Airlock Microgateway

Modern application security lives inside your development workflow and runs natively in your Kubernetes clusters. Airlock Microgateway delivers exactly that: a powerful Web Application and API Protection that filters malicious requests, enforces authentication, and protects web applications and APIs without friction in your development lifecycle.

What is Airlock Microgateway?

Airlock Microgateway is a modern Web Application and API Protection (WAAP) solution - formerly known as Web Application Firewall (WAF) - and an identity-aware proxy. Out of the box, it provides:

  • Secure single sign-on (SSO) experience for users, based on open standards.
  • Filtering incoming requests to protect against OWASP Top 10 attacks.
  • Ingress in Kubernetes with Kubernetes Gateway API support - the successor of the frozen Kubernetes Ingress project.
  • Frictionless integration into enterprise environments and Dev(Sec)Ops processes, with native support for GitOps tools and standard deployment workflows.

It’s enterprise-grade, secure by default, developer-friendly, flexible, and highly extensible. Rely on proven security and focus on your core business.

Who is Airlock Microgateway for?

Airlock Microgateway is used by teams and organizations that need strong security for their web applications and APIs, including:

  • Enterprises securing public-facing or internal applications in Kubernetes, virtual machine (VM), or bare-metal environments
  • SaaS platforms that need a fine-grained and secure upfront authentication with the capability to translate external to internal identities
  • Finance and healthcare companies relying on a secure solution to protect their assets
  • DevOps and platform teams looking for a frictionless WAAP solution Software vendors and manufacturers embedding security directly into their products

If your web application or APIs need to filter malicious requests or enforce strong authentication - Airlock Microgateway has you covered.

Why choose Airlock Microgateway?

Airlock Microgateway stands out for its combination of security, flexibility, and support of standards:

  • Identity-aware proxy: reduces complexity and increases security in web applications and APIs using standards like OpenID Connect, JWT, OAuth 2.0 Token Exchange, or client certificate
  • Comprehensive WAAP: deny rules for OWASP Top 10 attacks, OpenAPI specification enforcement, GraphQL schema validation, and more
  • Kubernetes-native: with Kubernetes Gateway API support, and its own Operator and Custom Resource Definitions for frictionless DevOps processes
  • Observability out of the box: with ECS (Elastic Common Schema) formatted logs, Prometheus metrics, and ready-to-use Grafana dashboards to make operations straightforward
  • OpenShift certified: officially certified for Red Hat OpenShift to simplify installation and get full Red Hat support (see Red Hat Ecosystem Catalog)
  • Continuously hardened: improved effectiveness through the private Bug Bounty Switzerland program

Found errors?

Please report errors in this documentation (release date: 2025/12/15) by mail to documentation-feedback@airlock.com.

When reporting errors, please let us know:

  • The full title of the referred document.
  • What kind of problem or error you found.

If ever possible, send us a copy or a screenshot of the affected document page.

Thank you very much for your feedback! Your support is highly appreciated.