TLS Variables
Action Result Variables
The following variables are available under the actions.ngrok
namespace:
Log
Name | Type | Description |
---|---|---|
actions.ngrok.log.metadata | map[string]string | The key value map of the metadata values. |
Restrict IPs
Name | Type | Description |
---|---|---|
actions.ngrok.restrict_ips.action | string | The resulting action for this action execution. Supported values are either allow or deny . |
actions.ngrok.restrict_ips.matched_cidr | string | The CIDR that matched for the incoming client ip. This may be empty. |
actions.ngrok.restrict_ips.error.code | string | Code for an error that occurred during the invocation of an action. |
actions.ngrok.restrict_ips.error.message | string | Message for an error that occurred during the invocation of an action. |
Connection Variables
The following variables are available under the conn
namespace:
Name | Type | Description |
---|---|---|
conn.client_ip | string | Source IP of the connection to the ngrok endpoint. |
conn.client_port | int32 | Source port of the connection to the ngrok endpoint. |
conn.server_ip | string | The IP that this connection was established on. |
conn.server_port | int32 | The port that this connection was established on. |
conn.ts.start | timestamp | Timestamp when the connection to ngrok was started. |
conn.client_ip
Source IP of the connection to the ngrok endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "conn.client_ip in ['::1', '127.0.0.1']"
// snippet
{
"expressions": [
"conn.client_ip in ['::1', '127.0.0.1']"
]
}
conn.client_port
Source port of the connection to the ngrok endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "conn.client_port == 80"
// snippet
{
"expressions": [
"conn.client_port == 80"
]
}
conn.server_ip
The IP that this connection was established on.
- YAML
- JSON
# snippet
---
expressions:
- "conn.server_ip == '192.168.1.1'"
// snippet
{
"expressions": [
"conn.server_ip == '192.168.1.1'"
]
}
conn.server_port
The port that this connection was established on.
- YAML
- JSON
# snippet
---
expressions:
- "conn.server_port == 80"
// snippet
{
"expressions": [
"conn.server_port == 80"
]
}
conn.ts.start
Timestamp when the connection to ngrok was started.
- YAML
- JSON
# snippet
---
expressions:
- "conn.ts.start > timestamp('2023-12-31T00:00:00Z')"
// snippet
{
"expressions": [
"conn.ts.start > timestamp('2023-12-31T00:00:00Z')"
]
}
Connection Geo Variables
The following variables are available under the conn.geo
namespace:
Name | Type | Description |
---|---|---|
conn.geo.city | string | The name of the city, in EN, where the conn.client_ip is likely to originate. |
conn.geo.country | string | The name of the country, in EN, where the conn.client_ip is likely to originate. |
conn.geo.country_code | string | The two-letter ISO country code where the conn.client_ip is likely to originate. |
conn.geo.latitude | string | The approximate latitude where the conn.client_ip is likely to originate. |
conn.geo.longitude | string | The approximate longitude where the conn.client_ip is likely to originate. |
conn.geo.radius | string | The radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate. |
conn.geo.subdivision | string | The name of the subdivision, in EN, where the conn.client_ip is likely to originate. |
conn.geo.city
The name of the city, in EN, where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.city == 'Strongsville'"
// snippet
{
"expressions": [
"conn.geo.city == 'Strongsville'"
]
}
conn.geo.country
The name of the country, in EN, where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.country == 'United States'"
// snippet
{
"expressions": [
"conn.geo.country == 'United States'"
]
}
conn.geo.country_code
The two-letter ISO country code where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.country_code != 'US'"
// snippet
{
"expressions": [
"conn.geo.country_code != 'US'"
]
}
conn.geo.latitude
The approximate latitude where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "double(conn.geo.latitude) >= 45.0"
// snippet
{
"expressions": [
"double(conn.geo.latitude) >= 45.0"
]
}
conn.geo.longitude
The approximate longitude where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "double(conn.geo.longitude) <= -93.0"
// snippet
{
"expressions": [
"double(conn.geo.longitude) <= -93.0"
]
}
conn.geo.radius
The radius in kilometers around the latitude and longitude where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.radius <= '5'"
// snippet
{
"expressions": [
"conn.geo.radius <= '5'"
]
}
conn.geo.subdivision
The name of the subdivision, in EN, where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.subdivision == 'California'"
