Skip to main content

HTTP Variables

Connection Variables

The following variables are available under the conn namespace:

NameTypeDescription
conn.bytes_inint64The number of bytes entering the endpoint from the client.
conn.bytes_outint64The number of bytes leaving an endpoint to the client.
conn.client_ipstringSource IP of the connection to the ngrok endpoint.
conn.client_portint32Source port of the connection to the ngrok endpoint.
conn.server_ipstringThe IP that this connection was established on.
conn.server_portint32The port that this connection was established on.
conn.ts.endtimestampTimestamp when the connection to ngrok was closed.
conn.ts.starttimestampTimestamp when the connection to ngrok was started.

conn.bytes_in

The number of bytes entering the endpoint from the client.

# snippet
---
expressions:
- "conn.bytes_in > 1000"

conn.bytes_out

The number of bytes leaving an endpoint to the client.

# snippet
---
expressions:
- "conn.bytes_out > 1000"

conn.client_ip

Source IP of the connection to the ngrok endpoint.

# snippet
---
expressions:
- "conn.client_ip in ['::1', '127.0.0.1']"

conn.client_port

Source port of the connection to the ngrok endpoint.

# snippet
---
expressions:
- "conn.client_port == 80"

conn.ts.end

Timestamp when the connection to ngrok was closed.

# snippet
---
expressions:
- "conn.ts.end > timestamp('2024-01-01')"

conn.server_ip

The IP that this connection was established on.

# snippet
---
expressions:
- "conn.server_ip == '192.168.1.1'"

conn.server_port

The port that this connection was established on.

# snippet
---
expressions:
- "conn.server_port == 80"

conn.ts.start

Timestamp when the connection to ngrok was started.

# snippet
---
expressions:
- "conn.ts.start > timestamp('2023-12-31')"

Connection Geo Variables

The following variables are available under the conn.geo namespace:

NameTypeDescription
conn.geo.citystringThe name of the city, in EN, where the conn.client_ip is likely to originate.
conn.geo.countrystringThe name of the country, in EN, where the conn.client_ip is likely to originate.
conn.geo.country_codestringThe two-letter ISO country code where the conn.client_ip is likely to originate.
conn.geo.latitudestringThe approximate latitude where the conn.client_ip is likely to originate.
conn.geo.longitudestringThe approximate longitude where the conn.client_ip is likely to originate.
conn.geo.radiusstringThe radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate.
conn.geo.subdivisionstringThe name of the subdivision, in EN, where the conn.client_ip is likely to originate.

conn.geo.city

The name of the city, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.city == 'Strongsville'"

conn.geo.country

The name of the country, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.country == 'United States'"

conn.geo.country_code

The two-letter ISO country code where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.country_code != 'US'"

conn.geo.latitude

The approximate latitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "double(conn.geo.latitude) >= 45.0"

conn.geo.longitude

The approximate longitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "double(conn.geo.longitude) <= -93.0"

conn.geo.radius

The radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.radius <= '5'"

conn.geo.subdivision

The name of the subdivision, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
- "conn.geo.subdivision == 'California'"

Connection TLS Variables

The following variables are available under the conn.tls namespace:

NameTypeDescription
conn.tls.cipher_suitestringThe cipher suite selected during the TLS handshake.
conn.tls.snistringThe hostname included in the ClientHello message via the SNI extension.
conn.tls.versionstringThe version of the TLS protocol used between the client and the ngrok edge.

conn.tls.cipher_suite

The cipher suite selected during the TLS handshake.

# snippet
---
expressions:
- "conn.tls.cipher_suite == 'TLS_AES_128_GCM_SHA256'"

conn.tls.sni

The hostname included in the ClientHello message via the SNI extension.

# snippet
---
expressions:
- "conn.tls.sni == 'client.example.com'"

conn.tls.version

The version of the TLS protocol used between the client and the ngrok edge.

