Ceptor Gateway is a Reverse Proxy Server meant for use in a DMZ environment in front of your applications and services.

It is fully asynchronous and supports HTTP/2, WebSockets, request throttling and has Application Firewall functionality.

It fully replaces Ceptor Dispatcher which is still supported, but now deprecated.

Functionality list

Ceptor Gateway has among other, these functionalities:

Reverse Proxy Server Functionality

HTTP 1.0, 1.1 and 2 support - both for client and servers
HTTP/HTTPS/AJP Listeners
SSL/TLS SNI
WebSocket support
HTTP/2 PUSH
HTTP/2 Upgrade and ALPN
Proxy Protocol support (see http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
OpenTelemetry support
RFC7239 Forwarded header support
Response compression
Location-based configuration
- Matching based upon host, path, cookie, query, post params, request method, scheme, headers, remote IP, attributes, GeoIP, userid, usergroup, pathparam, script
- Response Hooks
URL Rewriting
Proxy forwarding
Full access log functionality with configurable content
Destination / Target servers
- Authentication with servers
  - Basic Auth
  - Bearer Token
  - SPNEGO/NTLM/Kerberos
  - Forward SSL Client cert
  - SAML Web SSO
  - LTPA Tokens
- Stickiness
- Ping servers
  - Customize request method URI
  - Configure expected response codes
  - Response body checking script
Request/response modification

URL validation
Request parameter (query, path, post) validation
- Define regex validations of input
- Defend against SQL injection attacks
HTTP Header rewriting/adding/removal
Cookie rewriting/adding/removal
Session cookie SameSite support
Request validation against XML / JSON schemas
Create custom validations using scripting
IP Ranges, with support for IP Reputation Databases - take action on known bad IPs.

Session resolvers
Advanced IP Address change filtering
- IP ranges
- GeoIP information
- Advanced scripting
Domain redirect (share session between multiple separate domains)
Authentication
- SSL Client certificate
- Basic Auth
- Bearer Token
- NTLM
- SPNEGO/Kerberos
- Forms
- OAuth / OAuth 2.0
- OpenID Connect
- ADFS / Web SSO
- LTPA Tokens
- Advanced script-based authentication - allows you to script any form of authentication
- Optional use of separate Login Application
Authorization
- Role-Based Access Control (RBAC)
- Attribute-Based Access Control (ABAC)
- Authorization scripts for advanced checking

Request Queuing / Throttling
- Limit concurrent requests
- Max requests per second
- Limits can be qualified, e.g. by IP address, client ID etc.
Response Throttling
- Max bytes per second

Rate limiting for API calls
- Multiple subscription levels
- Multiple limits, e.g. 100 per minute, max 10 per second
- Plugins for implementing own limits and rules
Pipelines and Tasks
- XML to JSON / JSON to XML conversion
- Encoding / decoding
- Aggregate service calls
- Full scripting and flexibility
- Logging / tracing
- JSON Validation
Serve published APIs for multiple environments