// snippet
{
"expressions": [
"conn.geo.subdivision == 'California'"
]
}
Connection TLS Variables
The following variables are available under the conn.tls
namespace:
Name | Type | Description |
---|---|---|
conn.tls.cipher_suite | string | The cipher suite selected during the TLS handshake. |
conn.tls.sni | string | The hostname included in the ClientHello message via the SNI extension. |
conn.tls.version | string | The version of the TLS protocol used between the client and the ngrok edge. |
conn.tls.cipher_suite
The cipher suite selected during the TLS handshake.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.cipher_suite == 'TLS_AES_128_GCM_SHA256'"
// snippet
{
"expressions": [
"conn.tls.cipher_suite == 'TLS_AES_128_GCM_SHA256'"
]
}
conn.tls.sni
The hostname included in the ClientHello message via the SNI extension.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.sni == 'client.example.com'"
// snippet
{
"expressions": [
"conn.tls.sni == 'client.example.com'"
]
}
conn.tls.version
The version of the TLS protocol used between the client and the ngrok edge.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.version == '1.3'"
// snippet
{
"expressions": [
"conn.tls.version == '1.3'"
]
}
Connection TLS Client Variables
The following variables are available under the conn.tls.client
namespace:
Name | Type | Description |
---|---|---|
conn.tls.client.extensions | []Extension | Additional information added to the certificate. |
conn.tls.client.extensions[i].id | string | The identifier (OID) that specifies the type of extension. |
conn.tls.client.extensions[i].critical | bool | True if the extension is critical. |
conn.tls.client.extensions[i].value | []byte | The data for the extension. |
conn.tls.client.issuer | string | The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.client.issuer.common_name | string | Common name of the issuing authority, usually the domain name. |
conn.tls.client.issuer.country | []string | Country name(s) where the issuing authority is located. |
conn.tls.client.issuer.locality | []string | Locality or city of the issuing authority. |
conn.tls.client.issuer.organization | []string | Name(s) of the organization that issued the certificate. |
conn.tls.client.issuer.organizational_unit | []string | Division of the organization responsible for the certificate. |
conn.tls.client.issuer.postal_code | []string | Postal code of the issuing authority. |
conn.tls.client.issuer.province | []string | Province or state of the issuing authority. |
conn.tls.client.issuer.street_address | []string | Street address of the issuing authority. |
conn.tls.client.san | string | Subject alternative names of the client certificate. |
conn.tls.client.san.dns_names | []string | DNS names in the subject alternative names. |
conn.tls.client.san.email_addresses | []string | Email addresses in the subject alternative names. |
conn.tls.client.san.ip_addresses | []string | IP addresses in the subject alternative names. |
conn.tls.client.san.uris | []string | URIs in the subject alternative names. |
conn.tls.client.serial_number | string | Unique identifier for the certificate. |
conn.tls.client.signature_algorithm | string | Algorithm used to sign the certificate. |
conn.tls.client.subject | string | The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.client.subject.common_name | string | Common name of the subject, usually the domain name. |
conn.tls.client.subject.country | []string | Country name(s) where the subject of the certificate is located. |
conn.tls.client.subject.locality | []string | Locality or city where the subject is located. |
conn.tls.client.subject.organization | []string | Name(s) of the organization to which the subject belongs. |
conn.tls.client.subject.organizational_unit | []string | Division of the organization to which the subject belongs. |
conn.tls.client.subject.postal_code | []string | Postal code where the subject is located. |
conn.tls.client.subject.province | []string | Province or state where the subject is located. |
conn.tls.client.subject.street_address | []string | Street address where the subject is located. |
conn.tls.client.validity.not_after | timestamp | Expiration date and time when the certificate is no longer valid. |
conn.tls.client.validity.not_before | timestamp | Start date and time when the certificate becomes valid. |
conn.tls.client.extensions
Additional information added to the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "size(conn.tls.client.extensions) > 0"
// snippet
{
"expressions": [
"size(conn.tls.client.extensions) > 0"
]
}
conn.tls.client.extensions[i].id
