• play_circle Get started
    • Gloo Gateway overview
    • Architecture
    • Custom resources
      • Policy overview
      • RouteOption
      • ListenerOption
      • HTTPListenerOption
      • VirtualHostOption
      • Overview
      • Enable resource validation
      • Test resources
    • Helm
    • Airgap environment
    • Argo CD
    • Install the glooctl CLI
    • Licensing
    • Default gateway proxy setup
    • Customize the default setup
        • Simple ingress
          • Network Load Balancer (NLB)
          • Application Load Balancer (ALB)
      • HTTP
      • HTTPS
      • Kubernetes services
        • About Upstreams
        • Static
        • Kubernetes service
        • AWS EC2
        • AWS Lambda
        • Google Cloud Platform services
        • HTTP/2
      • Path
      • Header
      • HTTP method
      • Query parameter
      • HTTPS redirect
      • Host redirect
      • Path redirects
      • Host rewrites
      • Path rewrites
      • Route delegation overview
      • Basic example
      • Multiple parents
      • Multi-level delegation
      • Header and query match
      • Policy inheritance
      • Policy overrides
    • Buffering
      • About extProc
      • Header manipulation
      • Request headers
      • Response headers
      • Gateway health checks
      • Upstream health checks
    • TCP keepalive
    • Proxy protocol
      • Templating language
      • Inject response headers
      • Add multiple values to headers
      • Decode base64 headers
      • Use extractors for headers
      • Add headers to body
      • Extract query parameters
      • Update request paths and methods
      • Create redirect URLs
      • Change response status
      • Update response body
      • Enrich access logs
    • Traffic splitting
      • About response caching
      • Set up caching
    • Fault injection
    • Retries
    • Shadowing
    • Timeouts
    • Traffic tapping
    • Access logging
    • CORS
    • CSRF
    • Data loss prevention (DLP)
      • Basic auth
      • API keys
      • LDAP
        • About OAuth
        • Auth0
        • Google
        • Keycloak
        • Okta
        • More OAuth features
      • OPA
        • HTTP
        • gRPC
      • Overview
      • Gateway-level JWT policy
      • Provider example
        • Envoy API
        • Set-style API
        • About local rate limiting
        • HTTP
    • Web Application Firewall (WAF)
    • About Gloo Portal
    • Portal architecture
      • Set up Gloo Portal
      • Create API products
      • Create a portal
      • Cleanup
      • Create ApiDocs
        • Sample React app
          • About Backstage
          • Backstage backend plugin
          • Backstage frontend plugin
      • End user guide
      • Troubleshoot
    • Argo Rollouts
    • AWS ELBs
    • ExternalDNS and cert-manager
    • Istio service mesh
    • Gateway metrics
    • Debug your setup
    • Upgrade
    • Uninstall
      • Requests
    • Version support
    • API reference
      • Open source
      • Enterprise Edition
      • glooctl check
      • glooctl install gateway
      • glooctl install gateway enterprise
      • glooctl uninstall
      • glooctl upgrade
      • Open source
      • Enterprise
    • Contribution guidelines
    • Open Source Attribution
    • Port reference
    • Security posture
      • CVE lifecycle handling
      • Open source
      • Enterprise
    • About Solo Support
    • Submit a request
    • 2.0.x (latest)
    • 1.20.x
    • 1.19.x
    • 1.18.x
    • 1.17.x
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Security
    On this page

    Security

    Secure your gateway to prevent unauthenticated and unauthorized access to your apps.

    article

    Access logging

    Capture an access log for all the requests that enter the gateway.

    article

    CORS

    Enforce client-site access controls with cross-origin resource sharing (CORS).

    article

    CSRF

    Apply a CSRF filter to the gateway to help prevent cross-site request forgery attacks.

    article

    Data loss prevention (DLP)

    Ensure that sensitive data isn't logged or leaked by masking data in response bodies<!–and headers, …

    article

    External authentication and authorization

    article

    JWT

    article

    Rate limiting

    article

    Web Application Firewall (WAF)

    Solo.io copyright 2025