Path patterns reference
PingAccess uses application resource path patterns to match resources. This reference describes the two path pattern types used by PingAccess and how they are processed.
For more flexible resource matching, PingAccess supports two types of path matching patterns:
-
Basic
-
Regex
To specify a path pattern as Basic or Regex, enable resource ordering. When resource ordering is not enabled, all path patterns are assumed to be Basic, and are parsed as such.
Basic patterns
Basic path patterns (or “wildcard patterns”) are the default path pattern type. Each pattern defines a path to a specific resource or a pattern that matches multiple paths. Basic patterns may contain any number of “*” wildcards, which match zero to many characters in the path.
Example
/path/x/*
matches any of the following request paths:
/path/x/ /path/x/index.html /path/x/y/z/index.html
Regex patterns
Regex path pattern support occurs when you enable resource ordering.
When one or more Regex path patterns are defined, resource ordering cannot be disabled. You must delete any Regex path pattern entries before you can disable resource ordering. Regex path patterns allow for more flexibility in resource matching. |
Example
/[^/]+/[a-z]+\.html
matches any of these request paths:
/images/gallery.html /search/index.html
However, it would not match any of these paths:
/images/gallery2.html /search/pages/index.html /index.html
The supported syntax for Regex patterns is documented by the RE2 wiki.
Use of Regex path patterns in agent deployments:
-
Though Regex path patterns function in an agent deployment, a performance decrease might occur because the agent must consult PingAccess for policy decisions on all Regex path pattern resources.
-
In a deployment with Basic path patterns and Resource Ordering disabled, when a PingAccess agent receives a request for a resource, it consults its policy cache for policy decisions.
-
Agents are unable to interpret Regex path patterns, so a request to an agent for a resource with a Regex path pattern will result in the agent consulting PingAccess for each policy decision.
-
In a resource ordering scenario, the agent stops consulting its policy cache if it reaches a Regex path pattern, and continues this behavior for all resources ordered after the Regex path pattern resource, regardless of their type. Thus, the ordering of resources is critical to performance.
Consider the following scenario.
Application A: context root /, resource ordering enabled Resource 1, Basic, /content Resource 2, Regex, /\w+-\w+/.* Root Resource
If Resource 2 is ordered before Resource 1, and a request for Resource 1 is received by the agent, the agent will not leverage its policy cache, since a Regex path pattern disables caching for the associated resource and all resources after it. If Resource 1 is ordered before Resource 2, the agent will leverage its policy cache for requests to Resource 1.
The agent is only able to consult the policy cache for basic path pattern resources that are ordered before any Regex path pattern resources. If a basic path pattern resource is ordered after a Regex path pattern resource, the agent will not consult the policy cache, instead contacting PingAccess directly, therefore a performance decrease might occur.
If you are using Regex path patterns in an agent deployment, and the order in which resources are ordered is unimportant, order Regex path patterns at the end of the list. If the order is important, place the resource where appropriate to ensure the correct policy is applied at the correct time, while potentially incurring a performance impact. If your deployment makes extensive use of agents and Regex path patterns, and you are experiencing performance problems, consider redeploying these applications in a proxy configuration where possible. |