sync ext-auth and replay-protection docs

src/content/docs/latest/en/plugins/authentication/ext-auth.md

@@ -77,6 +77,7 @@ Configuration fields for each item of `MatchRule` type. When using `array of Mat
 | Name | Data Type | Required | Default Value | Description |
 | --- | --- | --- | --- | --- |
 | `match_rule_domain` | string | No | - | The domain of the matching rule, supports wildcard patterns, e.g., `*.bar.com` |
+| `match_rule_method` | []string | No | - | Matching rule for the request method |
 | `match_rule_path` | string | No | - | The rule for matching the request path |
 | `match_rule_type` | string | No | - | The type of the rule for matching the request path, can be `exact`, `prefix`, `suffix`, `contains`, `regex` |
 
@@ -100,27 +101,41 @@ Supports blacklist and whitelist mode configuration. The default is the whitelis
 **Whitelist Mode**
 
 ```yaml
+# Configuration for the whitelist mode. Requests that match the whitelist rules do not need verification.
 match_type: 'whitelist'
 match_list:
-    - match_rule_domain: '*.bar.com'
-      match_rule_path: '/foo'
-      match_rule_type: 'prefix'
+  # Requests with the domain name api.example.com and a path prefixed with /public do not need verification.
+  - match_rule_domain: 'api.example.com'
+    match_rule_path: '/public'
+    match_rule_type: 'prefix'
+  # For the image resource server images.example.com, all GET requests do not need verification.
+  - match_rule_domain: 'images.example.com'
+    match_rule_method: ["GET"]
+  # For all domains, HEAD requests with an exact path match of /health-check do not need verification.
+  - match_rule_method: ["HEAD"]
+    match_rule_path: '/health-check'
+    match_rule_type: 'exact'
 ```
 
-Requests with a prefix match of `/foo` under the wildcard domain `*.bar.com` do not need to be verified.
-
 **Blacklist Mode**
 
 ```yaml
+# Configuration for the blacklist mode. Requests that match the blacklist rules need verification.
 match_type: 'blacklist'
 match_list:
-    - match_rule_domain: '*.bar.com'
-      match_rule_path: '/headers'
-      match_rule_type: 'prefix'
+  # Requests with the domain name admin.example.com and a path prefixed with /sensitive need verification.
+  - match_rule_domain: 'admin.example.com'
+    match_rule_path: '/sensitive'
+    match_rule_type: 'prefix'
+  # For all domains, DELETE requests with an exact path match of /user need verification.
+  - match_rule_method: ["DELETE"]
+    match_rule_path: '/user'
+    match_rule_type: 'exact'
+  # For the domain legacy.example.com, all POST requests need verification.
+  - match_rule_domain: 'legacy.example.com'
+    match_rule_method: ["POST"]
 ```
 
-Only requests with a prefix match of `/header` under the wildcard domain `*.bar.com` need to be verified.
-
 
 ## Configuration Examples
 
@@ -186,13 +201,13 @@ Configuration of the `ext-auth` plugin:
 http_service:
   authorization_request:
     allowed_headers:
-    - exact: x-auth-version
+      - exact: x-auth-version
     headers_to_add:
       x-envoy-header: true
   authorization_response:
     allowed_upstream_headers:
-    - exact: x-user-id
-    - exact: x-auth-version
+      - exact: x-user-id
+      - exact: x-auth-version
   endpoint_mode: envoy
   endpoint:
     service_name: ext-auth.backend.svc.cluster.local

src/content/docs/latest/zh-cn/plugins/authentication/ext-auth.md

@@ -77,6 +77,7 @@ MatchRule 类型每一项的配置字段说明，在使用 `array of MatchRule`
 | 名称                | 数据类型 | 必填 | 默认值 | 描述                                                         |
 | ------------------- | -------- | ---- | ------ | ------------------------------------------------------------ |
 | `match_rule_domain` | string   | 否   | -      | 匹配规则域名，支持通配符模式，例如 `*.bar.com`               |
+| `match_rule_method` | []string | 否   | -      | 匹配请求方法                                                 |
 | `match_rule_path`   | string   | 否   | -      | 匹配请求路径的规则                                           |
 | `match_rule_type`   | string   | 否   | -      | 匹配请求路径的规则类型，可选 `exact` , `prefix` , `suffix`, `contains`, `regex` |
 
@@ -100,27 +101,41 @@ MatchRule 类型每一项的配置字段说明，在使用 `array of MatchRule`
 **白名单模式**
 
 ```yaml
+# 白名单模式配置，符合白名单规则的请求无需验证
 match_type: 'whitelist'
 match_list:
-    - match_rule_domain: '*.bar.com'
-      match_rule_path: '/foo'
-      match_rule_type: 'prefix'
+  # 所有以 api.example.com 为域名，且路径前缀为 /public 的请求无需验证
+  - match_rule_domain: 'api.example.com'
+    match_rule_path: '/public'
+    match_rule_type: 'prefix'
+  # 针对图片资源服务器 images.example.com，所有 GET 请求无需验证
+  - match_rule_domain: 'images.example.com'
+    match_rule_method: ["GET"]
+  # 所有域名下，路径精确匹配 /health-check 的 HEAD 请求无需验证
+  - match_rule_method: ["HEAD"]
+    match_rule_path: '/health-check'
+    match_rule_type: 'exact'
 ```
 
-泛域名 `*.bar.com` 下前缀匹配 `/foo` 的请求无需验证
-
 **黑名单模式**
 
 ```yaml
+# 黑名单模式配置，符合黑名单规则的请求需要验证
 match_type: 'blacklist'
 match_list:
-    - match_rule_domain: '*.bar.com'
-      match_rule_path: '/headers'
-      match_rule_type: 'prefix'
+  # 所有以 admin.example.com 为域名，且路径前缀为 /sensitive 的请求需要验证
+  - match_rule_domain: 'admin.example.com'
+    match_rule_path: '/sensitive'
+    match_rule_type: 'prefix'
+  # 所有域名下，路径精确匹配 /user 的 DELETE 请求需要验证
+  - match_rule_method: ["DELETE"]
+    match_rule_path: '/user'
+    match_rule_type: 'exact'
+  # 所有以 legacy.example.com 为域名的 POST 请求需要验证
+  - match_rule_domain: 'legacy.example.com'
+    match_rule_method: ["POST"]
 ```
 
-只有泛域名 `*.bar.com` 下前缀匹配 `/header` 的请求需要验证
-
 ## 配置示例
 
 下面假设 `ext-auth` 服务在 Kubernetes 中 serviceName 为 `ext-auth`，端口 `8090`，路径为 `/auth`，命名空间为 `backend`