Home / Kong Plugin Hub
Edit
Report

ACL

Overview Get started Configuration reference Changelog API reference
Related Documentation
All Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https
Tags
#traffic-control
Related Resources
Use the ACL plugin with Consumer Groups
Kong Gateway traffic control and routing

The ACL (access control list) plugin allows you to restrict Consumer access to a Gateway Service or Route. You do this by configuring either an allow list or a deny list with certain Consumers or Consumer Groups.

This plugin uses authenticated Consumers to identify who can and can’t access the Service or Route. Because of this, you must also configure an authentication plugin (such as Basic Authentication, Key Authentication, OAuth 2.0 or OpenID Connect) on the Service or Route before configuring the ACL plugin.

Upstream Consumer Groups header

If hide_groups_header is set to false and a Consumer is validated, the plugin appends a X-Consumer-Groups header to the request before proxying it to the upstream service. The header contains a comma separated list of groups that belong to the Consumer, for example admin, pro_user. This allows you to identify the groups associated with the Consumer.

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support