How do I apply a redirect to a wildcard file-name

I’m trying to set up a couple of redirect rules for our site on Netlify. I added a netlify.toml file with the following redirects:

  from = "/api/*"
  to = "*"
  status = 200
  force = true

  from = "/*"
  to = "/forbidden"
  staus = 403
  force = true

The first is for proxying requests to our API server, basically I want a call to to go to and get the response code etc. set by the server. Is that possible with a redirect?
Note that the requests are both GET and POST requests, and currently I’m getting a 404 status code back.

The second is for blocking access to source maps. Ideally we’d also have access to these based on Roles, but for now I’ll be fine with them being blocked altogether. The issue is that even though the above is set up, I still get source maps as usual in the DevTools, and accessing the files works as if the redirect wasn’t there.

Please advise, I couldn’t find a log of the redirects activity. I did check our API server, and am seeing no requests hitting it from Netlify.

Hi @bengry, yup that’s possible. Can you tell us which netlify site you have this setup on? Also is the netlify.toml in the root of your repo?

Sure, the site is:

And yes, the toml file is in the repo root. When I deploy it I see the redirects being recognized in the deploy status on Netlify.


In the to key you need to specify the wildcard that you replace with :splat and not *. This means you should be using:

 from = "/api/*"
 to = ""
 status = 200
 force = true

Can you make that change and let me know if you have the same issue?

1 Like

Thanks, I’ll try it out now and get back to you in a few minutes.
The proxy seems to be working great, thanks!

What about blocking access to the source maps? I don’t really want any “to” there, just an empty 403 would be great, but it doesn’t really matter as long as they’re blocked. In my original post I also set up the redirect for them, but it seems like it’s not working, and I can still view source maps when I go to the site.

You should remove them from your deploy if you don’t want us to serve them. You could have a build command like npm run build && rm public/sourcemap.xml or similar.

Redirects aren’t intended to “block” paths to existing files :slight_smile:

@fool that’s what I ended up doing, though I’d expect the force = true flag to override it, as documented - and allow me to do something else with given files.
The same thing I wanted to achieve could’ve been used in conjunction with the roles API, to only allow people with role=developer to access these files. Unfortunately, I wasn’t able to test this out since this feature is only available in the business tier (and not the Free or Pro ones) as far as I saw. However, would it work there as state above, adding the line for the role?

@bengry you can’t use wildcard file names in your redirects yet, (we’re aware and looking into possible solutions but this is not coming any time soon). You can use wildcards for the path or to cover entire directories though. Being on the business team doesn’t change this, it let’s you add a jwt role as a condition in your forwarding rules. Note that you should be able to test our role based redirects when you use netlify dev via the Netlify CLI.