# snippet
---
expressions:
- "conn.tls.version == '1.3'"

Connection TLS Client Variables

The following variables are available under the conn.tls.client namespace:

NameTypeDescription
conn.tls.client.extensions[]ExtensionAdditional information added to the certificate.
conn.tls.client.issuerstringThe issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.client.issuer.common_namestringCommon name of the issuing authority, usually the domain name.
conn.tls.client.issuer.country[]stringCountry name(s) where the issuing authority is located.
conn.tls.client.issuer.locality[]stringLocality or city of the issuing authority.
conn.tls.client.issuer.organization[]stringName(s) of the organization that issued the certificate.
conn.tls.client.issuer.organizational_unit[]stringDivision of the organization responsible for the certificate.
conn.tls.client.issuer.postal_code[]stringPostal code of the issuing authority.
conn.tls.client.issuer.province[]stringProvince or state of the issuing authority.
conn.tls.client.issuer.street_address[]stringStreet address of the issuing authority.
conn.tls.client.sanstringSubject alternative names of the client certificate.
conn.tls.client.san.dns_names[]stringDNS names in the subject alternative names.
conn.tls.client.san.email_addresses[]stringEmail addresses in the subject alternative names.
conn.tls.client.san.ip_addresses[]stringIP addresses in the subject alternative names.
conn.tls.client.san.uris[]stringURIs in the subject alternative names.
conn.tls.client.serial_numberstringUnique identifier for the certificate.
conn.tls.client.signature_algorithmstringAlgorithm used to sign the certificate.
conn.tls.client.subjectstringThe entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.client.subject.common_namestringCommon name of the subject, usually the domain name.
conn.tls.client.subject.country[]stringCountry name(s) where the subject of the certificate is located.
conn.tls.client.subject.locality[]stringLocality or city where the subject is located.
conn.tls.client.subject.organization[]stringName(s) of the organization to which the subject belongs.
conn.tls.client.subject.organizational_unit[]stringDivision of the organization to which the subject belongs.
conn.tls.client.subject.postal_code[]stringPostal code where the subject is located.
conn.tls.client.subject.province[]stringProvince or state where the subject is located.
conn.tls.client.subject.street_address[]stringStreet address where the subject is located.
conn.tls.client.validity.not_aftertimestampExpiration date and time when the certificate is no longer valid.
conn.tls.client.validity.not_beforetimestampStart date and time when the certificate becomes valid.

conn.tls.client.extensions

Additional information added to the certificate.

# snippet
---
expressions:
- "size(conn.tls.client.extensions) > 0"

conn.tls.client.issuer

The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.client.issuer == 'CN=E1,O=Let's Encrypt,C=US'"

conn.tls.client.issuer.common_name

Common name of the issuing authority, usually the domain name.

# snippet
---
expressions:
- "conn.tls.client.issuer.common_name == 'exampleca.com'"

conn.tls.client.issuer.country

Country name(s) where the issuing authority is located.

# snippet
---
expressions:
- "conn.tls.client.issuer.country == ['US']"

conn.tls.client.issuer.locality

Locality or city of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.locality == ['Mountain View']"

conn.tls.client.issuer.organization

Name(s) of the organization that issued the certificate.

# snippet
---
expressions:
- "conn.tls.client.issuer.organization == ['Example CA']"

conn.tls.client.issuer.organizational_unit

Division of the organization responsible for the certificate.

# snippet
---
expressions:
- "conn.tls.client.issuer.organizational_unit == ['Certification Authority
Division']"

conn.tls.client.issuer.postal_code

Postal code of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.postal_code == ['94043']"

conn.tls.client.issuer.province

Province or state of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.province == ['California']"

conn.tls.client.issuer.street_address

Street address of the issuing authority.

# snippet
---
expressions:
- "conn.tls.client.issuer.street_address == ['1234 Encryption Way']"

conn.tls.client.san

Subject alternative names of the client certificate.

# snippet
---
expressions:
- "conn.tls.client.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"

conn.tls.client.san.dns_names

DNS names in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.dns_names == ['www.example.com', 'example.com']"

conn.tls.client.san.email_addresses

Email addresses in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"

conn.tls.client.san.ip_addresses

IP addresses in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.ip_addresses == ['192.168.1.1']"

conn.tls.client.san.uris

URIs in the subject alternative names.

# snippet
---
expressions:
- "conn.tls.client.san.uris == ['https://example.com/example']"

conn.tls.client.serial_number

Unique identifier for the certificate.

# snippet
---
expressions:
- "conn.tls.client.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"

conn.tls.client.signature_algorithm

Algorithm used to sign the certificate.

# snippet
---
expressions:
- "conn.tls.client.signature_algorithm == 'SHA256-RSA'"

conn.tls.client.subject

The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.client.subject == 'CN=www.example.com'"

conn.tls.client.subject.common_name

Common name of the subject, usually the domain name.

# snippet
---
expressions:
- "conn.tls.client.subject.common_name == 'www.example.com'"

conn.tls.client.subject.country

Country name(s) where the subject of the certificate is located.

