Skip to main content

Security and Network Configuration

Use these sections to constrain callers on supported public proxy handlers, control browser origins, apply payload limits on the currently supported LLM proxy paths, and identify repeated bot-like traffic. They do not replace a network perimeter around the listener or its management endpoints.

IP allowlist

ip_allowlist:
cidrs:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.1.0/24
- 203.0.113.42/32
trust_proxy_depth: 1
FieldTypeNotes
cidrsstring[]IPv4 or IPv6 CIDR ranges to allow.
trust_proxy_depthintegerNumber of trusted proxy hops to skip in X-Forwarded-For.

Use trust_proxy_depth carefully. Setting it too high lets untrusted callers spoof client IPs.

ip_allowlist runs on public proxy handlers that invoke the shared request-state checks. Health, configuration, and administrative endpoints do not pass through this allowlist; protect the whole listener with deployment network controls when those surfaces must be restricted.

CORS

cors:
enabled: true
allow_origins:
- https://app.example.com
- https://staging.example.com
allow_methods:
- GET
- POST
- OPTIONS
allow_headers:
- Content-Type
- Authorization
- X-Custom-Header
expose_headers:
- X-Request-Id
- X-RateLimit-Remaining
allow_credentials: true
max_age_seconds: 3600
FieldTypeNotes
enabledbooleanTurn CORS headers on or off.
allow_originsstring[]Explicit origin allow-list.
allow_methodsstring[]HTTP methods to allow.
allow_headersstring[]Allowed request headers.
expose_headersstring[]Response headers exposed to browser JavaScript.
allow_credentialsbooleanAllow credentialed requests.
max_age_secondsintegerPreflight cache duration.

When allow_credentials: true, do not use * in allow_origins.

Size limits

size_limits:
max_body_bytes: 1048576
max_header_bytes: 8192
max_url_bytes: 4096
max_response_bytes: 10485760
FieldTypeNotes
max_body_bytesintegerMaximum raw request body size.
max_header_bytesintegerMaximum header block size.
max_url_bytesintegerMaximum request URL length.
max_response_bytesintegerMaximum upstream response body size.

Request body, header, and URL limits currently run only on Chat Completions and return HTTP 413 when exceeded. The response limit runs on buffered Chat Completions and Responses requests; an oversized buffered response returns HTTP 502 with response_size_exceeded, while a streaming response receives a terminal SSE error before the stream is aborted. These fields do not provide a gateway-wide payload limit for other request families. See Rate Limits Configuration for the full runtime boundary.

Bot detector

bot-detector fingerprints requests using selected headers, compares similar requests inside a rolling window, and either warns or blocks when the traffic looks automated.

pack:
name: config-security-network-example-8
version: 1.0.0
enabled: true
policies:
chain:
- bot-detector
policy:
bot-detector:
fingerprint_fields:
- user-agent
- x-forwarded-for
- authorization
profile_window_seconds: 60
similarity_threshold: 0.9
max_requests_per_window: 25
action: block
FieldTypeNotes
fingerprint_fieldsstring[]Headers used to build the request fingerprint.
profile_window_secondsintegerRolling window for comparison and counting.
similarity_thresholdnumberHow similar requests must be to count as the same bot-like source.
max_requests_per_windowintegerMaximum similar requests allowed in one window.
actionstringwarn or block.

Complete security configuration example

pack:
name: secured-gateway
version: 1.0.0
enabled: true
providers:
targets:
- id: openai-prod
provider: openai
model: gpt-5.4-mini
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
ip_allowlist:
cidrs:
- 10.0.0.0/8
- 172.16.0.0/12
trust_proxy_depth: 1
cors:
enabled: true
allow_origins:
- https://app.example.com
allow_methods:
- POST
- OPTIONS
allow_headers:
- Content-Type
- Authorization
allow_credentials: true
max_age_seconds: 7200
size_limits:
max_body_bytes: 2097152
max_header_bytes: 16384
max_url_bytes: 8192
max_response_bytes: 20971520
policies:
chain:
- bot-detector
- prompt-injection
- pii-detector
policy:
bot-detector:
fingerprint_fields:
- user-agent
- x-forwarded-for
- authorization
profile_window_seconds: 60
similarity_threshold: 0.9
max_requests_per_window: 25
action: warn
prompt-injection:
response:
action: block
pii-detector:
action: redact

Next steps