Allow and denyv3.6+
This configuration sets up the AI Prompt Guard plugin to semantically filter incoming requests based on pattern matching.
In this example:
- Requests are allowed if they match common IT-related question formats like “what is”, “how do I”, or “install”.
- Requests are denied if they contain sensitive or inappropriate terms such as “hack”, “phish”, “malware”, or “cve”.
For a complete tutorial on this example, see Use AI Prompt Guard plugin to govern your LLM traffic.
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: ai-prompt-guard
config:
allow_patterns:
- "(?i).*what is .*"
- "(?i).*how do i .*"
- "(?i).*install .*"
- "(?i).*configure .*"
- "(?i).*reset .*"
- "(?i).*troubleshoot .*"
deny_patterns:
- "(?i).*bypass.*(login|password|auth).*"
- "(?i).*hack.*"
- "(?i).*phish.*"
- "(?i).*malware.*"
- "(?i).*cve.*"
- "(?i).*exploit.*"
- "(?i).*social engineering.*"
- "(?i).*pentest.*"
- "(?i).*impersonate.*"
- "(?i).*dating.*"
Copied to clipboard!
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: ai-prompt-guard
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
allow_patterns:
- '(?i).*what is .*'
- '(?i).*how do i .*'
- '(?i).*install .*'
- '(?i).*configure .*'
- '(?i).*reset .*'
- '(?i).*troubleshoot .*'
deny_patterns:
- '(?i).*bypass.*(login|password|auth).*'
- '(?i).*hack.*'
- '(?i).*phish.*'
- '(?i).*malware.*'
- '(?i).*cve.*'
- '(?i).*exploit.*'
- '(?i).*social engineering.*'
- '(?i).*pentest.*'
- '(?i).*impersonate.*'
- '(?i).*dating.*'
plugin: ai-prompt-guard
" | kubectl apply -f -
Copied to clipboard!
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Copied to clipboard!
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_prompt_guard" "my_ai_prompt_guard" {
enabled = true
config = {
allow_patterns = ["(?i).*what is .*", "(?i).*how do i .*", "(?i).*install .*", "(?i).*configure .*", "(?i).*reset .*", "(?i).*troubleshoot .*"]
deny_patterns = ["(?i).*bypass.*(login|password|auth).*", "(?i).*hack.*", "(?i).*phish.*", "(?i).*malware.*", "(?i).*cve.*", "(?i).*exploit.*", "(?i).*social engineering.*", "(?i).*pentest.*", "(?i).*impersonate.*", "(?i).*dating.*"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
Copied to clipboard!
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: ai-prompt-guard
service: serviceName|Id
config:
allow_patterns:
- "(?i).*what is .*"
- "(?i).*how do i .*"
- "(?i).*install .*"
- "(?i).*configure .*"
- "(?i).*reset .*"
- "(?i).*troubleshoot .*"
deny_patterns:
- "(?i).*bypass.*(login|password|auth).*"
- "(?i).*hack.*"
- "(?i).*phish.*"
- "(?i).*malware.*"
- "(?i).*cve.*"
- "(?i).*exploit.*"
- "(?i).*social engineering.*"
- "(?i).*pentest.*"
- "(?i).*impersonate.*"
- "(?i).*dating.*"
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-prompt-guard
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
allow_patterns:
- '(?i).*what is .*'
- '(?i).*how do i .*'
- '(?i).*install .*'
- '(?i).*configure .*'
- '(?i).*reset .*'
- '(?i).*troubleshoot .*'
deny_patterns:
- '(?i).*bypass.*(login|password|auth).*'
- '(?i).*hack.*'
- '(?i).*phish.*'
- '(?i).*malware.*'
- '(?i).*cve.*'
- '(?i).*exploit.*'
- '(?i).*social engineering.*'
- '(?i).*pentest.*'
- '(?i).*impersonate.*'
- '(?i).*dating.*'
plugin: ai-prompt-guard
" | kubectl apply -f -
Copied to clipboard!
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=ai-prompt-guard
Copied to clipboard!
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Copied to clipboard!
