HTTP Variables
Connection Variables
The following variables are available under the conn
namespace:
Name | Type | Description |
---|---|---|
conn.bytes_in | int64 | The number of bytes entering the endpoint from the client. |
conn.bytes_out | int64 | The number of bytes leaving an endpoint to the client. |
conn.client_ip | string | Source IP of the connection to the ngrok endpoint. |
conn.client_port | int32 | Source port of the connection to the ngrok endpoint. |
conn.server_ip | string | The IP that this connection was established on. |
conn.server_port | int32 | The port that this connection was established on. |
conn.ts.end | timestamp | Timestamp when the connection to ngrok was closed. |
conn.ts.start | timestamp | Timestamp when the connection to ngrok was started. |
conn.bytes_in
The number of bytes entering the endpoint from the client.
- YAML
- JSON
# snippet
---
expressions:
- "conn.bytes_in > 1000"
// snippet
{
"expressions": [
"conn.bytes_in > 1000"
]
}
conn.bytes_out
The number of bytes leaving an endpoint to the client.
- YAML
- JSON
# snippet
---
expressions:
- "conn.bytes_out > 1000"
// snippet
{
"expressions": [
"conn.bytes_out > 1000"
]
}
conn.client_ip
Source IP of the connection to the ngrok endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "conn.client_ip in ['::1', '127.0.0.1']"
// snippet
{
"expressions": [
"conn.client_ip in ['::1', '127.0.0.1']"
]
}
conn.client_port
Source port of the connection to the ngrok endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "conn.client_port == 80"
// snippet
{
"expressions": [
"conn.client_port == 80"
]
}
conn.ts.end
Timestamp when the connection to ngrok was closed.
- YAML
- JSON
# snippet
---
expressions:
- "conn.ts.end > timestamp('2024-01-01')"
// snippet
{
"expressions": [
"conn.ts.end > timestamp('2024-01-01')"
]
}
conn.server_ip
The IP that this connection was established on.
- YAML
- JSON
# snippet
---
expressions:
- "conn.server_ip == '192.168.1.1'"
// snippet
{
"expressions": [
"conn.server_ip == '192.168.1.1'"
]
}
conn.server_port
The port that this connection was established on.
- YAML
- JSON
# snippet
---
expressions:
- "conn.server_port == 80"
// snippet
{
"expressions": [
"conn.server_port == 80"
]
}
conn.ts.start
Timestamp when the connection to ngrok was started.
- YAML
- JSON
# snippet
---
expressions:
- "conn.ts.start > timestamp('2023-12-31')"
// snippet
{
"expressions": [
"conn.ts.start > timestamp('2023-12-31')"
]
}
Connection Geo Variables
The following variables are available under the conn.geo
namespace:
Name | Type | Description |
---|---|---|
conn.geo.city | string | The name of the city, in EN, where the conn.client_ip is likely to originate. |
conn.geo.country | string | The name of the country, in EN, where the conn.client_ip is likely to originate. |
conn.geo.country_code | string | The two-letter ISO country code where the conn.client_ip is likely to originate. |
conn.geo.latitude | string | The approximate latitude where the conn.client_ip is likely to originate. |
conn.geo.longitude | string | The approximate longitude where the conn.client_ip is likely to originate. |
conn.geo.radius | string | The radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate. |
conn.geo.subdivision | string | The name of the subdivision, in EN, where the conn.client_ip is likely to originate. |
conn.geo.city
The name of the city, in EN, where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.city == 'Strongsville'"
// snippet
{
"expressions": [
"conn.geo.city == 'Strongsville'"
]
}
conn.geo.country
The name of the country, in EN, where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.country == 'United States'"
// snippet
{
"expressions": [
"conn.geo.country == 'United States'"
]
}
conn.geo.country_code
The two-letter ISO country code where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.country_code != 'US'"
// snippet
{
"expressions": [
"conn.geo.country_code != 'US'"
]
}
conn.geo.latitude
The approximate latitude where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "double(conn.geo.latitude) >= 45.0"
// snippet
{
"expressions": [
"double(conn.geo.latitude) >= 45.0"
]
}
conn.geo.longitude
The approximate longitude where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "double(conn.geo.longitude) <= -93.0"
// snippet
{
"expressions": [
"double(conn.geo.longitude) <= -93.0"
]
}
conn.geo.radius
The radius in kilometers around the latitude and longitude where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.radius <= '5'"
// snippet
{
"expressions": [
"conn.geo.radius <= '5'"
]
}
conn.geo.subdivision
The name of the subdivision, in EN, where the conn.client_ip
is likely to originate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.geo.subdivision == 'California'"
// snippet
{
"expressions": [
"conn.geo.subdivision == 'California'"
]
}
Connection TLS Variables
The following variables are available under the conn.tls
namespace:
Name | Type | Description |
---|---|---|
conn.tls.cipher_suite | string | The cipher suite selected during the TLS handshake. |
conn.tls.sni | string | The hostname included in the ClientHello message via the SNI extension. |
conn.tls.version | string | The version of the TLS protocol used between the client and the ngrok edge. |
