istioenvoyproxycustom-error-handling

How to customize the error code and response body from Istio on AuthorizationPolicy deny?


When a request is denied the reply back is:

HTTP 403
RBAC: access denied

Is there any way of customising this error to have a different status code and reply body?


Solution

  • It is currently not possible with Istio API, however there is a feature request for that on Github.

    There is also a workaround using an envoy filter to customize that response.

    Note, however, that Envoy filters are low-level constructs compared to Istio API and Istio doc says:

    This feature must be used with care, as incorrect configurations could potentially destabilize the entire mesh.