Configure processors¶

Processors are components that AI Gateway interacts with in order to change the flow of data between an inbound request and an outbound response. Processors are steps in a chain, they evaluate requests and responses and perform three potential actions:

reject: Return a status to AI Gateway core indicating that the request or response should be dropped and show an error.
modify: Alter the incoming request or response in different ways and return the modified version to the core.
annotate: Apply one or more tags to the incoming request or response, that are used when selecting further processing steps or the AI model.

A processor may not reject and modify at the same time.

This document describes the configuration options for processors in the main configuration file. To learn more about processors as a concept and each individual processor, see Processors overview.

Each processor includes the following settings:

Setting	Description	Required	Examples
`name`	The name of the processor. Must match the name provided by the processor server.	Yes	`name: language-id`
`type`	The name of a built-in processor or `external` for services running on processor servers.	Yes	`type: external`
`config`	The configuration section for the processor.	No	`config: { "key": "value" }`
`params`	Parameter specific to the processor’s operation. The key pairs depend on the processor.	No	`params:`\n `min_repeats: 3`

`config` section¶

This section is required for external processors and includes the following keys:

Config key	Description	Required	Examples
`endpoint`	The endpoint URL of the processor.	Yes	`endpoint: "http://aigw-processors-f5.ai-gateway.svc.cluster.local"`
`namespace`	The namespace of the processor. Must match the version provided by the processor server.	Yes	`namespace: "f5"`
`version`	The version of the processor. Must match the version provided by the processor server.	Yes	`version: 1`

Securing connections between the core and processor¶

The following keys are also placed in the config section. They allow the specification of paths to TLS certificates and keys used to enable TLS or mTLS secured connections between AI Gateway core and the external processor.

Config key	Description	Required	Examples
`caPath`	The path to a CA certificate for the processor.	No	`caPath: /etc/ssl/certs/private.pem`
`tlsMinVersion`	The minimal acceptable TLS version. Defaults to v1.3	No	`tlsMinVersion: v1.3`
`clientCertPath`	The path to the processor client’s certificate	No	`clientCertPath: /etc/ssl/certs/client.crt`
`clientKeyPath`	The path to the processor client’s private key	No	`clientKeyPath:/etc/ssl/certs/client.pem`

`params` section¶

The params accepted by a specific processor are described in the documentation for that processor.

Common parameters¶

Every processor accepts a set of common parameters that control what the processor is allowed to do with the incoming request or response.

See Commmon parameters in the processor documentation for a detailed description of these parameters.

Overriding parameters¶

The params key specifies the default parameters used when running the processor. It is possible to override the defaults set in the processor definition by setting the params key when a processor is referenced in a step in the profiles section.

See Overriding processor parameters in a step for a detailed explanation.

Processor configuration example¶

processors:
  - name: system-prompt
    type: external
    config:
      endpoint: http://aigw-processors-f5.ai-gateway.svc.cluster.local
      namespace: f5
      version: 1
    params:
      rules: []

Internal processors¶

F5 AI Gateway includes a set of internal processors that can be used to preprocess and postprocess the data before and after it is sent to the service. They have two key pairs: name, which must be unique, and type, which is the name of the internal processor.

The following example shows how to configure the reject processor in the configuration file:

processors:
   - name: reject
     type: reject

The following table lists the internal processors:

Name	Description
`reject`	Always fails the request.

External processors¶

External processors are custom modules running outside the AI Gateway. Their configuration starts with two key pairs: name, which must be unique, and type, which is always set to external.

Additionally, external processors can have a config and a params section. The config section is used to define the configuration of the external processor, including the endpoint where the processor is available and the version of the API. The params section is used to pass the parameters to the external processor. For example allow_rewrite, reject, max_ratio, and maximum_risk_score. The params section contents are specific to each external processor.

The following example shows how to configure the prompt-injection external processor in the configuration file:

processors:
  - name: prompt-injection
    type: external
    config:
      endpoint: http://aigw-processors-f5.ai-gateway.svc.cluster.local
      namespace: f5
      version: 1
    params:
      reject: true
      threshold: 0.95

Previous Next