conn.tls.cipher_suite
The cipher suite selected during the TLS handshake.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.cipher_suite == 'TLS_AES_128_GCM_SHA256'"
// snippet
{
"expressions": [
"conn.tls.cipher_suite == 'TLS_AES_128_GCM_SHA256'"
]
}
conn.tls.sni
The hostname included in the ClientHello message via the SNI extension.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.sni == 'client.example.com'"
// snippet
{
"expressions": [
"conn.tls.sni == 'client.example.com'"
]
}
conn.tls.version
The version of the TLS protocol used between the client and the ngrok edge.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.version == '1.3'"
// snippet
{
"expressions": [
"conn.tls.version == '1.3'"
]
}
Connection TLS Client Variables
The following variables are available under the conn.tls.client
namespace:
Name | Type | Description |
---|---|---|
conn.tls.client.extensions | []Extension | Additional information added to the certificate. |
conn.tls.client.issuer | string | The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.client.issuer.common_name | string | Common name of the issuing authority, usually the domain name. |
conn.tls.client.issuer.country | []string | Country name(s) where the issuing authority is located. |
conn.tls.client.issuer.locality | []string | Locality or city of the issuing authority. |
conn.tls.client.issuer.organization | []string | Name(s) of the organization that issued the certificate. |
conn.tls.client.issuer.organizational_unit | []string | Division of the organization responsible for the certificate. |
conn.tls.client.issuer.postal_code | []string | Postal code of the issuing authority. |
conn.tls.client.issuer.province | []string | Province or state of the issuing authority. |
conn.tls.client.issuer.street_address | []string | Street address of the issuing authority. |
conn.tls.client.san | string | Subject alternative names of the client certificate. |
conn.tls.client.san.dns_names | []string | DNS names in the subject alternative names. |
conn.tls.client.san.email_addresses | []string | Email addresses in the subject alternative names. |
conn.tls.client.san.ip_addresses | []string | IP addresses in the subject alternative names. |
conn.tls.client.san.uris | []string | URIs in the subject alternative names. |
conn.tls.client.serial_number | string | Unique identifier for the certificate. |
conn.tls.client.signature_algorithm | string | Algorithm used to sign the certificate. |
conn.tls.client.subject | string | The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.client.subject.common_name | string | Common name of the subject, usually the domain name. |
conn.tls.client.subject.country | []string | Country name(s) where the subject of the certificate is located. |
conn.tls.client.subject.locality | []string | Locality or city where the subject is located. |
conn.tls.client.subject.organization | []string | Name(s) of the organization to which the subject belongs. |
conn.tls.client.subject.organizational_unit | []string | Division of the organization to which the subject belongs. |
conn.tls.client.subject.postal_code | []string | Postal code where the subject is located. |
conn.tls.client.subject.province | []string | Province or state where the subject is located. |
conn.tls.client.subject.street_address | []string | Street address where the subject is located. |
conn.tls.client.validity.not_after | timestamp | Expiration date and time when the certificate is no longer valid. |
conn.tls.client.validity.not_before | timestamp | Start date and time when the certificate becomes valid. |
conn.tls.client.extensions
Additional information added to the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "size(conn.tls.client.extensions) > 0"
// snippet
{
"expressions": [
"size(conn.tls.client.extensions) > 0"
]
}
conn.tls.client.issuer
The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
// snippet
{
"expressions": [
"conn.tls.client.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
]
}
conn.tls.client.issuer.common_name
Common name of the issuing authority, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.common_name == 'exampleca.com'"
// snippet
{
"expressions": [
"conn.tls.client.issuer.common_name == 'exampleca.com'"
]
}
conn.tls.client.issuer.country
Country name(s) where the issuing authority is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.country == ['US']"
]
}
conn.tls.client.issuer.locality
Locality or city of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.locality == ['Mountain View']"
]
}
conn.tls.client.issuer.organization
Name(s) of the organization that issued the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.organization == ['Example CA']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.organization == ['Example CA']"
]
}
conn.tls.client.issuer.organizational_unit
Division of the organization responsible for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.organizational_unit == ['Certification Authority
Division']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.organizational_unit == ['Certification Authority Division']"
]
}
conn.tls.client.issuer.postal_code
