Validate path types (#9967)

* Validate path types

* Fix the year of header

* Update internal/ingress/controller/config/config.go

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

---------

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

docs/user-guide/nginx-configuration/configmap.md

@@ -229,6 +229,7 @@ The following table shows a configuration option's name, type, and the default v
 |[service-upstream](#service-upstream)|bool|"false"|
 |[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"|
 |[debug-connections](#debug-connections)|[]string|"127.0.0.1,1.1.1.1/24"|
+|[strict-validate-path-type](#strict-validate-path-type)|bool|"false" (v1.7.x)|
 
 ## add-headers
 
@@ -1379,3 +1380,17 @@ _**default:**_ ""
 
 _References:_
 [http://nginx.org/en/docs/ngx_core_module.html#debug_connection](http://nginx.org/en/docs/ngx_core_module.html#debug_connection)
+
+## strict-validate-path-type
+Ingress objects contains a field called pathType that defines the proxy behavior. It can be `Exact`, `Prefix` and `ImplementationSpecific`.
+
+When pathType is configured as `Exact` or `Prefix`, there should be a more strict validation, allowing only paths starting with "/" and
+containing only alphanumeric characters and "-", "_" and additional "/".
+
+When this option is enabled, the validation will happen on the Admission Webhook, making any Ingress not using pathType `ImplementationSpecific`
+and containing invalid characters to be denied.
+
+This means that Ingress objects that rely on paths containing regex characters should use `ImplementationSpecific` pathType.
+
+The cluster admin should establish validation rules using mechanisms like [Open Policy Agent](https://www.openpolicyagent.org/) to 
+validate that only authorized users can use `ImplementationSpecific` pathType and that only the authorized characters can be used.