Blocking the Log4Shell Vulnerability with Gloo Mesh

Zero-trust Security Series Recently, the world of Java development and operations reeled as the Log4J zero-day vulnerability was exposed in CVE-2021-4428. Jim Barton, a Field Engineer at, showed us how to thwart this vulnerability through Gloo Edge and WAF (Web Application Firewall) rules using Gloo Edge’s embedded modsecurity rules. Jim’s blog provides a fast […]

Will McKinley | January 10, 2022
Read More

How to configure zero trust Authn/Authz with Istio

In this blog, we will configure your workloads to properly verify the requesting source by implementing zero trust Authn/Authz with Istio. While the concept of zero trust networks has been around for over a decade now, the move to cloud computing and service-oriented architectures has pushed the idea to the forefront. Security breaches involving massive […]

Will McKinley | August 16, 2021
Read More

Performance Tuning for ExtAuth using OPA

Gloo Edge Enterprise provides the ability to create authorization policies for your workloads using powerful scripting tools like Open Policy Agent (OPA) as an important piece of your Zero-Trust framework. Aligned with the external authorization (extauth) features of Gloo Edge, this gives us the ability to scale OPA execution independently of the Gloo Edge gateway. […]

Will McKinley | July 12, 2021
Read More

Custom Grafana Dashboards for Envoy Proxy Metrics

Any DevOps initiative requires providing observability and aggregated metrics for operations teams. Visualizations help you see outliers at a glance so you can find where your network, platform, or application may be experiencing unexpected issues. Here at Solo, we enable our customers to visualize performance metrics that provide insights and highlight problems as they arise […]

Will McKinley | May 19, 2021
Read More