Whenever your endpoints are exposed to the internet, they will inevitably receive unwanted or malicious traffic. This can include bot activity, unauthorized access attempts, abusive requests, or even potential security threats. By denying requests at the edge, you can: 🚫 Block unauthorized access attempts before they reach your upstream service.
⚡ Reduce load on backend services by filtering unnecessary traffic.
🔐 Improve security by rejecting requests based on predefined rules.

🔍 What are the Benefits of Denying Requests?

Publicly exposed services are constantly targeted by automated scanners, bots, and unwanted traffic. Even if these requests are not inherently malicious, they can consume resources, increase latency, and degrade performance. Key Benefits:
  • Reduce Attack Surface: Stop unauthorized access attempts before they hit your backend.
  • Harden API Security: Restrict access to only legitimate users and trusted sources.
  • Improve Performance: Free up server resources by dropping unwanted requests early.
  • Protect Against Malicious Bots & Scanners: Prevent automated scripts and scrapers from overloading your API.
  • Deny requests based on geolocation rules to comply with regulations.
  • Prevent excessive requests from bad actors or misconfigured clients.

Denying Requests Examples

The following examples set up an endpoint that will deny all traffic unless the client IP is from the EU. See the IP Intelligence page for more ways you can check properties of the connecting IP address. Check out the deny request traffic policy action page for more details about how it functions and the parameters it accepts. 
apiVersion: ngrok.k8s.ngrok.com/v1alpha1
kind: AgentEndpoint
metadata:
name: example-agent-endpoint
spec:
url: https://example-hostname.ngrok.io
upstream:
  url: http://my-service.my-namespace:8080
trafficPolicy:
  inline:
    on_http_request:
      - expressions:
          - conn.client_ip.geo.location.is_eu == false
        actions:
          - type: deny
            config:
              status_code: 403