The identifier (OID) that specifies the type of extension.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.extensions[0].id == '2.5.29.15'"
// snippet
{
"expressions": [
"conn.tls.client.extensions[0].id == '2.5.29.15'"
]
}
conn.tls.client.extensions[i].critical
True if the extension is critical.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.extensions[0].critical"
// snippet
{
"expressions": [
"conn.tls.client.extensions[0].critical"
]
}
conn.tls.client.extensions[i].value
The data for the extension.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.extensions[0].value == b'\x03\x02\x05 '"
// snippet
{
"expressions": [
"conn.tls.client.extensions[0].value == b'\u0003\u0002\u0005 '"
]
}
conn.tls.client.issuer
The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
// snippet
{
"expressions": [
"conn.tls.client.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
]
}
conn.tls.client.issuer.common_name
Common name of the issuing authority, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.common_name == 'exampleca.com'"
// snippet
{
"expressions": [
"conn.tls.client.issuer.common_name == 'exampleca.com'"
]
}
conn.tls.client.issuer.country
Country name(s) where the issuing authority is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.country == ['US']"
]
}
conn.tls.client.issuer.locality
Locality or city of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.locality == ['Mountain View']"
]
}
conn.tls.client.issuer.organization
Name(s) of the organization that issued the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.organization == ['Example CA']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.organization == ['Example CA']"
]
}
conn.tls.client.issuer.organizational_unit
Division of the organization responsible for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.organizational_unit == ['Certification Authority
Division']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.organizational_unit == ['Certification Authority Division']"
]
}
conn.tls.client.issuer.postal_code
Postal code of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.postal_code == ['94043']"
]
}
conn.tls.client.issuer.province
Province or state of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.province == ['California']"
]
}
conn.tls.client.issuer.street_address
Street address of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.street_address == ['1234 Encryption Way']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.street_address == ['1234 Encryption Way']"
]
}
conn.tls.client.san
Subject alternative names of the client certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"
// snippet
{
"expressions": [
"conn.tls.client.san == 'DNS:www.example.com, DNS:example.com, IP Address:192.168.1.1'"
]
}
conn.tls.client.san.dns_names
DNS names in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.dns_names == ['www.example.com', 'example.com']"
// snippet
{
"expressions": [
"conn.tls.client.san.dns_names == ['www.example.com', 'example.com']"
]
}
conn.tls.client.san.email_addresses
Email addresses in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"
// snippet
{
"expressions": [
"conn.tls.client.san.email_addresses == ['ngrok-email1@example.com', 'ngrok-email2@example.com']"
]
}
conn.tls.client.san.ip_addresses
IP addresses in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.ip_addresses == ['192.168.1.1']"
// snippet
{
"expressions": [
"conn.tls.client.san.ip_addresses == ['192.168.1.1']"
]
}
conn.tls.client.san.uris
URIs in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.uris == ['https://example.com/example']"
// snippet
{
"expressions": [
"conn.tls.client.san.uris == ['https://example.com/example']"
]
}
conn.tls.client.serial_number
Unique identifier for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
// snippet
{
"expressions": [
"conn.tls.client.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
]
}
conn.tls.client.signature_algorithm
Algorithm used to sign the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.signature_algorithm == 'SHA256-RSA'"
// snippet
{
"expressions": [
"conn.tls.client.signature_algorithm == 'SHA256-RSA'"
]
}
conn.tls.client.subject
The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject == 'CN=www.example.com'"
// snippet
{
"expressions": [
"conn.tls.client.subject == 'CN=www.example.com'"
]
}
conn.tls.client.subject.common_name
Common name of the subject, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.common_name == 'www.example.com'"
// snippet
{
"expressions": [
"conn.tls.client.subject.common_name == 'www.example.com'"
]
}
conn.tls.client.subject.country