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_prompt_guard" "my_ai_prompt_guard" {
enabled = true
config = {
allow_patterns = ["(?i).*what is .*", "(?i).*how do i .*", "(?i).*install .*", "(?i).*configure .*", "(?i).*reset .*", "(?i).*troubleshoot .*"]
deny_patterns = ["(?i).*bypass.*(login|password|auth).*", "(?i).*hack.*", "(?i).*phish.*", "(?i).*malware.*", "(?i).*cve.*", "(?i).*exploit.*", "(?i).*social engineering.*", "(?i).*pentest.*", "(?i).*impersonate.*", "(?i).*dating.*"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
Copied to clipboard!
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: ai-prompt-guard
route: routeName|Id
config:
allow_patterns:
- "(?i).*what is .*"
- "(?i).*how do i .*"
- "(?i).*install .*"
- "(?i).*configure .*"
- "(?i).*reset .*"
- "(?i).*troubleshoot .*"
deny_patterns:
- "(?i).*bypass.*(login|password|auth).*"
- "(?i).*hack.*"
- "(?i).*phish.*"
- "(?i).*malware.*"
- "(?i).*cve.*"
- "(?i).*exploit.*"
- "(?i).*social engineering.*"
- "(?i).*pentest.*"
- "(?i).*impersonate.*"
- "(?i).*dating.*"
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-prompt-guard
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
allow_patterns:
- '(?i).*what is .*'
- '(?i).*how do i .*'
- '(?i).*install .*'
- '(?i).*configure .*'
- '(?i).*reset .*'
- '(?i).*troubleshoot .*'
deny_patterns:
- '(?i).*bypass.*(login|password|auth).*'
- '(?i).*hack.*'
- '(?i).*phish.*'
- '(?i).*malware.*'
- '(?i).*cve.*'
- '(?i).*exploit.*'
- '(?i).*social engineering.*'
- '(?i).*pentest.*'
- '(?i).*impersonate.*'
- '(?i).*dating.*'
plugin: ai-prompt-guard
" | kubectl apply -f -
Copied to clipboard!
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=ai-prompt-guard
Copied to clipboard!
kubectl annotate -n kong ingress konghq.com/plugins=ai-prompt-guard
Copied to clipboard!
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Copied to clipboard!
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_prompt_guard" "my_ai_prompt_guard" {
enabled = true
config = {
allow_patterns = ["(?i).*what is .*", "(?i).*how do i .*", "(?i).*install .*", "(?i).*configure .*", "(?i).*reset .*", "(?i).*troubleshoot .*"]
deny_patterns = ["(?i).*bypass.*(login|password|auth).*", "(?i).*hack.*", "(?i).*phish.*", "(?i).*malware.*", "(?i).*cve.*", "(?i).*exploit.*", "(?i).*social engineering.*", "(?i).*pentest.*", "(?i).*impersonate.*", "(?i).*dating.*"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
Copied to clipboard!
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: ai-prompt-guard
consumer: consumerName|Id
config:
allow_patterns:
- "(?i).*what is .*"
- "(?i).*how do i .*"
- "(?i).*install .*"
- "(?i).*configure .*"
- "(?i).*reset .*"
- "(?i).*troubleshoot .*"
deny_patterns:
- "(?i).*bypass.*(login|password|auth).*"
- "(?i).*hack.*"
- "(?i).*phish.*"
- "(?i).*malware.*"
- "(?i).*cve.*"
- "(?i).*exploit.*"
- "(?i).*social engineering.*"
- "(?i).*pentest.*"
- "(?i).*impersonate.*"
- "(?i).*dating.*"
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumers/{consumerName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumers/{consumerId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
consumerId: Theidof the consumer the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-prompt-guard
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
allow_patterns:
- '(?i).*what is .*'
- '(?i).*how do i .*'
- '(?i).*install .*'
- '(?i).*configure .*'
- '(?i).*reset .*'
- '(?i).*troubleshoot .*'
deny_patterns:
- '(?i).*bypass.*(login|password|auth).*'
- '(?i).*hack.*'
- '(?i).*phish.*'
- '(?i).*malware.*'
- '(?i).*cve.*'
- '(?i).*exploit.*'
- '(?i).*social engineering.*'
- '(?i).*pentest.*'
- '(?i).*impersonate.*'
- '(?i).*dating.*'
plugin: ai-prompt-guard
" | kubectl apply -f -
Copied to clipboard!
