Skip to main content

TLS Variables

Action Result Variables

The following variables are available under the actions.ngrok namespace:

Log

NameTypeDescription
actions.ngrok.log.metadatamap[string]stringThe key value map of the metadata values.

Restrict IPs

NameTypeDescription
actions.ngrok.restrict_ips.actionstringThe resulting action for this action execution. Supported values are either allow or deny.
actions.ngrok.restrict_ips.matched_cidrstringThe CIDR that matched for the incoming client ip. This may be empty.
actions.ngrok.restrict_ips.error.codestringCode for an error that occurred during the invocation of an action.
actions.ngrok.restrict_ips.error.messagestringMessage for an error that occurred during the invocation of an action.

Connection Variables

The following variables are available under the conn namespace:

NameTypeDescription
conn.client_ipstringSource IP of the connection to the ngrok endpoint.
conn.client_portint32Source port of the connection to the ngrok endpoint.
conn.server_ipstringThe IP that this connection was established on.
conn.server_portint32The port that this connection was established on.
conn.ts.starttimestampTimestamp when the connection to ngrok was started.

conn.client_ip

Source IP of the connection to the ngrok endpoint.

# snippet
---
expressions:
- "conn.client_ip in ['::1', '127.0.0.1']"

conn.client_port

Source port of the connection to the ngrok endpoint.

# snippet
---
expressions:
- "conn.client_port == 80"

conn.server_ip

The IP that this connection was established on.

# snippet
---
expressions:
- "conn.server_ip == '192.168.1.1'"

conn.server_port

The port that this connection was established on.

# snippet
---
expressions:
- "conn.server_port == 80"

conn.ts.start

Timestamp when the connection to ngrok was started.

# snippet
---
expressions:
- "conn.ts.start > timestamp('2023-12-31T00:00:00Z')"

Connection Geo Variables

The following variables are available under the conn.geo namespace:

NameTypeDescription
conn.geo.citystringThe name of the city, in EN, where the conn.client_ip is likely to originate.
conn.geo.countrystringThe name of the country, in EN, where the conn.client_ip is likely to originate.
conn.geo.country_codestringThe two-letter ISO country code where the conn.client_ip is likely to originate.
conn.geo.latitudestringThe approximate latitude where the conn.client_ip is likely to originate.
conn.geo.longitudestringThe approximate longitude where the conn.client_ip is likely to originate.
conn.geo.radiusstringThe radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate.
conn.geo.subdivisionstringThe name of the subdivision, in EN, where the conn.client_ip is likely to originate.

conn.geo.city

The name of the city, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.city == 'Strongsville'"

conn.geo.country

The name of the country, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.country == 'United States'"

conn.geo.country_code

The two-letter ISO country code where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.country_code != 'US'"

conn.geo.latitude

The approximate latitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "double(conn.geo.latitude) >= 45.0"

conn.geo.longitude

The approximate longitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "double(conn.geo.longitude) <= -93.0"

conn.geo.radius

The radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.radius <= '5'"

conn.geo.subdivision

The name of the subdivision, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.subdivision == 'California'"

Connection TLS Variables

The following variables are available under the conn.tls namespace:

NameTypeDescription
conn.tls.cipher_suitestringThe cipher suite selected during the TLS handshake.
conn.tls.snistringThe hostname included in the ClientHello message via the SNI extension.
conn.tls.versionstringThe version of the TLS protocol used between the client and the ngrok edge.

conn.tls.cipher_suite

The cipher suite selected during the TLS handshake.

# snippet
---
expressions:
- "conn.tls.cipher_suite == 'TLS_AES_128_GCM_SHA256'"

conn.tls.sni

The hostname included in the ClientHello message via the SNI extension.

# snippet
---
expressions:
- "conn.tls.sni == 'client.example.com'"

conn.tls.version

The version of the TLS protocol used between the client and the ngrok edge.

# snippet
---
expressions:
- "conn.tls.version == '1.3'"

Connection TLS Client Variables

The following variables are available under the conn.tls.client namespace:

NameTypeDescription
conn.tls.client.extensions[]ExtensionAdditional information added to the certificate.
conn.tls.client.extensions[i].idstringThe identifier (OID) that specifies the type of extension.
conn.tls.client.extensions[i].criticalboolTrue if the extension is critical.
conn.tls.client.extensions[i].value[]byteThe data for the extension.
conn.tls.client.issuerstringThe issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.client.issuer.common_namestringCommon name of the issuing authority, usually the domain name.
conn.tls.client.issuer.country[]stringCountry name(s) where the issuing authority is located.
conn.tls.client.issuer.locality[]stringLocality or city of the issuing authority.
conn.tls.client.issuer.organization[]stringName(s) of the organization that issued the certificate.
conn.tls.client.issuer.organizational_unit[]stringDivision of the organization responsible for the certificate.
conn.tls.client.issuer.postal_code[]stringPostal code of the issuing authority.
conn.tls.client.issuer.province[]stringProvince or state of the issuing authority.
conn.tls.client.issuer.street_address[]stringStreet address of the issuing authority.
conn.tls.client.sanstringSubject alternative names of the client certificate.
conn.tls.client.san.dns_names[]stringDNS names in the subject alternative names.
conn.tls.client.san.email_addresses[]stringEmail addresses in the subject alternative names.
conn.tls.client.san.ip_addresses[]stringIP addresses in the subject alternative names.
conn.tls.client.san.uris[]stringURIs in the subject alternative names.
conn.tls.client.serial_numberstringUnique identifier for the certificate.
conn.tls.client.signature_algorithmstringAlgorithm used to sign the certificate.
conn.tls.client.subjectstringThe entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.client.subject.common_namestringCommon name of the subject, usually the domain name.
conn.tls.client.subject.country[]stringCountry name(s) where the subject of the certificate is located.
conn.tls.client.subject.locality[]stringLocality or city where the subject is located.
conn.tls.client.subject.organization[]stringName(s) of the organization to which the subject belongs.
conn.tls.client.subject.organizational_unit[]stringDivision of the organization to which the subject belongs.
conn.tls.client.subject.postal_code[]stringPostal code where the subject is located.
conn.tls.client.subject.province[]stringProvince or state where the subject is located.
conn.tls.client.subject.street_address[]stringStreet address where the subject is located.
conn.tls.client.validity.not_aftertimestampExpiration date and time when the certificate is no longer valid.
conn.tls.client.validity.not_beforetimestampStart date and time when the certificate becomes valid.

conn.tls.client.extensions

Additional information added to the certificate.

# snippet
---
expressions:
- "size(conn.tls.client.extensions) > 0"

conn.tls.client.extensions[i].id

The identifier (OID) that specifies the type of extension.

# snippet
---
expressions:
- "conn.tls.client.extensions[0].id == '2.5.29.15'"

conn.tls.client.extensions[i].critical

True if the extension is critical.

# snippet
---
expressions:
- "conn.tls.client.extensions[0].critical"

conn.tls.client.extensions[i].value

The data for the extension.

# snippet
---
expressions:
- "conn.tls.client.extensions[0].value == b'\x03\x02\x05 '"

conn.tls.client.issuer

The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.client.issuer == 'CN=E1,O=Let's Encrypt,C=US'"

conn.tls.client.issuer.common_name

Common name of the issuing authority, usually the domain name.

# snippet
---
expressions:
- "conn.tls.client.issuer.common_name == 'exampleca.com'"

conn.tls.client.issuer.country

Country name(s) where the issuing authority is located.

# snippet
---
expressions:
- "conn.tls.client.issuer.country == ['US']"

conn.tls.client.issuer.locality

Locality or city of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.locality == ['Mountain View']"

conn.tls.client.issuer.organization

Name(s) of the organization that issued the certificate.

# snippet
---
expressions:
- "conn.tls.client.issuer.organization == ['Example CA']"

conn.tls.client.issuer.organizational_unit

Division of the organization responsible for the certificate.

# snippet
---
expressions:
- "conn.tls.client.issuer.organizational_unit == ['Certification Authority
Division']"

conn.tls.client.issuer.postal_code

Postal code of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.postal_code == ['94043']"

conn.tls.client.issuer.province

Province or state of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.province == ['California']"

conn.tls.client.issuer.street_address

Street address of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.street_address == ['1234 Encryption Way']"

conn.tls.client.san

Subject alternative names of the client certificate.

# snippet
---
expressions:
- "conn.tls.client.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"

conn.tls.client.san.dns_names

DNS names in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.dns_names == ['www.example.com', 'example.com']"

conn.tls.client.san.email_addresses

Email addresses in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"

conn.tls.client.san.ip_addresses

IP addresses in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.ip_addresses == ['192.168.1.1']"

conn.tls.client.san.uris

URIs in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.uris == ['https://example.com/example']"

conn.tls.client.serial_number

Unique identifier for the certificate.

# snippet
---
expressions:
- "conn.tls.client.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"

conn.tls.client.signature_algorithm

Algorithm used to sign the certificate.

# snippet
---
expressions:
- "conn.tls.client.signature_algorithm == 'SHA256-RSA'"

conn.tls.client.subject

The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.client.subject == 'CN=www.example.com'"

conn.tls.client.subject.common_name

Common name of the subject, usually the domain name.