Country name(s) where the subject of the certificate is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.client.subject.country == ['US']"
]
}
conn.tls.client.subject.locality
Locality or city where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.client.subject.locality == ['Mountain View']"
]
}
conn.tls.client.subject.organization
Name(s) of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.organization == ['Example Corp']"
// snippet
{
"expressions": [
"conn.tls.client.subject.organization == ['Example Corp']"
]
}
conn.tls.client.subject.organizational_unit
Division of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.organizational_unit == ['Web Services']"
// snippet
{
"expressions": [
"conn.tls.client.subject.organizational_unit == ['Web Services']"
]
}
conn.tls.client.subject.postal_code
Postal code where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.client.subject.postal_code == ['94043']"
]
}
conn.tls.client.subject.province
Province or state where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.client.subject.province == ['California']"
]
}
conn.tls.client.subject.street_address
Street address where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.street_address == ['1234 Secure Blvd']"
// snippet
{
"expressions": [
"conn.tls.client.subject.street_address == ['1234 Secure Blvd']"
]
}
conn.tls.client.validity.not_after
Expiration date and time when the certificate is no longer valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.validity.not_after == timestamp('2023-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.client.validity.not_after == timestamp('2023-01-01T00:00:00Z')"
]
}
conn.tls.client.validity.not_before
Start date and time when the certificate becomes valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.validity.not_before == timestamp('2020-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.client.validity.not_before == timestamp('2020-01-01T00:00:00Z')"
]
}
Connection TLS Server Variables
The following variables are available under the conn.tls.server
namespace:
Name | Type | Description |
---|---|---|
conn.tls.server.extensions | []Extension | Additional information added to the certificate. |
conn.tls.server.extensions[i].id | string | The identifier that specifies the type of extension. |
conn.tls.server.extensions[i].critical | bool | True if the extension is critical. |
conn.tls.server.extensions[i].value | []byte | The data for the extension. |
conn.tls.server.issuer | string | The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.server.issuer.common_name | string | Common name of the issuing authority, usually the domain name. |
conn.tls.server.issuer.country | []string | Country name(s) where the issuing authority is located. |
conn.tls.server.issuer.locality | []string | Locality or city of the issuing authority. |
conn.tls.server.issuer.organization | []string | Name(s) of the organization that issued the certificate. |
conn.tls.server.issuer.organizational_unit | []string | Division of the organization responsible for the certificate. |
conn.tls.server.issuer.postal_code | []string | Postal code of the issuing authority. |
conn.tls.server.issuer.province | []string | Province or state of the issuing authority. |
conn.tls.server.issuer.street_address | []string | Street address of the issuing authority. |
conn.tls.server.san | string | Subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.dns_names | []string | DNS names in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.email_addresses | []string | Email addresses in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.ip_addresses | []string | IP addresses in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.uris | []string | URIs in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.serial_number | string | Unique identifier for the certificate. |
conn.tls.server.signature_algorithm | string | Algorithm used to sign the certificate. |
conn.tls.server.subject | string | The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.server.subject.common_name | string | Common name of the subject, usually the domain name. |
conn.tls.server.subject.country | []string | Country name(s) where the subject of the certificate is located. |
conn.tls.server.subject.locality | []string | Locality or city where the subject is located. |
conn.tls.server.subject.organization | []string | Name(s) of the organization to which the subject belongs. |
conn.tls.server.subject.organizational_unit | []string | Division of the organization to which the subject belongs. |
conn.tls.server.subject.postal_code | []string | Postal code where the subject is located. |
conn.tls.server.subject.province | []string | Province or state where the subject is located. |