Next, apply the KongPlugin resource by annotating the KongConsumer resource:
kubectl annotate -n kong CONSUMER_NAME konghq.com/plugins=ai-prompt-guard
Copied to clipboard!
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Copied to clipboard!
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_prompt_guard" "my_ai_prompt_guard" {
enabled = true
config = {
allow_patterns = ["(?i).*what is .*", "(?i).*how do i .*", "(?i).*install .*", "(?i).*configure .*", "(?i).*reset .*", "(?i).*troubleshoot .*"]
deny_patterns = ["(?i).*bypass.*(login|password|auth).*", "(?i).*hack.*", "(?i).*phish.*", "(?i).*malware.*", "(?i).*cve.*", "(?i).*exploit.*", "(?i).*social engineering.*", "(?i).*pentest.*", "(?i).*impersonate.*", "(?i).*dating.*"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer = {
id = konnect_gateway_consumer.my_consumer.id
}
}
Copied to clipboard!
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: ai-prompt-guard
consumer_group: consumerGroupName|Id
config:
allow_patterns:
- "(?i).*what is .*"
- "(?i).*how do i .*"
- "(?i).*install .*"
- "(?i).*configure .*"
- "(?i).*reset .*"
- "(?i).*troubleshoot .*"
deny_patterns:
- "(?i).*bypass.*(login|password|auth).*"
- "(?i).*hack.*"
- "(?i).*phish.*"
- "(?i).*malware.*"
- "(?i).*cve.*"
- "(?i).*exploit.*"
- "(?i).*social engineering.*"
- "(?i).*pentest.*"
- "(?i).*impersonate.*"
- "(?i).*dating.*"
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
consumerGroupName|Id: Theidornameof the consumer group the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumer_groups/{consumerGroupName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
consumerGroupName|Id: Theidornameof the consumer group the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumer_groups/{consumerGroupId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-prompt-guard",
"config": {
"allow_patterns": [
"(?i).*what is .*",
"(?i).*how do i .*",
"(?i).*install .*",
"(?i).*configure .*",
"(?i).*reset .*",
"(?i).*troubleshoot .*"
],
"deny_patterns": [
"(?i).*bypass.*(login|password|auth).*",
"(?i).*hack.*",
"(?i).*phish.*",
"(?i).*malware.*",
"(?i).*cve.*",
"(?i).*exploit.*",
"(?i).*social engineering.*",
"(?i).*pentest.*",
"(?i).*impersonate.*",
"(?i).*dating.*"
]
}
}
'
Copied to clipboard!
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
consumerGroupId: Theidof the consumer group the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-prompt-guard
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
allow_patterns:
- '(?i).*what is .*'
- '(?i).*how do i .*'
- '(?i).*install .*'
- '(?i).*configure .*'
- '(?i).*reset .*'
- '(?i).*troubleshoot .*'
deny_patterns:
- '(?i).*bypass.*(login|password|auth).*'
- '(?i).*hack.*'
- '(?i).*phish.*'
- '(?i).*malware.*'
- '(?i).*cve.*'
- '(?i).*exploit.*'
- '(?i).*social engineering.*'
- '(?i).*pentest.*'
- '(?i).*impersonate.*'
- '(?i).*dating.*'
plugin: ai-prompt-guard
" | kubectl apply -f -
Copied to clipboard!
Next, apply the KongPlugin resource by annotating the KongConsumerGroup resource:
kubectl annotate -n kong CONSUMERGROUP_NAME konghq.com/plugins=ai-prompt-guard
Copied to clipboard!
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Copied to clipboard!
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_prompt_guard" "my_ai_prompt_guard" {
enabled = true
config = {
allow_patterns = ["(?i).*what is .*", "(?i).*how do i .*", "(?i).*install .*", "(?i).*configure .*", "(?i).*reset .*", "(?i).*troubleshoot .*"]
deny_patterns = ["(?i).*bypass.*(login|password|auth).*", "(?i).*hack.*", "(?i).*phish.*", "(?i).*malware.*", "(?i).*cve.*", "(?i).*exploit.*", "(?i).*social engineering.*", "(?i).*pentest.*", "(?i).*impersonate.*", "(?i).*dating.*"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer_group = {
id = konnect_gateway_consumer_group.my_consumer_group.id
}
}
Copied to clipboard!