- id: "orykratos admin ui nodeprotected" upstream: preserve_host: true url: "http://mydomain.xyz:80" match: url: "http://mydomain/{static,iframe,dashboard,graph,skeleton,composer,presentation,**.css,**.js,**.json,**.png,**.ico}{/,}{**}" methods: - GET authenticators: - handler: cookie_session authorizer: handler: remote_json config: remote: http://keto-api:4456/check payload: | { "namespace": "access", "object": "administration", "relation": "access", "subject_id": "{{print .Extra.identity.traits.role }}" } mutators: - handler: id_token errors: - handler: redirect config: to: http://obsidian-edtech-qa.47billion.com/panel/login - id: "orykratos selfservice ui nodeanonymous" upstream: preserve_host: true url: "http://selfservice:4455" strip_path: /panel match: url: "http://mydomain/panel/{welcome,verification,recovery,registration,assets,login,**.css,**.js,**.png}{/,}" methods: - GET authenticators: - handler: anonymous authorizer: handler: allow mutators: - handler: noop i have this two rules defined in my oathkeeper . i want to allow mydomain/dashboard ,currently it is only allowing mydomain/dashboard/ i want to eliminate trailing slash

<{static,iframe,dashboard,graph,skeleton,composer,presentation,**.css,**.js,**.json,**.png,**.ico}{/,}>{**}

Here you have the

{**}

outside of the

<>

so it is not part of your glob expression. I think if you change your expression to the following, you'll get your desired result:

<{static,iframe,dashboard,graph,skeleton,composer,presentation,**.css,**.js,**.json,**.png,**.ico}{/**,}>