Ceptor - Get a Free Trial

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

Ceptor Gateway is a Reverse Proxy Server meant for use in a DMZ environment in front of your applications and services.

It is fully asynchronous and supports HTTP/2, WebSockets, request throttling and has Application Firewall functionality.

It fully replaces Ceptor Dispatcher which is still supported, but now deprecated.

Functionality list

Ceptor Gateway has among other, these functionalities:

Reverse Proxy Server Functionality

  • HTTP 1.0, 1.1 and 2 support - both for client and servers
  • HTTP/HTTPS/AJP Listeners
  • SSL/TLS SNI
  • WebSocket support
  • HTTP/2 PUSH
  • HTTP/2 Upgrade and ALPN
  • Proxy Protocol support (see http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
  • RFC7239 Forwarded header support
  • Response compression
  • Location-based configuration
    • Matching based upon host, path, cookie, query, post params, request method, scheme, headers, remote IP, attributes, GeoIP, userid, usergroup, pathparam, script
    • Response Hooks
  • URL Rewriting
  • Proxy forwarding
  • Full access log functionality with configurable content
  • Destination / Target servers
    • Authentication with servers
      • Basic Auth
      • Bearer Token
      • SPNEGO/NTLM/Kerberos
      • Forward SSL Client cert
      • SAML Web SSO
      • LTPA Tokens
    • Stickiness
    • Ping servers
      • Customize request method URI
      • Configure expected response codes
      • Response body checking script
  • Request/response modification

Web Application Firewall

  • URL validation
  • Request parameter (query, path, post) validation
    • Define regex validations of input
    • Defend against SQL injection attacks
  • HTTP Header rewriting/adding/removal
  • Cookie rewriting/adding/removal
  • Session cookie SameSite support
  • Request validation against XML / JSON schemas
  • Create custom validations using scripting
  • IP Ranges, with support for IP Reputation Databases - take action on known bad IPs.

Authentication and Authorization

  • Session resolvers
  • Advanced IP Address change filtering
    • IP ranges
    • GeoIP information
    • Advanced scripting
  • Domain redirect (share session between multiple separate domains)
  • Authentication
    • SSL Client certificate
    • Basic Auth
    • Bearer Token
    • NTLM
    • SPNEGO/Kerberos
    • Forms
    • OAuth / OAuth 2.0
    • OpenID Connect
    • ADFS / Web SSO
    • LTPA Tokens
    • Advanced script-based authentication - allows you to script any form of authentication
    • Optional use of separate Login Application
  • Authorization
    • Role-Based Access Control (RBAC)
    • Attribute-Based Access Control (ABAC)
    • Authorization scripts for advanced checking

OpenID Connect Provider

  • OpenID Connect Discovery
  • JSON Web Key Set (JWKS) URI / Metadata
  • Authorize / Token endpoints
  • UserInfo endpoint
  • Token Introspection (RFC7662)
  • Token Revocation (RFC7009)

Request Throttling

  • Request Queuing / Throttling
    • Limit concurrent requests
    • Max requests per second
    • Limits can be qualified, e.g. by IP address, client ID etc.
  • Response Throttling
    • Max bytes per second

API Gateway Functionality

  • Rate limiting for API calls
    • Multiple subscription levels
    • Multiple limits, e.g. 100 per minute, max 10 per second
    • Plugins for implementing own limits and rules
  • Pipelines and Tasks
    • XML to JSON / JSON to XML conversion
    • Encoding / decoding
    • Aggregate service calls
    • Full scripting and flexibility
    • Logging / tracing
    • JSON Validation
  • Serve published APIs for multiple environments

Advanced Functionality

  • Java or JavaScript / Python / Groovy based plugins and scripts
  • CookieSnapper - hide cookies from browsers
  • Request tracing
  • "Canned" responses
  • Serve static resources
  • No labels

© Ceptor ApS. All Rights Reserved.