apiVersion: config.istio.io/v1alpha2 kind: handler metadata: name: wikipedia-checker namespace: istio-system spec: compiledAdapter: listchecker params: overrides: ["en.wikipedia.org"] # overrides provide a static list blacklist: true --- apiVersion: config.istio.io/v1alpha2 kind: instance metadata: name: requested-server-name namespace: istio-system spec: compiledTemplate: listentry params: value: connection.requested_server_name --- # Rule to check access to *.wikipedia.org apiVersion: config.istio.io/v1alpha2 kind: rule metadata: name: check-wikipedia-access namespace: istio-system spec: match: source.labels["app"] == "istio-egressgateway-with-sni-proxy" && destination.labels["app"] == "" actions: - handler: wikipedia-checker instances: [ requested-server-name ]