Postal code of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.postal_code == ['94043']"
]
}
conn.tls.client.issuer.province
Province or state of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.province == ['California']"
]
}
conn.tls.client.issuer.street_address
Street address of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.issuer.street_address == ['1234 Encryption Way']"
// snippet
{
"expressions": [
"conn.tls.client.issuer.street_address == ['1234 Encryption Way']"
]
}
conn.tls.client.san
Subject alternative names of the client certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"
// snippet
{
"expressions": [
"conn.tls.client.san == 'DNS:www.example.com, DNS:example.com, IP Address:192.168.1.1'"
]
}
conn.tls.client.san.dns_names
DNS names in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.dns_names == ['www.example.com', 'example.com']"
// snippet
{
"expressions": [
"conn.tls.client.san.dns_names == ['www.example.com', 'example.com']"
]
}
conn.tls.client.san.email_addresses
Email addresses in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"
// snippet
{
"expressions": [
"conn.tls.client.san.email_addresses == ['ngrok-email1@example.com', 'ngrok-email2@example.com']"
]
}
conn.tls.client.san.ip_addresses
IP addresses in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.ip_addresses == ['192.168.1.1']"
// snippet
{
"expressions": [
"conn.tls.client.san.ip_addresses == ['192.168.1.1']"
]
}
conn.tls.client.san.uris
URIs in the subject alternative names.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.san.uris == ['https://example.com/example']"
// snippet
{
"expressions": [
"conn.tls.client.san.uris == ['https://example.com/example']"
]
}
conn.tls.client.serial_number
Unique identifier for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
// snippet
{
"expressions": [
"conn.tls.client.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
]
}
conn.tls.client.signature_algorithm
Algorithm used to sign the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.signature_algorithm == 'SHA256-RSA'"
// snippet
{
"expressions": [
"conn.tls.client.signature_algorithm == 'SHA256-RSA'"
]
}
conn.tls.client.subject
The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject == 'CN=www.example.com'"
// snippet
{
"expressions": [
"conn.tls.client.subject == 'CN=www.example.com'"
]
}
conn.tls.client.subject.common_name
Common name of the subject, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.common_name == 'www.example.com'"
// snippet
{
"expressions": [
"conn.tls.client.subject.common_name == 'www.example.com'"
]
}
conn.tls.client.subject.country
Country name(s) where the subject of the certificate is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.client.subject.country == ['US']"
]
}
conn.tls.client.subject.locality
Locality or city where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.client.subject.locality == ['Mountain View']"
]
}
conn.tls.client.subject.organization
Name(s) of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.organization == ['Example Corp']"
// snippet
{
"expressions": [
"conn.tls.client.subject.organization == ['Example Corp']"
]
}
conn.tls.client.subject.organizational_unit
Division of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.organizational_unit == ['Web Services']"
// snippet
{
"expressions": [
"conn.tls.client.subject.organizational_unit == ['Web Services']"
]
}
conn.tls.client.subject.postal_code
Postal code where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.client.subject.postal_code == ['94043']"
]
}
conn.tls.client.subject.province
Province or state where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.client.subject.province == ['California']"
]
}
conn.tls.client.subject.street_address
Street address where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.subject.street_address == ['1234 Secure Blvd']"
// snippet
{
"expressions": [
"conn.tls.client.subject.street_address == ['1234 Secure Blvd']"
]
}
conn.tls.client.validity.not_after
Expiration date and time when the certificate is no longer valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.validity.not_after == timestamp('2023-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.client.validity.not_after == timestamp('2023-01-01T00:00:00Z')"
]
}
conn.tls.client.validity.not_before
Start date and time when the certificate becomes valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.client.validity.not_before == timestamp('2020-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.client.validity.not_before == timestamp('2020-01-01T00:00:00Z')"
]
}
Connection TLS Server Variables
The following variables are available under the conn.tls.server
namespace:
Name | Type | Description |
---|---|---|
conn.tls.server.extensions | []Extension | Additional information added to the certificate. |
conn.tls.server.issuer | string | The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.server.issuer.common_name | string | Common name of the issuing authority, usually the domain name. |
conn.tls.server.issuer.country | []string | Country name(s) where the issuing authority is located. |
conn.tls.server.issuer.locality | []string | Locality or city of the issuing authority. |