conn.tls.server.subject.street_address | []string | Street address where the subject is located. |
conn.tls.server.validity.not_after | timestamp | Expiration date and time when the certificate is no longer valid. |
conn.tls.server.validity.not_before | timestamp | Start date and time when the certificate becomes valid. |
conn.tls.server.extensions
Additional information added to the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "size(conn.tls.server.extensions) > 0"
// snippet
{
"expressions": [
"size(conn.tls.server.extensions) > 0"
]
}
conn.tls.server.extensions[i].id
The identifier that specifies the type of extension.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.extensions[0].id == '2.5.29.15'"
// snippet
{
"expressions": [
"conn.tls.server.extensions[0].id == '2.5.29.15'"
]
}
conn.tls.server.extensions[i].critical
True if the extension is critical.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.extensions[0].critical"
// snippet
{
"expressions": [
"conn.tls.server.extensions[0].critical"
]
}
conn.tls.server.extensions[i].value
The data for the extension.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.extensions[0].value == b'\x03\x02\x05 '"
// snippet
{
"expressions": [
"conn.tls.server.extensions[0].value == b'\u0003\u0002\u0005 '"
]
}
conn.tls.server.issuer
The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
// snippet
{
"expressions": [
"conn.tls.server.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
]
}
conn.tls.server.issuer.common_name
Common name of the issuing authority, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.common_name == 'exampleca.com'"
// snippet
{
"expressions": [
"conn.tls.server.issuer.common_name == 'exampleca.com'"
]
}
conn.tls.server.issuer.country
Country name(s) where the issuing authority is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.country == ['US']"
]
}
conn.tls.server.issuer.locality
Locality or city of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.locality == ['Mountain View']"
]
}
conn.tls.server.issuer.organization
Name(s) of the organization that issued the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.organization == ['Example CA']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.organization == ['Example CA']"
]
}
conn.tls.server.issuer.organizational_unit
Division of the organization responsible for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.organizational_unit == ['Certification Authority
Division']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.organizational_unit == ['Certification Authority Division']"
]
}
conn.tls.server.issuer.postal_code
Postal code of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.postal_code == ['94043']"
]
}
conn.tls.server.issuer.province
Province or state of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.province == ['California']"
]
}
conn.tls.server.issuer.street_address
Street address of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.street_address == ['1234 Encryption Way']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.street_address == ['1234 Encryption Way']"
]
}
conn.tls.server.san
Subject alternative names of the server certificate of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"
// snippet
{
"expressions": [
"conn.tls.server.san == 'DNS:www.example.com, DNS:example.com, IP Address:192.168.1.1'"
]
}
conn.tls.server.san.dns_names
DNS names in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.dns_names == ['ngrok-dns.com', 'ngrok-dns2.com']"
// snippet
{
"expressions": [
"conn.tls.server.san.dns_names == ['ngrok-dns.com', 'ngrok-dns2.com']"
]
}
conn.tls.server.san.email_addresses
Email addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"
// snippet
{
"expressions": [
"conn.tls.server.san.email_addresses == ['ngrok-email1@example.com', 'ngrok-email2@example.com']"
]
}
conn.tls.server.san.ip_addresses
IP addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.ip_addresses == ['192.168.1.1']"
// snippet
{
"expressions": [
"conn.tls.server.san.ip_addresses == ['192.168.1.1']"
]
}
conn.tls.server.san.uris
URIs in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.uris == ['https://example.com/example']"
// snippet
{
"expressions": [
"conn.tls.server.san.uris == ['https://example.com/example']"
]
}
conn.tls.server.serial_number
Unique identifier for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
// snippet
{
"expressions": [
"conn.tls.server.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
]
}
conn.tls.server.signature_algorithm
Algorithm used to sign the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.signature_algorithm == 'SHA256-RSA'"