# snippet
---
expressions:
- "conn.tls.client.subject.country == ['US']"

conn.tls.client.subject.locality

Locality or city where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.locality == ['Mountain View']"

conn.tls.client.subject.organization

Name(s) of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.client.subject.organization == ['Example Corp']"

conn.tls.client.subject.organizational_unit

Division of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.client.subject.organizational_unit == ['Web Services']"

conn.tls.client.subject.postal_code

Postal code where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.postal_code == ['94043']"

conn.tls.client.subject.province

Province or state where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.province == ['California']"

conn.tls.client.subject.street_address

Street address where the subject is located.

# snippet
---
expressions:
- "conn.tls.client.subject.street_address == ['1234 Secure Blvd']"

conn.tls.client.validity.not_after

Expiration date and time when the certificate is no longer valid.

# snippet
---
expressions:
- "conn.tls.client.validity.not_after == timestamp('2023-01-01T00:00:00Z')"

conn.tls.client.validity.not_before

Start date and time when the certificate becomes valid.

# snippet
---
expressions:
- "conn.tls.client.validity.not_before == timestamp('2020-01-01T00:00:00Z')"

Connection TLS Server Variables

The following variables are available under the conn.tls.server namespace:

NameTypeDescription
conn.tls.server.extensions[]ExtensionAdditional information added to the certificate.
conn.tls.server.issuerstringThe issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.server.issuer.common_namestringCommon name of the issuing authority, usually the domain name.
conn.tls.server.issuer.country[]stringCountry name(s) where the issuing authority is located.
conn.tls.server.issuer.locality[]stringLocality or city of the issuing authority.
conn.tls.server.issuer.organization[]stringName(s) of the organization that issued the certificate.
conn.tls.server.issuer.organizational_unit[]stringDivision of the organization responsible for the certificate.
conn.tls.server.issuer.postal_code[]stringPostal code of the issuing authority.
conn.tls.server.issuer.province[]stringProvince or state of the issuing authority.
conn.tls.server.issuer.street_address[]stringStreet address of the issuing authority.
conn.tls.server.sanstringSubject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.dns_names[]stringDNS names in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.email_addresses[]stringEmail addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.ip_addresses[]stringIP addresses in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.san.uris[]stringURIs in the subject alternative names of the ngrok server's leaf TLS certificate.
conn.tls.server.serial_numberstringUnique identifier for the certificate.
conn.tls.server.signature_algorithmstringAlgorithm used to sign the certificate.
conn.tls.server.subjectstringThe entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.
conn.tls.server.subject.common_namestringCommon name of the subject, usually the domain name.
conn.tls.server.subject.country[]stringCountry name(s) where the subject of the certificate is located.
conn.tls.server.subject.locality[]stringLocality or city where the subject is located.
conn.tls.server.subject.organization[]stringName(s) of the organization to which the subject belongs.
conn.tls.server.subject.organizational_unit[]stringDivision of the organization to which the subject belongs.
conn.tls.server.subject.postal_code[]stringPostal code where the subject is located.
conn.tls.server.subject.province[]stringProvince or state where the subject is located.
conn.tls.server.subject.street_address[]stringStreet address where the subject is located.
conn.tls.server.validity.not_aftertimestampExpiration date and time when the certificate is no longer valid.
conn.tls.server.validity.not_beforetimestampStart date and time when the certificate becomes valid.

conn.tls.server.extensions

Additional information added to the certificate.

# snippet
---
expressions:
- "size(conn.tls.server.extensions) > 0"

conn.tls.server.issuer

The issuing authority of the certificate as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.server.issuer == 'CN=E1,O=Let's Encrypt,C=US'"

conn.tls.server.issuer.common_name

Common name of the issuing authority, usually the domain name.

# snippet
---
expressions:
- "conn.tls.server.issuer.common_name == 'exampleca.com'"

conn.tls.server.issuer.country

Country name(s) where the issuing authority is located.

# snippet
---
expressions:
- "conn.tls.server.issuer.country == ['US']"

conn.tls.server.issuer.locality

Locality or city of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.locality == ['Mountain View']"

conn.tls.server.issuer.organization

Name(s) of the organization that issued the certificate.

# snippet
---
expressions:
- "conn.tls.server.issuer.organization == ['Example CA']"

conn.tls.server.issuer.organizational_unit

Division of the organization responsible for the certificate.