# snippet
---
expressions:
- "conn.tls.client.subject.common_name == 'www.example.com'"

conn.tls.client.subject.country

Country name(s) where the subject of the certificate is located.

# snippet
---
expressions:
- "conn.tls.client.subject.country == ['US']"

conn.tls.client.subject.locality

Locality or city where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.locality == ['Mountain View']"

conn.tls.client.subject.organization

Name(s) of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.client.subject.organization == ['Example Corp']"

conn.tls.client.subject.organizational_unit

Division of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.client.subject.organizational_unit == ['Web Services']"

conn.tls.client.subject.postal_code

Postal code where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.postal_code == ['94043']"

conn.tls.client.subject.province

Province or state where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.province == ['California']"

conn.tls.client.subject.street_address

Street address where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.street_address == ['1234 Secure Blvd']"

conn.tls.client.validity.not_after

Expiration date and time when the certificate is no longer valid.

# snippet
---
expressions:
- "conn.tls.client.validity.not_after == timestamp('2023-01-01T00:00:00Z')"

conn.tls.client.validity.not_before

Start date and time when the certificate becomes valid.

# snippet
---
expressions:
- "conn.tls.client.validity.not_before == timestamp('2020-01-01T00:00:00Z')"

Connection TLS Server Variables

The following variables are available under the conn.tls.server namespace:

NameTypeDescription
conn.tls.server.extensions[]ExtensionAdditional information added to the certificate.
conn.tls.server.extensions[i].idstringThe identifier that specifies the type of extension.
conn.tls.server.extensions[i].criticalboolTrue if the extension is critical.
conn.tls.server.extensions[i].value[]byteThe data for the extension.
conn.tls.server.issuerstringThe issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.server.issuer.common_namestringCommon name of the issuing authority, usually the domain name.
conn.tls.server.issuer.country[]stringCountry name(s) where the issuing authority is located.
conn.tls.server.issuer.locality[]stringLocality or city of the issuing authority.
conn.tls.server.issuer.organization[]stringName(s) of the organization that issued the certificate.
conn.tls.server.issuer.organizational_unit[]stringDivision of the organization responsible for the certificate.
conn.tls.server.issuer.postal_code[]stringPostal code of the issuing authority.
conn.tls.server.issuer.province[]stringProvince or state of the issuing authority.
conn.tls.server.issuer.street_address[]stringStreet address of the issuing authority.
conn.tls.server.sanstringSubject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.dns_names[]stringDNS names in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.email_addresses[]stringEmail addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.ip_addresses[]stringIP addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.uris[]stringURIs in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.serial_numberstringUnique identifier for the certificate.
conn.tls.server.signature_algorithmstringAlgorithm used to sign the certificate.
conn.tls.server.subjectstringThe entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.server.subject.common_namestringCommon name of the subject, usually the domain name.
conn.tls.server.subject.country[]stringCountry name(s) where the subject of the certificate is located.
conn.tls.server.subject.locality[]stringLocality or city where the subject is located.
conn.tls.server.subject.organization[]stringName(s) of the organization to which the subject belongs.
conn.tls.server.subject.organizational_unit[]stringDivision of the organization to which the subject belongs.
conn.tls.server.subject.postal_code[]stringPostal code where the subject is located.
conn.tls.server.subject.province[]stringProvince or state where the subject is located.
conn.tls.server.subject.street_address[]stringStreet address where the subject is located.
conn.tls.server.validity.not_aftertimestampExpiration date and time when the certificate is no longer valid.
conn.tls.server.validity.not_beforetimestampStart date and time when the certificate becomes valid.

conn.tls.server.extensions

Additional information added to the certificate.

# snippet
---
expressions:
- "size(conn.tls.server.extensions) > 0"

conn.tls.server.extensions[i].id

The identifier that specifies the type of extension.

# snippet
---
expressions:
- "conn.tls.server.extensions[0].id == '2.5.29.15'"

conn.tls.server.extensions[i].critical

True if the extension is critical.

# snippet
---
expressions:
- "conn.tls.server.extensions[0].critical"

conn.tls.server.extensions[i].value

The data for the extension.

# snippet
---
expressions:
- "conn.tls.server.extensions[0].value == b'\x03\x02\x05 '"

conn.tls.server.issuer

The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.server.issuer == 'CN=E1,O=Let's Encrypt,C=US'"

conn.tls.server.issuer.common_name

Common name of the issuing authority, usually the domain name.

# snippet
---
expressions:
- "conn.tls.server.issuer.common_name == 'exampleca.com'"

conn.tls.server.issuer.country

Country name(s) where the issuing authority is located.