conn.tls.server.issuer.organization | []string | Name(s) of the organization that issued the certificate. |
conn.tls.server.issuer.organizational_unit | []string | Division of the organization responsible for the certificate. |
conn.tls.server.issuer.postal_code | []string | Postal code of the issuing authority. |
conn.tls.server.issuer.province | []string | Province or state of the issuing authority. |
conn.tls.server.issuer.street_address | []string | Street address of the issuing authority. |
conn.tls.server.san | string | Subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.dns_names | []string | DNS names in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.email_addresses | []string | Email addresses in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.ip_addresses | []string | IP addresses in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.san.uris | []string | URIs in the subject alternative names of the ngrok server's leaf TLS certificate. |
conn.tls.server.serial_number | string | Unique identifier for the certificate. |
conn.tls.server.signature_algorithm | string | Algorithm used to sign the certificate. |
conn.tls.server.subject | string | The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax. |
conn.tls.server.subject.common_name | string | Common name of the subject, usually the domain name. |
conn.tls.server.subject.country | []string | Country name(s) where the subject of the certificate is located. |
conn.tls.server.subject.locality | []string | Locality or city where the subject is located. |
conn.tls.server.subject.organization | []string | Name(s) of the organization to which the subject belongs. |
conn.tls.server.subject.organizational_unit | []string | Division of the organization to which the subject belongs. |
conn.tls.server.subject.postal_code | []string | Postal code where the subject is located. |
conn.tls.server.subject.province | []string | Province or state where the subject is located. |
conn.tls.server.subject.street_address | []string | Street address where the subject is located. |
conn.tls.server.validity.not_after | timestamp | Expiration date and time when the certificate is no longer valid. |
conn.tls.server.validity.not_before | timestamp | Start date and time when the certificate becomes valid. |
conn.tls.server.extensions
Additional information added to the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "size(conn.tls.server.extensions) > 0"
// snippet
{
"expressions": [
"size(conn.tls.server.extensions) > 0"
]
}
conn.tls.server.issuer
The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
// snippet
{
"expressions": [
"conn.tls.server.issuer == 'CN=E1,O=Let's Encrypt,C=US'"
]
}
conn.tls.server.issuer.common_name
Common name of the issuing authority, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.common_name == 'exampleca.com'"
// snippet
{
"expressions": [
"conn.tls.server.issuer.common_name == 'exampleca.com'"
]
}
conn.tls.server.issuer.country
Country name(s) where the issuing authority is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.country == ['US']"
]
}
conn.tls.server.issuer.locality
Locality or city of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.locality == ['Mountain View']"
]
}
conn.tls.server.issuer.organization
Name(s) of the organization that issued the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.organization == ['Example CA']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.organization == ['Example CA']"
]
}
conn.tls.server.issuer.organizational_unit
Division of the organization responsible for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.organizational_unit == ['Certification Authority
Division']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.organizational_unit == ['Certification Authority Division']"
]
}
conn.tls.server.issuer.postal_code
Postal code of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.postal_code == ['94043']"
]
}
conn.tls.server.issuer.province
Province or state of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.province == ['California']"
]
}
conn.tls.server.issuer.street_address
Street address of the issuing authority.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.issuer.street_address == ['1234 Encryption Way']"
// snippet
{
"expressions": [
"conn.tls.server.issuer.street_address == ['1234 Encryption Way']"
]
}
conn.tls.server.san
Subject alternative names of the server certificate of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"
// snippet
{
"expressions": [
"conn.tls.server.san == 'DNS:www.example.com, DNS:example.com, IP Address:192.168.1.1'"
]
}
conn.tls.server.san.dns_names
DNS names in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.dns_names == ['ngrok-dns.com', 'ngrok-dns2.com']"
// snippet
{
"expressions": [
"conn.tls.server.san.dns_names == ['ngrok-dns.com', 'ngrok-dns2.com']"
]
}
conn.tls.server.san.email_addresses
Email addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"
// snippet
{
"expressions": [
"conn.tls.server.san.email_addresses == ['ngrok-email1@example.com', 'ngrok-email2@example.com']"
]
}
conn.tls.server.san.ip_addresses
IP addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.ip_addresses == ['192.168.1.1']"
// snippet
{
"expressions": [
