For more information, see the Envoy threat model.

About the security posture

The security posture includes extensions for both the open source and Enterprise versions of Gloo Gateway. Each extension has the filter name and the classification of the filter’s security posture. The following table describes the security posture values.

ValueDescription
data_plane_agnosticDo not expose this extension to data plane attacks, for both untrusted downstreams and upstream services.
requires_trusted_downstream_and_upstreamUse this extension only when both the downstream and upstream services are trusted.
robust_to_untrusted_downstreamYou can use these hardened filters only with untrusted downstream services. Do not use with untrusted upstream services, as these filters assume that the upstream services are trusted.
robust_to_untrusted_downstream_and_upstreamYou can use these hardened filters with both untrusted downstream and upstream services.
unknownUse these filters with your own security procedures. These filters have an unknown security posture.

Security posture for extensions

Review the following open source and Enterprise security postures for Gloo Gateway Envoy extensions.

  # Security posture for Gloo Gateway Envoy extensions
# This file includes information for both Open Source 
# and Enterprise versions of Gloo Gateway.
# For more information, see the docs: 
# https://docs.solo.io/gloo-edge/main/reference/security-posture/
#
# Options are:
# - data_plane_agnostic
# - requires_trusted_downstream_and_upstream
# - robust_to_untrusted_downstream
# - robust_to_untrusted_downstream_and_upstream
# - unknown
#
# ---OPEN SOURCE--
extensions:
- name: filters/http/aws_lambda
  security_posture: robust_to_untrusted_downstream
- name: filters/http/nats/streaming
  security_posture: robust_to_untrusted_downstream
- name: filters/http/transformation
  security_posture: robust_to_untrusted_downstream
#
# ---ENTERPRISE---
extensions:
- name: filters/http/graphql
  security_posture: robust_to_untrusted_downstream
- name: filters/http/json_grpc_transcoder
  security_posture: unknown # this filter is not used; consider removing it.
- name: filters/http/modsecurity
  security_posture: robust_to_untrusted_downstream
- name: filters/http/proxylatency
  security_posture: robust_to_untrusted_downstream
- name: filters/http/sanitize
  security_posture: robust_to_untrusted_downstream
- name: filters/http/solo_jwt_authn
  security_posture: robust_to_untrusted_downstream
- name: filters/http/solo_xff_offset
  security_posture: robust_to_untrusted_downstream
- name: filters/http/transformation_ee
  security_posture: robust_to_untrusted_downstream
- name: filters/listener/proxy_protocol
  security_posture: robust_to_untrusted_downstream_and_upstream
- name: graphql/resolvers
  security_posture: robust_to_untrusted_downstream
- name: health_checkers/advanced_http
  security_posture: requires_trusted_downstream_and_upstream
- name: transformers/xslt
  security_posture: robust_to_untrusted_downstream
- name: transformers/aws_lambda
  security_posture: robust_to_untrusted_downstream
- name: filters/http/aws_lambda
  security_posture: robust_to_untrusted_downstream
- name: filters/http/nats/streaming
  security_posture: robust_to_untrusted_downstream
- name: filters/http/cache
  security_posture: robust_to_untrusted_downstream
- name: filters/http/cache/grpc
  security_posture: robust_to_untrusted_downstream