# snippet
---
expressions:
- "conn.tls.server.issuer.country == ['US']"

conn.tls.server.issuer.locality

Locality or city of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.locality == ['Mountain View']"

conn.tls.server.issuer.organization

Name(s) of the organization that issued the certificate.

# snippet
---
expressions:
- "conn.tls.server.issuer.organization == ['Example CA']"

conn.tls.server.issuer.organizational_unit

Division of the organization responsible for the certificate.

# snippet
---
expressions:
- "conn.tls.server.issuer.organizational_unit == ['Certification Authority
Division']"

conn.tls.server.issuer.postal_code

Postal code of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.postal_code == ['94043']"

conn.tls.server.issuer.province

Province or state of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.province == ['California']"

conn.tls.server.issuer.street_address

Street address of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.street_address == ['1234 Encryption Way']"

conn.tls.server.san

Subject alternative names of the server certificate of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"

conn.tls.server.san.dns_names

DNS names in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.dns_names == ['ngrok-dns.com', 'ngrok-dns2.com']"

conn.tls.server.san.email_addresses

Email addresses in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"

conn.tls.server.san.ip_addresses

IP addresses in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.ip_addresses == ['192.168.1.1']"

conn.tls.server.san.uris

URIs in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.uris == ['https://example.com/example']"

conn.tls.server.serial_number

Unique identifier for the certificate.

# snippet
---
expressions:
- "conn.tls.server.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"

conn.tls.server.signature_algorithm

Algorithm used to sign the certificate.

# snippet
---
expressions:
- "conn.tls.server.signature_algorithm == 'SHA256-RSA'"

conn.tls.server.subject

The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.server.subject == 'CN=www.example.com'"

conn.tls.server.subject.common_name

Common name of the subject, usually the domain name.

# snippet
---
expressions:
- "conn.tls.server.subject.common_name == 'ngrok-server.example.com'"

conn.tls.server.subject.country

Country name(s) where the subject of the certificate is located.

# snippet
---
expressions:
- "conn.tls.server.subject.country == ['US']"

conn.tls.server.subject.locality

Locality or city where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.locality == ['Mountain View']"

conn.tls.server.subject.organization

Name(s) of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.server.subject.organization == ['Example Corp']"

conn.tls.server.subject.organizational_unit

Division of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.server.subject.organizational_unit == ['Web Services']"

conn.tls.server.subject.postal_code

Postal code where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.postal_code == ['94043']"

conn.tls.server.subject.province

Province or state where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.province == ['California']"

conn.tls.server.subject.street_address

Street address where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.street_address == ['1234 Secure Blvd']"

conn.tls.server.validity.not_after

Expiration date and time when the certificate is no longer valid.

# snippet
---
expressions:
- "conn.tls.server.validity.not_after > timestamp('2023-01-01T00:00:00Z')"

conn.tls.server.validity.not_before

Start date and time when the certificate becomes valid.

# snippet
---
expressions:
- "conn.tls.server.validity.not_before < timestamp('2020-01-01T00:00:00Z')"

Endpoint Variables

The following variables are available under the endpoint namespace:

NameTypeDescription
endpoint.addrstringThe address for this endpoint.
endpoint.hoststringThe hostname for this endpoint.
endpoint.idstringThe endpoint that serviced this connection.
endpoint.portint32The port for this endpoint.
endpoint.protocolstringThe protocol for this endpoint. Current supported values are http, https, tcp, and tls.
endpoint.urlstringThe url for this endpoint.

endpoint.addr

The address for this endpoint.

# snippet
---
expressions:
- "endpoint.addr == 'my-subdomain.ngrok.app:443'"

endpoint.host

The hostname for this endpoint.

# snippet
---
expressions:
- "endpoint.host == 'my-subdomain.ngrok.app'"

endpoint.id

The id for this endpoint.

# snippet
---
expressions:
- "endpoint.id == 'ep_2iL8LRbQilSCKYjaslRoqBwJcfT'"

endpoint.port

The port for this endpoint.

# snippet
---
expressions:
- "endpoint.port == 443"

endpoint.protocol

The protocol for this endpoint. Current supported values are http, https, tcp, and tls.

# snippet
---
expressions:
- "endpoint.protocol == 'https'"

endpoint.url

The url for this endpoint.

# snippet
---
expressions:
- "endpoint.url == 'https://my-subdomain.ngrok.app'"

Time variables

The following variables are available under the time namespace:

NameTypeDescription
time.nowstringThe current UTC time in RFC3339 format.

time.now

The current UTC time in RFC3339 format.

# snippet
---
expressions:
- "conn.ts.end < timestamp(time.now)"