"conn.tls.server.san.ip_addresses == ['192.168.1.1']"
]
}
conn.tls.server.san.uris
URIs in the subject alternative names of the ngrok server's leaf TLS certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.san.uris == ['https://example.com/example']"
// snippet
{
"expressions": [
"conn.tls.server.san.uris == ['https://example.com/example']"
]
}
conn.tls.server.serial_number
Unique identifier for the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
// snippet
{
"expressions": [
"conn.tls.server.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"
]
}
conn.tls.server.signature_algorithm
Algorithm used to sign the certificate.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.signature_algorithm == 'SHA256-RSA'"
// snippet
{
"expressions": [
"conn.tls.server.signature_algorithm == 'SHA256-RSA'"
]
}
conn.tls.server.subject
The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject == 'CN=www.example.com'"
// snippet
{
"expressions": [
"conn.tls.server.subject == 'CN=www.example.com'"
]
}
conn.tls.server.subject.common_name
Common name of the subject, usually the domain name.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.common_name == 'ngrok-server.example.com'"
// snippet
{
"expressions": [
"conn.tls.server.subject.common_name == 'ngrok-server.example.com'"
]
}
conn.tls.server.subject.country
Country name(s) where the subject of the certificate is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.country == ['US']"
// snippet
{
"expressions": [
"conn.tls.server.subject.country == ['US']"
]
}
conn.tls.server.subject.locality
Locality or city where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.locality == ['Mountain View']"
// snippet
{
"expressions": [
"conn.tls.server.subject.locality == ['Mountain View']"
]
}
conn.tls.server.subject.organization
Name(s) of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.organization == ['Example Corp']"
// snippet
{
"expressions": [
"conn.tls.server.subject.organization == ['Example Corp']"
]
}
conn.tls.server.subject.organizational_unit
Division of the organization to which the subject belongs.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.organizational_unit == ['Web Services']"
// snippet
{
"expressions": [
"conn.tls.server.subject.organizational_unit == ['Web Services']"
]
}
conn.tls.server.subject.postal_code
Postal code where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.postal_code == ['94043']"
// snippet
{
"expressions": [
"conn.tls.server.subject.postal_code == ['94043']"
]
}
conn.tls.server.subject.province
Province or state where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.province == ['California']"
// snippet
{
"expressions": [
"conn.tls.server.subject.province == ['California']"
]
}
conn.tls.server.subject.street_address
Street address where the subject is located.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.subject.street_address == ['1234 Secure Blvd']"
// snippet
{
"expressions": [
"conn.tls.server.subject.street_address == ['1234 Secure Blvd']"
]
}
conn.tls.server.validity.not_after
Expiration date and time when the certificate is no longer valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.validity.not_after > timestamp('2023-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.server.validity.not_after > timestamp('2023-01-01T00:00:00Z')"
]
}
conn.tls.server.validity.not_before
Start date and time when the certificate becomes valid.
- YAML
- JSON
# snippet
---
expressions:
- "conn.tls.server.validity.not_before < timestamp('2020-01-01T00:00:00Z')"
// snippet
{
"expressions": [
"conn.tls.server.validity.not_before < timestamp('2020-01-01T00:00:00Z')"
]
}
Endpoint Variables
The following variables are available under the endpoint
namespace:
Name | Type | Description |
---|---|---|
endpoint.addr | string | The address for this endpoint. |
endpoint.host | string | The hostname for this endpoint. |
endpoint.id | string | The endpoint that serviced this connection. |
endpoint.port | int32 | The port for this endpoint. |
endpoint.protocol | string | The protocol for this endpoint. Current supported values are http , https , tcp , and tls . |
endpoint.url | string | The url for this endpoint. |
endpoint.addr
The address for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.addr == 'my-subdomain.ngrok.app:443'"
// snippet
{
"expressions": [
"endpoint.addr == 'my-subdomain.ngrok.app:443'"
]
}
endpoint.host
The hostname for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.host == 'my-subdomain.ngrok.app'"
// snippet
{
"expressions": [
"endpoint.host == 'my-subdomain.ngrok.app'"
]
}
endpoint.id
The id for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.id == 'ep_2iL8LRbQilSCKYjaslRoqBwJcfT'"
// snippet
{
"expressions": [
"endpoint.id == 'ep_2iL8LRbQilSCKYjaslRoqBwJcfT'"
]
}
endpoint.port
The port for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.port == 443"
// snippet
{
"expressions": [
"endpoint.port == 443"
]
}
endpoint.protocol
The protocol for this endpoint. Current supported values are http
, https
, tcp
, and tls
.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.protocol == 'https'"
// snippet
{
"expressions": [
"endpoint.protocol == 'https'"
]
}
endpoint.url
The url for this endpoint.