// snippet
{
"expressions": [
"conn.tls.server.signature_algorithm == 'SHA256-RSA'"
]
}
conn.tls.server.subject
The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject == 'CN=www.example.com'"
// snippet
{
"expressions": [
"conn.tls.server.subject == 'CN=www.example.com'"
]
}
conn.tls.server.subject.common_name
Common name of the subject, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.common_name == 'ngrok-server.example.com'"
// snippet
{
"expressions": [
"conn.tls.server.subject.common_name == 'ngrok-server.example.com'"
]
}
conn.tls.server.subject.country
Country name(s) where the subject of the certificate is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.server.subject.country == ['US']"
]
}
conn.tls.server.subject.locality
Locality or city where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.server.subject.locality == ['Mountain View']"
]
}
conn.tls.server.subject.organization
Name(s) of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.organization == ['Example Corp']"
// snippet
{
"expressions": [
"conn.tls.server.subject.organization == ['Example Corp']"
]
}
conn.tls.server.subject.organizational_unit
Division of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.organizational_unit == ['Web Services']"
// snippet
{
"expressions": [
"conn.tls.server.subject.organizational_unit == ['Web Services']"
]
}
conn.tls.server.subject.postal_code
Postal code where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.server.subject.postal_code == ['94043']"
]
}
conn.tls.server.subject.province
Province or state where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.server.subject.province == ['California']"
]
}
conn.tls.server.subject.street_address
Street address where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.street_address == ['1234 Secure Blvd']"
// snippet
{
"expressions": [
"conn.tls.server.subject.street_address == ['1234 Secure Blvd']"
]
}
conn.tls.server.validity.not_after
Expiration date and time when the certificate is no longer valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.validity.not_after > timestamp('2023-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.server.validity.not_after > timestamp('2023-01-01T00:00:00Z')"
]
}
conn.tls.server.validity.not_before
Start date and time when the certificate becomes valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.validity.not_before < timestamp('2020-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.server.validity.not_before < timestamp('2020-01-01T00:00:00Z')"
]
}
Endpoint Variables
The following variables are available under the endpoint
namespace:
Name | Type | Description |
---|---|---|
endpoint.addr | string | The address for this endpoint. |
endpoint.host | string | The hostname for this endpoint. |
endpoint.id | string | The endpoint that serviced this connection. |
endpoint.port | int32 | The port for this endpoint. |
endpoint.protocol | string | The protocol for this endpoint. Current supported values are http , https , tcp , and tls . |
endpoint.url | string | The url for this endpoint. |
endpoint.addr
The address for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.addr == 'my-subdomain.ngrok.app:443'"
// snippet
{
"expressions": [
"endpoint.addr == 'my-subdomain.ngrok.app:443'"
]
}
endpoint.host
The hostname for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.host == 'my-subdomain.ngrok.app'"
// snippet
{
"expressions": [
"endpoint.host == 'my-subdomain.ngrok.app'"
]
}
endpoint.id
The id for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.id == 'ep_2iL8LRbQilSCKYjaslRoqBwJcfT'"
// snippet
{
"expressions": [
"endpoint.id == 'ep_2iL8LRbQilSCKYjaslRoqBwJcfT'"
]
}
endpoint.port
The port for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.port == 443"
// snippet
{
"expressions": [
"endpoint.port == 443"
]
}
endpoint.protocol
The protocol for this endpoint. Current supported values are http
, https
, tcp
, and tls
.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.protocol == 'https'"
// snippet
{
"expressions": [
"endpoint.protocol == 'https'"
]
}
endpoint.url
The url for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.url == 'https://my-subdomain.ngrok.app'"
// snippet
{
"expressions": [
"endpoint.url == 'https://my-subdomain.ngrok.app'"
]
}
Time variables
The following variables are available under the time
namespace:
Name | Type | Description |
---|---|---|
time.now | string | The current UTC time in RFC3339 format. |
time.now
The current UTC time in RFC3339 format.
- YAML
- JSON
# snippet
---
expressions:
- "conn.ts.end < timestamp(time.now)"
// snippet
{
"expressions": [
"conn.ts.end < timestamp(time.now)"
]
}