Envoy Gateway - Security

1. Threat Model

• OIDC/ExtAuth: Envoy natively defers to ext_authz filters to intercept and validate JWT schemas before hitting internal routing logic.
• RateLimiting Validation: Defense-in-depth routing rules applied at L4/L7 to prevent application-layer DDoS logic.