- YAML
- JSON
# snippet
---
expressions:
- "endpoint.url == 'https://my-subdomain.ngrok.app'"
// snippet
{
"expressions": [
"endpoint.url == 'https://my-subdomain.ngrok.app'"
]
}
Request Variables
The following variables are available under the req
namespace:
Name | Type | Description |
---|---|---|
req.content_encoding | list[string] | The encoding set in the Content-Encoding header for this request as a list. |
req.content_length | int64 | The content length of the body in bytes. This may not be present if the request does not contain a body or if the client does not specify a content length because they are streaming the body. |
req.content_type | string | The media type set in the Content-Type header for this request as a string. |
req.content_type.parameters | map[string]string | The parameters set in the Content-Type header as a key value map. |
req.content_type.raw | string | The Content-Type header for this request as a string. |
req.cookies | map[string]*http.Cookie | The key value map of HTTP cookie objects provided in the request. |
req.headers | map[string][]string | The request headers parsed as a map of lower-case names to values. |
req.host | string | The host header field value for this request. |
req.location | string | The location header value of the request. |
req.method | string | The request method. |
req.trailers | map[string][]string | The request trailers parsed as a map of lower-case names to values. |
req.ts.body_received | timestamp | The timestamp when ngrok received the body of the request. This may not be present if the request does not contain a body. |
req.ts.header_received | timestamp | The timestamp when ngrok received the header of the request. |
req.url | string | The normalized full URL for this request. |
req.url.authority | string | The authority portion of the URL. |
req.url.host | string | The hostname portion of the host for this request. |
req.url.path | string | The path for this request including the leading forward slash. |
req.url.port | int32 | The port portion of the host for this request. |
req.url.query | string | The full query string for this request excluding the leading question mark. |
req.url.query_params | map[string][]string | The request query string parsed as a map of names to values. |
req.url.raw | string | The un-normalized full URL for this request. |
req.url.raw_path | string | The un-normalized path including the leading slash for this request. |
req.url.scheme | string | The scheme for this request. |
req.url.uri | string | The URI (path and query) portion of the URL. |
req.url.user_password | string | The user:password portion of the URL. |
req.user_agent | string | The user-agent header value for this request. |
req.version | string | The HTTP version for this request. |
req.content_encoding
The encoding set in the Content-Encoding header for this request as a list.
- YAML
- JSON
# snippet
---
expressions:
- "req.content_encoding[0] == 'br'"
// snippet
{
"expressions": [
"req.content_encoding[0] == 'br'"
]
}
req.content_length
The content length of the body in bytes. This may not be present if the request does not contain a body or if the client does not specify a content length because they are streaming the body.
- YAML
- JSON
# snippet
---
expressions:
- "req.content_length > 10000000"
// snippet
{
"expressions": [
"req.content_length > 10000000"
]
}
req.content_type
The media type set in the Content-Type header for this request as a string.
- YAML
- JSON
# snippet
---
expressions:
- "req.content_type == 'application/json'"
// snippet
{
"expressions": [
"req.content_type == 'application/json'"
]
}
req.content_type.parameters
The parameters set in the Content-Type header for this request as a key value map.
- YAML
- JSON
# snippet
---
expressions:
- "req.content_type.parameters['charset'] == 'utf-8'"
// snippet
{
"expressions": [
"req.content_type.parameters['charset'] == 'utf-8'"
]
}
req.content_type.raw
The Content-Type header for this request as a string.
- YAML
- JSON
# snippet
---
expressions:
- "req.content_type.raw == 'application/json; charset=utf-8'"
// snippet
{
"expressions": [
"req.content_type.raw == 'application/json; charset=utf-8'"
]
}
req.cookies
The key value map of HTTP cookie objects provided in the request.
- YAML
- JSON
# snippet
---
expressions:
- "size(req.cookies) > 0"
// snippet
{
"expressions": [
"size(req.cookies) > 0"
]
}
req.headers
The request headers parsed as a map of lower-case names to values.