# snippet
---
expressions:
- "conn.tls.server.issuer.organizational_unit == ['Certification Authority
Division']"

conn.tls.server.issuer.postal_code

Postal code of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.postal_code == ['94043']"

conn.tls.server.issuer.province

Province or state of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.province == ['California']"

conn.tls.server.issuer.street_address

Street address of the issuing authority.

# snippet
---
expressions:
- "conn.tls.server.issuer.street_address == ['1234 Encryption Way']"

conn.tls.server.san

Subject alternative names of the server certificate of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san == 'DNS:www.example.com, DNS:example.com, IP
Address:192.168.1.1'"

conn.tls.server.san.dns_names

DNS names in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.dns_names == ['ngrok-dns.com', 'ngrok-dns2.com']"

conn.tls.server.san.email_addresses

Email addresses in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.email_addresses == ['ngrok-email1@example.com',
'ngrok-email2@example.com']"

conn.tls.server.san.ip_addresses

IP addresses in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.ip_addresses == ['192.168.1.1']"

conn.tls.server.san.uris

URIs in the subject alternative names of the ngrok server's leaf TLS certificate.

# snippet
---
expressions:
- "conn.tls.server.san.uris == ['https://example.com/example']"

conn.tls.server.serial_number

Unique identifier for the certificate.

# snippet
---
expressions:
- "conn.tls.server.serial_number == 'b53017e79d4a5208b314a55d3574e0a8'"

conn.tls.server.signature_algorithm

Algorithm used to sign the certificate.

# snippet
---
expressions:
- "conn.tls.server.signature_algorithm == 'SHA256-RSA'"

conn.tls.server.subject

The entity to whom the certificate is issued as a string roughly following the RFC 2253 Distinguished Names syntax.

# snippet
---
expressions:
- "conn.tls.server.subject == 'CN=www.example.com'"

conn.tls.server.subject.common_name

Common name of the subject, usually the domain name.

# snippet
---
expressions:
- "conn.tls.server.subject.common_name == 'ngrok-server.example.com'"

conn.tls.server.subject.country

Country name(s) where the subject of the certificate is located.

# snippet
---
expressions:
- "conn.tls.server.subject.country == ['US']"

conn.tls.server.subject.locality

Locality or city where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.locality == ['Mountain View']"

conn.tls.server.subject.organization

Name(s) of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.server.subject.organization == ['Example Corp']"

conn.tls.server.subject.organizational_unit

Division of the organization to which the subject belongs.

# snippet
---
expressions:
- "conn.tls.server.subject.organizational_unit == ['Web Services']"

conn.tls.server.subject.postal_code

Postal code where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.postal_code == ['94043']"

conn.tls.server.subject.province

Province or state where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.province == ['California']"

conn.tls.server.subject.street_address

Street address where the subject is located.

# snippet
---
expressions:
- "conn.tls.server.subject.street_address == ['1234 Secure Blvd']"

conn.tls.server.validity.not_after

Expiration date and time when the certificate is no longer valid.

# snippet
---
expressions:
- "conn.tls.server.validity.not_after > timestamp('2023-01-01T00:00:00Z')"

conn.tls.server.validity.not_before

Start date and time when the certificate becomes valid.

# snippet
---
expressions:
- "conn.tls.server.validity.not_before < timestamp('2020-01-01T00:00:00Z')"

Endpoint Variables

The following variables are available under the endpoint namespace:

NameTypeDescription
endpoint.addrstringThe address for this endpoint.
endpoint.hoststringThe hostname for this endpoint.
endpoint.idstringThe endpoint that serviced this connection.
endpoint.portint32The port for this endpoint.
endpoint.protocolstringThe protocol for this endpoint. Current supported values are http, https, tcp, and tls.
endpoint.urlstringThe url for this endpoint.

endpoint.addr

The address for this endpoint.

# snippet
---
expressions:
- "endpoint.addr == 'my-subdomain.ngrok.app:443'"

endpoint.host

The hostname for this endpoint.

# snippet
---
expressions:
- "endpoint.host == 'my-subdomain.ngrok.app'"

endpoint.id

The id for this endpoint.

# snippet
---
expressions:
- "endpoint.id == 'ep_2iL8LRbQilSCKYjaslRoqBwJcfT'"

endpoint.port

The port for this endpoint.

# snippet
---
expressions:
- "endpoint.port == 443"

endpoint.protocol

The protocol for this endpoint. Current supported values are http, https, tcp, and tls.

