Nav

Gatekeeper Enhanced Security Reference

As a security improvement in Mule Runtime 3.8.0 and later, API Manager uses Gatekeeper to disable a managed API until the following conditions are met:

  • Connection is made to API Manager

  • Policies are downloaded

  • Policies are applied

During the disabled period, an API returns a 503 (Service Unavailable) status code until the runtime can communicate, retrieve, and apply the list of policies.

The released version of Gatekeeper is enabled by default in the standalone version of Mule. The development version of Gatekeeper in Studio 6.0.1 is disabled by default. Enable and configure the gatekeeper property to enhance security. Add and set the anypoint.platform.gatekeeper property to true in the Mule wrapper.conf file. For example:

 #On-Prem Configuration:
 ...
 wrapper.java.additional.<n>=-Danypoint.platform.gatekeeper=true
 ...

Gatekeeper is available in Studio and standalone instances of Mule Runtime. In Mule Runtime 3.8.3 and later, the Gatekeeper is available on clusters. APIs on a cluster are blocked and return a 503 status code until a complete reconciliation cycle with API Manager occurs. All policies declared as applied on the UI are applied and policies unapplied on the UI since the last restart are removed.