The Policies module defines what AI Gateway does with each request that reaches a route before forwarding it to the LLM Provider, and what it does with the returned response. Each policy is linked to a single route and combines three optional blocks: Prompt Guard (filtering by moderation or regex), Prompt Enrichment (messages injected before the prompt), and Rate Limit (quotas by requests or tokens).
IMPORTANTYou must configure at least one section to save the policy. The form lets you combine Prompt Guard (Request), Prompt Guard (Response), Prompt Enrichment, and Rate Limit in any arrangement, but at least one must be filled in.
Learn how to:
The Policies page lists registered policies with pagination. You can filter by:
Use Search to apply the filter and Clear to reset it.
Columns shown in the table:
Select the target Route. This field is a searchable select. Type part of the endpoint to filter.
In the Actions column of the row you want, click the Edit icon. The Update Policy form opens with the current data. Change the required fields and click Save.
In the Actions column of the row you want, click the Delete icon. Confirm the operation in the "Do you want to delete policy [policyId]?" dialog.
IMPORTANTDeletion is permanent and cannot be undone. Deleting a policy makes the associated route accept requests without guardrails, prompt enrichment, or rate limiting.
Field | Type | Required | Rules |
|---|---|---|---|
| Route | Searchable select | Yes | Lists registered routes. |
This optional block validates the request before it reaches the LLM provider. It combines three subfeatures: moderation, regex, and custom response.
MUTUAL EXCLUSIONModeration and regex cannot coexist in the same Prompt Guard Request. Choose one path. When you fill in any moderation field, the regex fields become disabled, and vice versa.
Field | Type | Required | Rules |
|---|---|---|---|
| Moderation model | Select | Conditional: required when Moderation API Key is provided | Only value currently available: omni-moderation-latest (OpenAI moderation model). |
| Moderation API Key | Select | Conditional: required when Moderation model is provided | Lists registered API Keys, displayed as <apiKeyId> (<provider>). |
Field | Type | Required | Rules |
|---|---|---|---|
| Regex action | Select | Conditional: required when Regex patterns have at least one pattern | Values: Reject, Mask. |
| Regex patterns | List of tags | Conditional: required when Regex action is provided | List of regular expressions. |
Custom response returned when the request is rejected by moderation or regex.
Field | Type | Required | Rules |
|---|---|---|---|
| Custom response message | Text | Conditional: required when Custom response status code is provided | Minimum 1 character. |
| Custom response status code | Integer | Conditional: required when Custom response message is provided | Between 200 and 599. |
This optional block validates the response returned by the provider before returning it to the requester. There is no moderation here, only regex and custom response, with the same pairing logic as the request.
STREAMING RESPONSESFor now, only responses returned without streaming are masked by the expressions configured in this section.
Field | Type | Required | Rules |
|---|---|---|---|
| Response regex action | Select | Conditional: required when Response regex patterns has at least one pattern | Values: Reject, Mask. |
| Response regex patterns | List of tags | Conditional: required when Response regex action is provided | List of regular expressions applied to the returned content. |
Field | Type | Required | Rules |
|---|---|---|---|
| Response custom message | Text | Conditional: required when Response custom status code is provided | Minimum 1 character. |
| Response custom status code | Integer | Conditional: required when Response custom message is provided | Between 200 and 599. |
This block is optional as a section, but has required internal rules when enabled. When you add at least one message, you must provide at least one complete entry (role + content). Messages are prepended to the original prompt in the order they appear in the list.
Use Add message to add a new Message entry and the delete icon to remove entries.
Field | Type | Required | Rules |
|---|---|---|---|
| Role | Select | Yes (per message) | Values: system, assistant, user, function, tool, developer. |
| Content | Long text (textarea) | Yes (per message) | Minimum 1 character. |
This optional block limits consumption by time window. When enabled, it requires you to choose exactly one limit type: requests or tokens.
MUTUAL EXCLUSIONThe policy cannot include requestCount and tokenCount at the same time. Choose one of them.
The screen shows a Count by selector with Token and Request buttons that determine which format is used.
Field | Type | Required | Rules |
|---|---|---|---|
| Rate limit type (Count by) | Toggle (Token / Request buttons) | Conditional: required when Rate Limit is enabled | Choose Token or Request. Mutually exclusive. |
| Rate limit value | Integer | Conditional: required when a Rate limit type is selected | Positive integer. |
| Time unit | Select | Conditional: required when Rate Limit is enabled | Values: Seconds, Minutes, Hours. |
We use cookies to enhance your experience on our site. By continuing to browse, you agree to our use of cookies.Learn more