Filter order of policies #336
Description
4 phases
- Frontend policies
- PreRouting traffic
- PostRouting traffic
- Backend policies
On each phase, all policies applicable will merge at a shallow top-level field setting. So if i have 2 transformation policies, only 1 will win, but if i have transformation + extauthz across 2 policies both will apply (this will customize in the future
Order of traffic policies
cors
jwt
basic auth
api key
ext authz
authz
local rl
remote rl
ext proc
transform
csrf
header modifier
url rewrite
redirect
direct response
Order workaround
If the order isn't to your liking the hacky workaround that can work is to abuse PreRouting to make something run earlier. Example: so PreRouting ext proc and then a PostRouting for RL
More resources
- Gloo Edge filter flow doc and diagram: https://docs.solo.io/gloo-edge/latest/introduction/traffic_filter/#filter-flow