Included Policies Directory

Policies Included in Mule Gateway

Policy	Summary
Basic Authentication: LDAP	Allows access based on the basic authorization mechanism, with user-password defined on LDAP
Basic Authentication: Simple	Allows access based on the basic authorization mechanism, with a single user-password
Client ID Enforcement	Allows access only to authorized client applications
Cross-Origin Resource Sharing (CORS)	Enables access to resources residing in external domains
Detokenization	Returns a tokenized value to its original value
Header Injection	Adds headers to a request or a response
Header Removal	Removes headers from a request or a response
HTTP Caching	Caches HTTP responses from an API implementation
IP Allowlist	Allows a list or range of specified IP addresses to request access
IP Blocklist	Blocks a single IP address or a range of IP addresses from accessing an API endpoint
JSON Threat Protection	Protects against malicious JSON in API requests
JWT Validation	Validates a JWT
Message Logging	Logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint
OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider	Allows access only to authorized client applications
OpenAM OAuth 2.0 Token Enforcement	Allows access only to authorized client applications
OpenID Connect OAuth 2.0 Access Token Enforcement	Allows access only to authorized client applications
PingFederate OAuth 2.0 Token Enforcement	Allows access only to authorized client applications
Rate Limiting	Monitors access to an API by defining the maximum number of requests processed within a period of time
Rate Limiting: SLA-based	Monitors access to an API by defining the maximum number of requests processed within a timespan, based on SLAs
Spike Control	Regulates API traffic
Tokenization	Transforms sensitive data into a nonsensitive equivalent, named token
XML Threat Protection	Protects against malicious XML in API requests

Policy

Summary

Basic Authentication: LDAP

Allows access based on the basic authorization mechanism, with user-password defined on LDAP

Basic Authentication: Simple

Allows access based on the basic authorization mechanism, with a single user-password

Client ID Enforcement

Allows access only to authorized client applications

Cross-Origin Resource Sharing (CORS)

Enables access to resources residing in external domains

Detokenization

Returns a tokenized value to its original value

Header Injection

Adds headers to a request or a response

Header Removal

Removes headers from a request or a response

HTTP Caching

Caches HTTP responses from an API implementation

IP Allowlist

Allows a list or range of specified IP addresses to request access

IP Blocklist

Blocks a single IP address or a range of IP addresses from accessing an API endpoint

JSON Threat Protection

Protects against malicious JSON in API requests

JWT Validation

Validates a JWT

Message Logging

Logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint

OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider

Allows access only to authorized client applications

OpenAM OAuth 2.0 Token Enforcement

Allows access only to authorized client applications

OpenID Connect OAuth 2.0 Access Token Enforcement

Allows access only to authorized client applications

PingFederate OAuth 2.0 Token Enforcement

Allows access only to authorized client applications

Rate Limiting

Monitors access to an API by defining the maximum number of requests processed within a period of time

Rate Limiting: SLA-based

Monitors access to an API by defining the maximum number of requests processed within a timespan, based on SLAs