Block request content in predefined categoriesv3.7+
Configure the plugin to block request content matching the Hate and Violence categories defined by Azure.
The plugin only reviews content in requests by default. To change this, adjust the guarding_mode parameter.
Prerequisites
-
You have an Azure subscription and access to Azure AI Content Safety.
-
You have enabled an AI Proxy or AI Proxy Advanced plugin.
Environment variables
-
CONTENT_SAFETY_URL: The full URL of the Azure AI Content Safety instance. -
CONTENT_SAFETY_KEY: The API key to access the Azure AI Content Safety instance.
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-azure-content-safety
config:
content_safety_url: ${{ env "DECK_CONTENT_SAFETY_URL" }}
content_safety_key: ${{ env "DECK_CONTENT_SAFETY_KEY" }}
categories:
- name: Hate
rejection_level: 2
- name: Violence
rejection_level: 2
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-azure-content-safety",
"config": {
"content_safety_url": "'$CONTENT_SAFETY_URL'",
"content_safety_key": "'$CONTENT_SAFETY_KEY'",
"categories": [
{
"name": "Hate",
"rejection_level": 2
},
{
"name": "Violence",
"rejection_level": 2
}
]
},
"tags": []
}
'
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-azure-content-safety",
"config": {
"content_safety_url": "'$CONTENT_SAFETY_URL'",
"content_safety_key": "'$CONTENT_SAFETY_KEY'",
"categories": [
{
"name": "Hate",
"rejection_level": 2
},
{
"name": "Violence",
"rejection_level": 2
}
]
},
"tags": []
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: ai-azure-content-safety
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
labels:
global: 'true'
config:
content_safety_url: '$CONTENT_SAFETY_URL'
content_safety_key: '$CONTENT_SAFETY_KEY'
categories:
- name: Hate
rejection_level: 2
- name: Violence
rejection_level: 2
plugin: ai-azure-content-safety
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_azure_content_safety" "my_ai_azure_content_safety" {
enabled = true
config = {
content_safety_url = var.content_safety_url
content_safety_key = var.content_safety_key
categories = [
{
name = "Hate"
rejection_level = 2
},
{
name = "Violence"
rejection_level = 2
} ]
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "content_safety_key" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-azure-content-safety
service: serviceName|Id
config:
content_safety_url: ${{ env "DECK_CONTENT_SAFETY_URL" }}
content_safety_key: ${{ env "DECK_CONTENT_SAFETY_KEY" }}
categories:
- name: Hate
rejection_level: 2
- name: Violence
rejection_level: 2
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-azure-content-safety",
"config": {
"content_safety_url": "'$CONTENT_SAFETY_URL'",
"content_safety_key": "'$CONTENT_SAFETY_KEY'",
"categories": [
{
"name": "Hate",
"rejection_level": 2
},
{
"name": "Violence",
"rejection_level": 2
}
]
},
"tags": []
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-azure-content-safety",
"config": {
"content_safety_url": "'$CONTENT_SAFETY_URL'",
"content_safety_key": "'$CONTENT_SAFETY_KEY'",
"categories": [
{
"name": "Hate",
"rejection_level": 2
},
{
"name": "Violence",
"rejection_level": 2
}
]
},
"tags": []
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-azure-content-safety
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
config:
content_safety_url: '$CONTENT_SAFETY_URL'
content_safety_key: '$CONTENT_SAFETY_KEY'
categories:
- name: Hate
rejection_level: 2
- name: Violence
rejection_level: 2
plugin: ai-azure-content-safety
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=ai-azure-content-safety
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_azure_content_safety" "my_ai_azure_content_safety" {
enabled = true
config = {
content_safety_url = var.content_safety_url
content_safety_key = var.content_safety_key
categories = [
{
name = "Hate"
rejection_level = 2
},
{
name = "Violence"
rejection_level = 2
} ]
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "content_safety_key" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-azure-content-safety
route: routeName|Id
config:
content_safety_url: ${{ env "DECK_CONTENT_SAFETY_URL" }}
content_safety_key: ${{ env "DECK_CONTENT_SAFETY_KEY" }}
categories:
- name: Hate
rejection_level: 2
- name: Violence
rejection_level: 2
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-azure-content-safety",
"config": {
"content_safety_url": "'$CONTENT_SAFETY_URL'",
"content_safety_key": "'$CONTENT_SAFETY_KEY'",
"categories": [
{
"name": "Hate",
"rejection_level": 2
},
{
"name": "Violence",
"rejection_level": 2
}
]
},
"tags": []
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-azure-content-safety",
"config": {
"content_safety_url": "'$CONTENT_SAFETY_URL'",
"content_safety_key": "'$CONTENT_SAFETY_KEY'",
"categories": [
{
"name": "Hate",
"rejection_level": 2
},
{
"name": "Violence",
"rejection_level": 2
}
]
},
"tags": []
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-azure-content-safety
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
config:
content_safety_url: '$CONTENT_SAFETY_URL'
content_safety_key: '$CONTENT_SAFETY_KEY'
categories:
- name: Hate
rejection_level: 2
- name: Violence
rejection_level: 2
plugin: ai-azure-content-safety
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=ai-azure-content-safety
kubectl annotate -n kong ingress konghq.com/plugins=ai-azure-content-safety
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_azure_content_safety" "my_ai_azure_content_safety" {
enabled = true
config = {
content_safety_url = var.content_safety_url
content_safety_key = var.content_safety_key
categories = [
{
name = "Hate"
rejection_level = 2
},
{
name = "Violence"
rejection_level = 2
} ]
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "content_safety_key" {
type = string
}