Advanced Filter Option

By using these Advanced Filter Options, you can tailor Akto's analysis to focus on the specific aspects of your agent component traffic that are most relevant to your current needs.

Overview

Advanced filters allow you to:

Include or exclude specific agent components or MCP endpoints based on criteria
Focus analysis on particular HTTP methods, response codes, or content types
Target specific hosts or domains for monitoring
Create complex filtering rules using logical operators (AND, OR)

Steps to Configure

Go to Settings > Advanced traffic filters.
Click "Add new" to create a filter.
Enter the YAML configuration based on your requirements.
Click "Save" to apply the filter.

Default Blocking Filter

Akto comes with a pre-configured default filter that automatically focuses your analysis on the most relevant agent traffic by excluding common noise.

Ignores the following:

Components with response code greater than or equal to 400
HTML-type responses
Traffic from localhost server

id: DEFAULT_BLOCK_FILTER
filter:
  or:
    - response_code:
        gte: 400
    - response_headers:
        for_one:
          key:
            eq: content-type
          value:
            contains_either:
              - html
              - text/html
    - request_headers:
        for_one:
          key:
            eq: host
          value:
            regex: .*localhost.*

Use Cases

Here are some use cases that demonstrate how you can customize the Advanced Filter Options:

Case 1: Selective Host Content Filtering

Ignore agent traffic from specific hosts that have content-type text or HTML.

When to use: When you want to exclude HTML/text content from specific domains but continue monitoring other content types.

id: DEFAULT_BLOCK_FILTER
filter:
  and:
    - request_headers:
        for_one:
          key:
            eq: host
          value:
            contains_either:
              - app.akto.io
              - juiceshop.akto.io
    - response_headers:
        for_one:
          key:
            eq: content-type
          value:
            contains_either:
              - html
              - text

Case 2: Component Version and Method Filtering

Only allow components with specific version path (api/v1) and restrict to certain HTTP methods.

When to use: When you want to focus on a specific version and limit the HTTP methods being analyzed.

id: DEFAULT_ALLOW_FILTER
filter:
  and:
    method:
      contains_either:
        - GET
        - POST
        - PUT
        - DELETE
    url:
      regex: '.*api\/v1.*'

Case 3: Host Merging

Merge traffic from multiple development environments into a single Akto collection.

When to use: When different ports are opened for the same host or you have different hosts that should be treated as one collection.

id: MODIFY_CLAIMED_SITE_HOST_AUDITS
filter:
  request_headers:
    for_one:
      key:
        eq: host
      value:
        regex: '^akto-dev-\d+\.in

execute:
  type: single
  requests:
    - req:
      - modify_header:
          host: akto-dev-NUMBER.in

Explanation of Key Concepts

id: Unique identifier for the filter
filter: The main block containing filtering conditions
response_code: Filters based on HTTP status codes
method: Filters based on HTTP methods (GET, POST, PUT, DELETE, etc.)
url: Filters based on the request URL pattern
request_headers/response_headers: Filters based on HTTP headers
and/or: Logical operators to combine multiple conditions
contains_either: Matches if any of the listed values are present
regex: Uses regular expressions for pattern matching
for_one: Applies conditions to at least one of the headers

This filter will only allow traffic that meets all specified conditions. For more details on advanced filtering options, visit API Selection Filters.

PreviousAccess Type NextHow-To

Last updated 12 days ago

Good evening