Airlock Header

Microgateway 4.8

Kubernetes security for the time after Ingress NGINX

The new release introduces several security-relevant enhancements: mutual TLS (mTLS) between client and Microgateway with fine-grained authorization, mTLS between Microgateway and backend, and DoS protection for the session store. Customizable error pages further improve the user experience.

Kubernetes has announced the retirement phase of the widely used Ingress NGINX controller by March 2026. With support for its successor, the Kubernetes Gateway API, and comprehensive functionality, Airlock Microgateway is already the future-proof alternative.

Kubernetes Ingress is frozen and Ingress NGINX is being phased out – Microgateway is ready

The Kubernetes SIG Network and the Security Response Committee have announced the discontinuation of the Ingress NGINX controller by March 2026 (source: Kubernetes blog).

The future is called Kubernetes Gateway API.

Airlock Microgateway has already passed the official conformance tests with version 4.4 and has significantly expanded its feature set since then. We actively contribute to the further development of the standard. Together with vendors such as Google, Microsoft, Red Hat and Isovalent, we contribute our expertise, including on the new BackendTLSPolicy feature in Gateway API 1.4.

Airlock Microgateway is currently the only Kubernetes-native WAAP solution with:

  • Gateway API support
  • native OIDC RP integration
  • strong deny rules
  • Red Hat OpenShift certification

In short: a future-proof platform for API and microservice security.

Client Certificate Authentication and Authorization (mTLS)

Access to and from Microgateway can be secured with a client certificate. This means that not only the server must authenticate itself, but also the client.

Client connections

  • Clients can now be prompted during the TLS handshake to authenticate using a certificate.
  • Access can be granted on a path-specific basis using certificate information.
  • Certificate attributes (e.g. email addresses) can be extracted and securely forwarded to backend servers.

Backend connections

  • Microgateway can authenticate itself to backends using a stored client certificate.
  • Backends can thus ensure that access occurs exclusively through Microgateway.

This secures the connection from the client to the protected service with certificates.

DoS protection for session handling

A new protection mechanism prevents a client from creating an excessive number of sessions and thereby impairing legitimate users. The protection applies in the following situations:

  • faulty clients that do not handle session cookies correctly and thereby create many sessions
  • impatient users who generate many sessions through their browser behaviour
  • DoS attacks that deliberately create too many sessions

The limit can be configured individually, and selected IP addresses can be excluded if necessary.

Custom Responses

Local reply now customizable

Microgateway processes HTTP requests for which the corresponding backend normally returns a response. Microgateway itself returns responses when:

  • requests are blocked
  • the backend is unreachable
  • the HTTP request cannot be processed due to an invalid configuration.

With version 4.8, these responses can be customized. The error page can be enriched with support information such as a phone number and email address, and the look & feel can be adapted to your own needs.

 

Protection against data leakage

Incoming HTTP requests are filtered by Microgateway and forwarded to the backend after successful inspection. To prevent backends from exposing sensitive information in error messages, defined HTTP responses can be replaced. This increases security and preserves a consistent appearance.

HTTP/3 support for frontend connections

With Airlock Microgateway 4.8, we introduce support for HTTP/3 on frontend connections. Your applications benefit from modern QUIC transport technology with lower latency, more stable connections, and an improved user experience, especially in mobile and highly dynamic networks.

HTTP/3 support is experimental in this release. This means:

  • HTTP/3 can be tested
  • adjustments in upcoming releases are possible

We look forward to your experiences and feedback.

News from the Airlock Academy – including first on-site trainings!

Over the past few months, we have worked intensively on our Airlock Academy offering. We are pleased to present two highlights that make getting started with Airlock Microgateway even easier:

New self-study labs: In 7 hands-on labs, you can explore the features of Airlock Microgateway step by step. Give it a try!

On-site training 2026: We are planning the first on-site trainings in 2026! Sign up here to stay informed.

Deprecation of the Sidecar Mode

Sidecar mode is being deprecated with version 4.8. We made this decision because we received very positive feedback from customers and partners on the Gateway API-based sidecarless mode introduced in version 4.4 and were able to improve it further in subsequent versions.

This means:

  • 4.8.0 is the last release with sidecar support
  • 4.8.0 will be supported for 9 months after release
  • we recommend switching to the Gateway API-based sidecarless variant

With this step, we reduce complexity, streamline product development and focus fully on the Kubernetes-native operating model.

This new release introduces numerous improvements for greater security, flexibility, and seamless integration. We look forward to your suggestions and feedback as we continue to improve Microgateway!

Airlock Microgateway 4.8 release video

Watch our release video to find out about all the new features of Airlock Microgateway 4.8.

This website uses cookies
This website uses tracking and targeting technologies (e.g. cookies). Cookies necessary for the operation of the site are set. In addition, we use technologies to analyze access to our website and to personalize content and advertisements. By clicking "Accept all", you agree to the use of the above technologies and cookies (revocable at any time). Under "Settings" you can change your preferences and refuse data processing.
Necessary cookies enable you to navigate our website and provide its basic functionality. Without these cookies, essential functions cannot be provided.Statistics Cookies are used to record the use of our website statistically and to evaluate it for the purpose of optimizing our offer for you.Marketing cookies may be placed on our website by us or our advertising partners to build a profile of your interests and show you relevant content on our and third-party websites. To show you relevant content on third-party websites, we share this information with third parties, such as advertising platforms and social networks.
←  Back
ImprintPrivacy Policy

Information for you

-Our whitepapers-

White paper: The puzzle pieces of modern authentication

Identity management is like a puzzle: you have to understand the big picture, identify the relevant pieces and put them together in the right order. This white paper shows how to do that.

 

Request white paper

Whitepaper: How to make cIAM a success

Increasing requirements for security and user-friendliness make Customer Identity and Access Management an essential. Read our whitepaper to find out how you can secure your competitive advantage with the right CIAM strategy.

 

Request whitepaper

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge