Navigation :

Control traffic with policies

Use Gloo policies to control the traffic within your service mesh environment. Review the following available policies or learn more about Policy enforcement.

Resilience policies

Connection pool settings for HTTP

Use a connection policy to configure connection pool settings for an HTTP destination.

Policy

Connection pool settings for TCP

Set up connection pool settings for a TCP destination, such as TCP keepalive.

Policy

Failover

Use a failover policy to determine where to reroute traffic in case of failure.

Policy

Fault injection

Test the resilience of your apps by injecting delays and connection failures.

Policy

Outlier detection

Configure Gloo to remove unhealthy destinations from the connection pool, and add the destinations back when they become healthy again.

Policy

Retry and timeout

Reduce transient failures and hanging systems by setting retries and timeouts.

Policy

Trim proxy config

Trim the number of destinations in the Istio sidecar proxy configuration for your workloads to avoid memory pressure issues.

Policy

Security policies

Access

Control access for workloads in your service mesh.

Policy

CORS

Enforce client-site access controls with cross-origin resource sharing (CORS).

Policy

External auth

Set up an external authentication and authorization to protect the workloads in your cluster. For example, you can set up basic, passthrough, API key, OAuth, OPA, or LDAP authentication.

Policy

Traffic control policies

Header manipulation

Append or remove HTTP request and response headers at the route level.

Policy

Load balancer and consistent hashing

Specify how you want Istio to select an upstream service to serve an incoming client request.

Policy

Mirror

Duplicate outgoing traffic, to test a new app.

Policy

Rate limit

Control the rate of requests to destinations within the service mesh.

Policy

Transformation

Alter a request before matching and routing, such as with an Inja header template.

Policy

Extensions

WebAssembly (Wasm) deployment

Add a Wasm filter to the Envoy sidecar proxy, for use cases such as customizing the endpoints and thresholds for your workloads.

Policy

Gloo Gateway ingress policies

You can use the following policies to control traffic through the ingress gateway in north-south scenarios.

To use this feature, you must have a Gloo Gateway license in addition to your Gloo Mesh license.

Active healtheck

Use the ingress gateway to periodically check the health of an upstream service in your cluster.

Policy

Client TLS

Enable TLS origination for your ingress gateway so that you can encrypt requests before they are forwarded to HTTPS services in your cluster.

Policy

CSRF

Apply a CSRF filter to the gateway to help prevent cross-site request forgery attacks.

Policy

HTTP buffer filter

Set the maximum request body size that you want to accept for a particular workload in your cluster.

Policy

JWT

Control access or route traffic based on verified claims in a JSON web token (JWT).

Policy

Listener connection

Configure connection settings between downstream services and a gateway listener.

Policy

WAF

Filter, monitor, and block potentially harmful HTTP traffic with a Web Application Firewall (WAF) policy.

Policy