- YAML
- JSON
# snippet
---
expressions:
- "'Fizz' in req.headers['baz']"
// snippet
{
"expressions": [
"'Fizz' in req.headers['baz']"
]
}
req.host
The host header field value for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.host == 'nba.com'"
// snippet
{
"expressions": [
"req.host == 'nba.com'"
]
}
req.location
The location header value of the request.
- YAML
- JSON
# snippet
---
expressions:
- "req.location == '/index.html'"
// snippet
{
"expressions": [
"req.location == '/index.html'"
]
}
req.method
The request method.
- YAML
- JSON
# snippet
---
expressions:
- "req.method == 'POST' || req.method == 'PUT'"
// snippet
{
"expressions": [
"req.method == 'POST' || req.method == 'PUT'"
]
}
req.trailers
The request trailers parsed as a map of lower-case names to values.
- YAML
- JSON
# snippet
---
expressions:
- "'Fizz' in req.trailers['baz']"
// snippet
{
"expressions": [
"'Fizz' in req.trailers['baz']"
]
}
req.ts.body_received
The timestamp when ngrok received the body of the request. This may not be present if the request does not contain a body.
- YAML
- JSON
# snippet
---
expressions:
- "req.ts.body_received > timestamp('2023-12-31')"
// snippet
{
"expressions": [
"req.ts.body_received > timestamp('2023-12-31')"
]
}
req.ts.header_received
The timestamp when ngrok received the header of the request.
- YAML
- JSON
# snippet
---
expressions:
- "req.ts.header_received > timestamp('2023-12-31')"
// snippet
{
"expressions": [
"req.ts.header_received > timestamp('2023-12-31')"
]
}
req.url
The normalized full URL for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.contains('/admin')"
// snippet
{
"expressions": [
"req.url.contains('/admin')"
]
}
req.url.authority
The authority portion of the URL.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.authority == 'user:password@nba.com'"
// snippet
{
"expressions": [
"req.url.authority == 'user:password@nba.com'"
]
}
req.url.host
The hostname portion of the host for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.host == 'nba.com'"
// snippet
{
"expressions": [
"req.url.host == 'nba.com'"
]
}
req.url.path
The path part of this request including the leading forward slash.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.path.startsWith('/foo')"
// snippet
{
"expressions": [
"req.url.path.startsWith('/foo')"
]
}
req.url.port
The port portion of the host for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.port == 443"
// snippet
{
"expressions": [
"req.url.port == 443"
]
}
req.url.query
The full query string for this request excluding the leading question mark.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.query == 'number=23&name=jordan'"
// snippet
{
"expressions": [
"req.url.query == 'number=23&name=jordan'"
]
}
req.url.query_params
The request query string parsed as a map of names to values.
- YAML
- JSON
# snippet
---
expressions:
- "'bar' in req.url.query_params['foo']"
// snippet
{
"expressions": [
"'bar' in req.url.query_params['foo']"
]
}
req.url.raw
The un-normalized full URL for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.raw.includes('/foo')"
// snippet
{
"expressions": [
"req.url.raw.includes('/foo')"
]
}
req.url.raw_path
The un-normalized path including the leading slash for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.raw_path.startsWith('/foo')"
// snippet
{
"expressions": [
"req.url.raw_path.startsWith('/foo')"
]
}
req.url.scheme
The scheme for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.scheme == 'https'"
// snippet
{
"expressions": [
"req.url.scheme == 'https'"
]
}
req.url.uri
The URI (path and query) portion of the URL.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.uri.contains('/api/players?number=23&name=jordan')"
// snippet
{
"expressions": [
"req.url.uri.contains('/api/players?number=23&name=jordan')"
]
}
req.url.user_password
The user:password portion of the URL.
- YAML
- JSON
# snippet
---
expressions:
- "req.url.user_password == 'user:password'"
// snippet
{
"expressions": [
"req.url.user_password == 'user:password'"
]
}
req.user_agent
The user-agent header value for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.user_agent.contains('curl')"
// snippet
{
"expressions": [
"req.user_agent.contains('curl')"
]
}
req.version
The HTTP version for this request.