# snippet
---
expressions:
- "endpoint.protocol == 'https'"

endpoint.url

The url for this endpoint.

# snippet
---
expressions:
- "endpoint.url == 'https://my-subdomain.ngrok.app'"

Request Variables

The following variables are available under the req namespace:

NameTypeDescription
req.content_encodinglist[string]The encoding set in the Content-Encoding header for this request as a list.
req.content_lengthint64The content length of the body in bytes. This may not be present if the request does not contain a body or if the client does not specify a content length because they are streaming the body.
req.content_typestringThe media type set in the Content-Type header for this request as a string.
req.content_type.parametersmap[string]stringThe parameters set in the Content-Type header as a key value map.
req.content_type.rawstringThe Content-Type header for this request as a string.
req.cookiesmap[string]*http.CookieThe key value map of HTTP cookie objects provided in the request.
req.headersmap[string][]stringThe request headers parsed as a map of lower-case names to values.
req.hoststringThe host header field value for this request.
req.locationstringThe location header value of the request.
req.methodstringThe request method.
req.trailersmap[string][]stringThe request trailers parsed as a map of lower-case names to values.
req.ts.body_receivedtimestampThe timestamp when ngrok received the body of the request. This may not be present if the request does not contain a body.
req.ts.header_receivedtimestampThe timestamp when ngrok received the header of the request.
req.urlstringThe normalized full URL for this request.
req.url.authoritystringThe authority portion of the URL.
req.url.hoststringThe hostname portion of the host for this request.
req.url.pathstringThe path for this request including the leading forward slash.
req.url.portint32The port portion of the host for this request.
req.url.querystringThe full query string for this request excluding the leading question mark.
req.url.query_paramsmap[string][]stringThe request query string parsed as a map of names to values.
req.url.rawstringThe un-normalized full URL for this request.
req.url.raw_pathstringThe un-normalized path including the leading slash for this request.
req.url.schemestringThe scheme for this request.
req.url.uristringThe URI (path and query) portion of the URL.
req.url.user_passwordstringThe user:password portion of the URL.
req.user_agentstringThe user-agent header value for this request.
req.versionstringThe HTTP version for this request.

req.content_encoding

The encoding set in the Content-Encoding header for this request as a list.

# snippet
---
expressions:
- "req.content_encoding[0] == 'br'"

req.content_length

The content length of the body in bytes. This may not be present if the request does not contain a body or if the client does not specify a content length because they are streaming the body.

# snippet
---
expressions:
- "req.content_length > 10000000"

req.content_type

The media type set in the Content-Type header for this request as a string.

# snippet
---
expressions:
- "req.content_type == 'application/json'"

req.content_type.parameters

The parameters set in the Content-Type header for this request as a key value map.

# snippet
---
expressions:
- "req.content_type.parameters['charset'] == 'utf-8'"

req.content_type.raw

The Content-Type header for this request as a string.

# snippet
---
expressions:
- "req.content_type.raw == 'application/json; charset=utf-8'"

req.cookies

The key value map of HTTP cookie objects provided in the request.

# snippet
---
expressions:
- "size(req.cookies) > 0"

req.headers

The request headers parsed as a map of lower-case names to values.

# snippet
---
expressions:
- "'Fizz' in req.headers['baz']"

req.host

The host header field value for this request.

# snippet
---
expressions:
- "req.host == 'nba.com'"

req.location

The location header value of the request.

# snippet
---
expressions:
- "req.location == '/index.html'"

req.method

The request method.

# snippet
---
expressions:
- "req.method == 'POST' || req.method == 'PUT'"

req.trailers

The request trailers parsed as a map of lower-case names to values.

# snippet
---
expressions:
- "'Fizz' in req.trailers['baz']"

req.ts.body_received

The timestamp when ngrok received the body of the request. This may not be present if the request does not contain a body.

# snippet
---
expressions:
- "req.ts.body_received > timestamp('2023-12-31')"

req.ts.header_received

The timestamp when ngrok received the header of the request.

# snippet
---
expressions:
- "req.ts.header_received > timestamp('2023-12-31')"

req.url

The normalized full URL for this request.

# snippet
---
expressions:
- "req.url.contains('/admin')"

req.url.authority

The authority portion of the URL.

# snippet
---
expressions:
- "req.url.authority == 'user:password@nba.com'"

req.url.host

The hostname portion of the host for this request.

# snippet
---
expressions:
- "req.url.host == 'nba.com'"

req.url.path

The path part of this request including the leading forward slash.

