Plugin to use to filter requests based on header value

To protect my API I want to filter requests going to an API by the values in the Origin header.

(I understand this can’t be spoofed in a browser)

I thought that it was pretty simple and there must be a Kong plugin for that

I have checked through all the plugins and I can’t find one. Can anyone point me in the right direction?

You can use the CORS plugin to disallow any traffic that doesn’t your Origins policy.

1 Like

Hi @Robert_Metcalf! Besides the security concerns, you can write a plugin to do that, very easy. Take a look at my Github, I have something similar (abandoned):
It would be a pleasure to help, if you need.