Control traffic with policies
Use Gloo policies to control the traffic within your service mesh environment. Review the following available policies or learn more about Policy enforcement.
Resilience policies
Connection pool settings for HTTP
Use a connection policy to configure connection pool settings for an HTTP destination.
READ MORE
Policy
Connection pool settings for TCP
Set up connection pool settings for a TCP destination, such as TCP keepalive.
READ MORE
Policy
Failover
Use a failover policy to determine where to reroute traffic in case of failure.
READ MORE
Policy
Fault injection
Test the resilience of your apps by injecting delays and connection failures.
READ MORE
Policy
Outlier detection
Configure Gloo to remove unhealthy destinations from the connection pool, and add the destinations back when they become healthy again.
READ MORE
Policy
Retry
Reduce transient failures and hanging systems by setting retries and timeouts.
READ MORE
Policy
Timeout
Reduce transient failures and hanging systems by setting retries and timeouts.
READ MORE
Policy
Trim proxy config
Trim the number of destinations in the Istio sidecar proxy configuration for your workloads to avoid memory pressure issues.
READ MORE
Policy
Security policies
Access
Control access for workloads in your service mesh.
READ MORE
Policy
CORS
Enforce client-site access controls with cross-origin resource sharing (CORS).
READ MORE
Policy
External auth
Set up an external authentication and authorization to protect the workloads in your cluster. For example, you can set up basic, passthrough, API key, OAuth, OPA, or LDAP authentication.
READ MORE
Policy
Traffic control policies
Header manipulation
Append or remove HTTP request and response headers at the route level.
READ MORE
Policy
Load balancer and consistent hashing
Specify how you want Istio to select an upstream service to serve an incoming client request.
READ MORE
Policy
Mirror
Duplicate outgoing traffic, to test a new app.
READ MORE
Policy
Rate limit
Control the rate of requests to destinations within the service mesh.
READ MORE
Policy
Transformation
Alter a request before matching and routing, such as with an Inja header template.
READ MORE
Policy
Extensions
WebAssembly (Wasm) deployment
Add a Wasm filter to the Envoy sidecar proxy, for use cases such as customizing the endpoints and thresholds for your workloads.
READ MORE
Policy

Gloo Gateway ingress policies
You can use the following policies to control traffic through the ingress gateway in north-south scenarios.
To use this feature, you must have a Gloo Gateway license in addition to your Gloo Mesh license.
Active healtheck
Use the ingress gateway to periodically check the health of an upstream service in your cluster.
READ MORE
Policy
Client TLS
Enable TLS origination for your ingress gateway so that you can encrypt requests before they are forwarded to HTTPS services in your cluster.
READ MORE
Policy
CSRF
Apply a CSRF filter to the gateway to help prevent cross-site request forgery attacks.
READ MORE
Policy
HTTP buffer filter
Set the maximum request body size that you want to accept for a particular workload in your cluster.
READ MORE
Policy
JWT
Control access or route traffic based on verified claims in a JSON web token (JWT).
READ MORE
Policy
WAF
Filter, monitor, and block potentially harmful HTTP traffic with a Web Application Firewall (WAF) policy.
READ MORE
Policy