# snippet
---
expressions:
- "req.url.path.startsWith('/foo')"

req.url.port

The port portion of the host for this request.

# snippet
---
expressions:
- "req.url.port == 443"

req.url.query

The full query string for this request excluding the leading question mark.

# snippet
---
expressions:
- "req.url.query == 'number=23&name=jordan'"

req.url.query_params

The request query string parsed as a map of names to values.

# snippet
---
expressions:
- "'bar' in req.url.query_params['foo']"

req.url.raw

The un-normalized full URL for this request.

# snippet
---
expressions:
- "req.url.raw.includes('/foo')"

req.url.raw_path

The un-normalized path including the leading slash for this request.

# snippet
---
expressions:
- "req.url.raw_path.startsWith('/foo')"

req.url.scheme

The scheme for this request.

# snippet
---
expressions:
- "req.url.scheme == 'https'"

req.url.uri

The URI (path and query) portion of the URL.

# snippet
---
expressions:
- "req.url.uri.contains('/api/players?number=23&name=jordan')"

req.url.user_password

The user:password portion of the URL.

# snippet
---
expressions:
- "req.url.user_password == 'user:password'"

req.user_agent

The user-agent header value for this request.

# snippet
---
expressions:
- "req.user_agent.contains('curl')"

req.version

The HTTP version for this request.

# snippet
---
expressions:
- "req.version == 'HTTP/2"

Response Variables

The following variables are available under the res namespace:

NameTypeDescription
res.content_encodinglist[string]The encoding set in the Content-Encoding header for this response as a list.
res.content_lengthint64The length of the content associated with the response.
res.content_typestringThe media type set in the Content-Type header for this response as a string.
res.content_type.parametersmap[string]stringThe parameters set in the Content-Type header for this response as a key value map.
res.content_type.rawstringThe Content-Type header for this response as a string.
res.cookiesmap[string]*http.CookieThe key value map of HTTP cookie objects provided in the response.
res.headersmap[string][]stringThe response headers parsed as a map of lower-case names to values.
res.locationstringThe location header value of this response.
res.status_codeint32The status code of this response.
res.trailersmap[string][]stringThe response trailers parsed as a map of lower-case names to values.
res.ts.body_senttimestampThe timestamp when ngrok sent the body of the response. This may not be present if the response does not contain a body.
res.ts.header_senttimestampThe timestamp when ngrok sent the header of the response.

res.content_encoding

The encoding set in the Content-Encoding header for this response as a list.

# snippet
---
expressions:
- "res.content_encoding[0] == 'br'"

res.content_length

The length of the content associated with the response.

# snippet
---
expressions:
- "res.content_length != 0"

res.content_type

The media type set in the Content-Type header for this response as a string.

# snippet
---
expressions:
- "res.content_type == 'application/json'"

res.content_type.parameters

The parameters set in the Content-Type header for this response as a key value map.

# snippet
---
expressions:
- "res.content_type.parameters['charset'] == 'utf-8'"

res.content_type.raw

The Content-Type header for this response as a string.

# snippet
---
expressions:
- "res.content_type.raw == 'application/json; charset=utf-8'"

res.cookies

The key value map of HTTP cookie objects provided in the response.

# snippet
---
expressions:
- "size(req.cookies) > 0"

res.headers

The headers of the response parsed as key maps to a list of values. Header keys must be written in canonical format.

# snippet
---
expressions:
- "'Fizz' in res.headers['baz']"

res.location

The location header value of the response.

# snippet
---
expressions:
- "res.location == '/index.html'"

res.status_code

The status code of this response.

# snippet
---
expressions:
- "res.status_code >= 300"

res.trailers

The trailers of the response parsed as key maps to a list of values. Trailer keys must be written in canonical format.

# snippet
---
expressions:
- "'fizz' in res.trailers['baz']"

res.ts.body_sent

The timestamp when ngrok sent the body of the response. This may not be present if the response does not contain a body.

# snippet
---
expressions:
- "res.ts.body_sent > timestamp('2023-12-31')"

res.ts.header_sent

The timestamp when ngrok sent the header of the request.

# snippet
---
expressions:
- "res.ts.header_sent > timestamp('2023-12-31')"

Time variables

The following variables are available under the time namespace:

NameTypeDescription
time.nowstringThe current UTC time in RFC3339 format.

time.now

The current UTC time in RFC3339 format.

# snippet
---
expressions:
- "conn.ts.end < timestamp(time.now)"