Kong Gateway WAF capabilities
WAF plugins
Kong Gateway can act as a front door for your applications by enforcing authentication and authorization, applying rate limits, restricting abusive sources, and validating requests before they reach upstream services.
SQL injection protection
Detect and block SQL injection and other code injection patterns before they reach your upstream services.
Brute force protection
Protect against credential stuffing, password spraying, and brute force attacks targeting Basic Authentication endpoints.
XSS and JavaScript injection protection
Detect and block cross-site scripting (XSS) and JavaScript injection patterns in incoming requests.
Form field manipulation protection
Validate body schemas for application/json using Kong Gateway schema or JSON Schema Draft validators.
IP allow and deny lists
Control access with allow and deny lists of IPs and CIDR blocks, configurable at multiple scopes.
XML and JSON threat protection
Configure an XML or JSON threat protection policy to catch requests that exceed configured limits.
Request size limits
Block incoming requests where the body is greater than a specific size.
Response Transformer
Transform the response sent by the upstream server on the fly before returning it to the client.
Other security-related resources
- Configure dynamic authentication to LLM providers using HashiCorp vault View →
- Use AI PII Sanitizer plugin to protect sensitive data in responses View →
- Use AI PII Sanitizer to protect sensitive data in requests View →
- Store and rotate Mistral API keys as secrets in Google Cloud View →
- Store a Mistral API key as a secret in Konnect Config Store View →
- View More →