Enforce the Ingress Policy

Policies are automatically installed when you add the Kong Enterprise Gateway System.

• Application policy type is in policy > App.
• Ingress policy type is in policy > Ingress.

The client-load deployment repeatedly executes the following HTTP calls in an interval of 30 seconds, pretending to be different users to help generate sample data for visualization.

The shell script in the client-load app is triggered in the Decision Auditing from the Quick Start. It repeatedly executes the following HTTP calls in an interval of 15 seconds, pretending to be different users to help generate sample data for visualization.

curl -is --user alice:password ingress-kong/finance/salary/alice
curl -is --user bob:password ingress-kong/finance/salary/alice
curl -is --user bob:password ingress-kong/finance/salary/charlie
curl -is --user david:password ingress-kong/finance/salary/bob
curl -is --user david:password ingress-kong/hr/dashboard
curl -is --user eve:password ingress-kong/admin

By default, the ingress policy allows all traffic to the sample application service. Click the Decisions tab to verify all the Allowed decisions from the newly created Kong Enterprise Gateway System.

Policy Authoring in the Quick Start provides a link to replace the existing ingress policy with a sample ingress policy. When the ingress policy published, traffic is allowed only on the /finance/salary endpoint of sample-app. Switch to the Decisions tab and verify traffic to the /hr/dashboard and /admin paths is Denied.