- YAML
- JSON
# snippet
---
expressions:
- "req.version == 'HTTP/2"
// snippet
{
"expressions": [
"req.version == 'HTTP/2"
]
}
Response Variables
The following variables are available under the res
namespace:
Name | Type | Description |
---|---|---|
res.content_encoding | list[string] | The encoding set in the Content-Encoding header for this response as a list. |
res.content_length | int64 | The length of the content associated with the response. |
res.content_type | string | The media type set in the Content-Type header for this response as a string. |
res.content_type.parameters | map[string]string | The parameters set in the Content-Type header for this response as a key value map. |
res.content_type.raw | string | The Content-Type header for this response as a string. |
res.cookies | map[string]*http.Cookie | The key value map of HTTP cookie objects provided in the response. |
res.headers | map[string][]string | The response headers parsed as a map of lower-case names to values. |
res.location | string | The location header value of this response. |
res.status_code | int32 | The status code of this response. |
res.trailers | map[string][]string | The response trailers parsed as a map of lower-case names to values. |
res.ts.body_sent | timestamp | The timestamp when ngrok sent the body of the response. This may not be present if the response does not contain a body. |
res.ts.header_sent | timestamp | The timestamp when ngrok sent the header of the response. |
res.content_encoding
The encoding set in the Content-Encoding header for this response as a list.
- YAML
- JSON
# snippet
---
expressions:
- "res.content_encoding[0] == 'br'"
// snippet
{
"expressions": [
"res.content_encoding[0] == 'br'"
]
}
res.content_length
The length of the content associated with the response.
- YAML
- JSON
# snippet
---
expressions:
- "res.content_length != 0"
// snippet
{
"expressions": [
"res.content_length != 0"
]
}
res.content_type
The media type set in the Content-Type header for this response as a string.
- YAML
- JSON
# snippet
---
expressions:
- "res.content_type == 'application/json'"
// snippet
{
"expressions": [
"res.content_type == 'application/json'"
]
}
res.content_type.parameters
The parameters set in the Content-Type header for this response as a key value map.
- YAML
- JSON
# snippet
---
expressions:
- "res.content_type.parameters['charset'] == 'utf-8'"
// snippet
{
"expressions": [
"res.content_type.parameters['charset'] == 'utf-8'"
]
}
res.content_type.raw
The Content-Type header for this response as a string.
- YAML
- JSON
# snippet
---
expressions:
- "res.content_type.raw == 'application/json; charset=utf-8'"
// snippet
{
"expressions": [
"res.content_type.raw == 'application/json; charset=utf-8'"
]
}
res.cookies
The key value map of HTTP cookie objects provided in the response.
- YAML
- JSON
# snippet
---
expressions:
- "size(req.cookies) > 0"
// snippet
{
"expressions": [
"size(req.cookies) > 0"
]
}
res.headers
The headers of the response parsed as key maps to a list of values. Header keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "'Fizz' in res.headers['baz']"
// snippet
{
"expressions": [
"'Fizz' in res.headers['baz']"
]
}
res.location
The location header value of the response.
- YAML
- JSON
# snippet
---
expressions:
- "res.location == '/index.html'"
// snippet
{
"expressions": [
"res.location == '/index.html'"
]
}
res.status_code
The status code of this response.
- YAML
- JSON
# snippet
---
expressions:
- "res.status_code >= 300"
// snippet
{
"expressions": [
"res.status_code >= 300"
]
}
res.trailers
The trailers of the response parsed as key maps to a list of values. Trailer keys must be written in canonical format.
- YAML
- JSON
# snippet
---
expressions:
- "'fizz' in res.trailers['baz']"
// snippet
{
"expressions": [
"'fizz' in res.trailers['baz']"
]
}
res.ts.body_sent
The timestamp when ngrok sent the body of the response. This may not be present if the response does not contain a body.
- YAML
- JSON
# snippet
---
expressions:
- "res.ts.body_sent > timestamp('2023-12-31')"
// snippet
{
"expressions": [
"res.ts.body_sent > timestamp('2023-12-31')"
]
}
res.ts.header_sent
The timestamp when ngrok sent the header of the request.
- YAML
- JSON
# snippet
---
expressions:
- "res.ts.header_sent > timestamp('2023-12-31')"
// snippet
{
"expressions": [
"res.ts.header_sent > timestamp('2023-12-31')"
]
}
Time variables
The following variables are available under the time
namespace:
Name | Type | Description |
---|---|---|
time.now | string | The current UTC time in RFC3339 format. |
time.now
The current UTC time in RFC3339 format.
- YAML
- JSON
# snippet
---
expressions:
- "conn.ts.end < timestamp(time.now)"
// snippet
{
"expressions": [
"conn.ts.end < timestamp(time.now)"
]
}