Add Basic Auth Traffic Policy Example

[nijikokun]

Adds Basic Auth enforcement example to the Rule Gallery. This rule mimics the Basic Auth module.

# Block all requests without Authorization Header
# Block all requests without valid username:password base64 encodings
inbound:
  - expressions:
      - |-
        !('Authorization' in req.Headers) ||
        !(
          'Basic dXNlcm5hbWU6cGFzc3dvcmQ=' in req.Headers['Authorization'] || 
          'Basic dXNlcm5hbWU6aHVudGVyMg==' in req.Headers['Authorization'] || 
          'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' in req.Headers['Authorization']
        )
    actions:
      - type: custom-response
        config:
          status_code: 401
          content: 'Authorization required.'
          headers:
            'WWW-Authenticate': 'Basic realm="MySite", charset="UTF-8"'

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
ngrok-docs	✅ Ready (Inspect)	Visit Preview	Feb 22, 2024 2:20am

[euank]

Thanks for adding another example!

This does make my security sense tingle though! It's clear it's being stored and used unhashed, so if I saw this on a technical company's websites, I'd lose some amount of trust in their security unless it also had a prominent warning of that fact, so as such, I think we should have a prominent security warning until we have a way to input pre-hashed psaswords.