restrict conn.tls vars to http phases

ngrok · Nov 7, 2024 · f004f15 · f004f15
1 parent 8e38483
commit f004f15
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 16 deletions.
diff --git a/docs/tls/traffic-policy/expressions/variables.mdx b/docs/tls/traffic-policy/expressions/variables.mdx
@@ -5,7 +5,6 @@ import RestrictIPs from "/traffic-policy/actions/restrict-ips/variables.mdx";
 
 import ConnVariables from "/traffic-policy/variables/conn-tcptls.mdx";
 import ConnGeoVariables from "/traffic-policy/variables/conn.geo.mdx";
-import ConnTlsVariables from "/traffic-policy/variables/conn.tls.mdx";
 import EndpointVariables from "/traffic-policy/variables/endpoint.mdx";
 import TimeVariables from "/traffic-policy/variables/time.mdx";
 
@@ -27,8 +26,6 @@ import TimeVariables from "/traffic-policy/variables/time.mdx";
 
 <ConnGeoVariables />
 
-<ConnTlsVariables />
-
 <EndpointVariables />
 
 <TimeVariables />
diff --git a/examples/agent-config/tls-traffic-policy.mdx b/examples/agent-config/tls-traffic-policy.mdx
@@ -1,22 +1,13 @@
 ```yaml
 tunnels:
   example:
-    proto: tls
-    addr: 443
+    proto: tcp
+    addr: 22
     traffic_policy:
       on_tcp_connect:
-        - name: EnforceTLS1.3
+        - name: DenyTrafficOutsideUS
           expressions:
-            - "conn.tls.version != '1.3'"
+            - "conn.geo.country_code != 'US'"
           actions:
             - type: deny
-        - name: "LogRequestsFromKnownIP"
-          expressions:
-            - "conn.client_ip == '110.0.0.1'"
-          actions:
-            - type: log
-              config:
-                metadata:
-                  event: "known-ip"
-                  data: "110.0.0.1"
 ```