Security
One of the core responsibilities of an API Gateway is to secure your cluster. This problem can take many different shapes. The following guides explore the security features that Gloo Gateway provides to address your security-related concerns:
-
CSRF: Shield your applications from session-riding attacks.
-
Network Encryption: Configure Gloo Gateway to use TLS upstream, downstream, and with Envoy
-
Authentication and Authorization: An overview of authentication and authorization options with Gloo Gateway.
-
Global rate limiting: Control the rate of traffic sent to your services.
-
Limit active connections: Restrict the number of active TCP connections for a gateway.
-
Access Logging: Produce an access log representing traffic passing through the proxy
-
Data Loss Prevention: Data Loss Prevention (DLP) is a method of ensuring that sensitive data isn't logged or leaked.
-
Web Application Firewall: Filter, monitor, and block potentially harmful HTTP traffic.
-
CORS: Enforce client-side access controls by specifying external domains to access certain routes of your domain
-
Open Policy Agent (OPA): Define fine-grained policies to control Gloo Gateway configuration itself.