then ordered alphabetically.
Policies and upgrade
Prior to Access Gateway v2021.01.0 all policies were treated as case sensitive. During upgrade, all policies are marked as case sensitive to reflect past behavior. New policies, added post upgrade, will default to case insensitive and will need to be explicitly marked case sensitive, if required.