apache/casbin-gateway
Casbin Gateway is an open-source AI and MCP security gateway and Web Application Firewall (WAF) built with Go and React. It acts as a reverse proxy that sits in front of HTTP services and LLM APIs, enforcing access control policies defined via Casbin โ the popular authorization library. The gateway supports ModSecurity and the OWASP Core Rule Set for WAF capabilities, protecting backends from common web attacks such as SQL injection, XSS, and more. OAuth integration is built in, and all configuration is done at runtime through a web UI without requiring a rebuild or restart. Deployment is flexible: Kubernetes Helm charts, Docker Compose, and manual binary installation are all supported. A Casdoor instance is required for identity and member management, and MySQL serves as the database backend. Casbin Gateway is particularly useful for teams building AI-powered services or MCP-compatible tool endpoints that need centralized authentication, rate limiting, and policy-based access control in front of their APIs. A live demo is available at https://door.caswaf.com for read-only exploration.
git clone https://github.com/apache/casbin-gateway.git
Quick Start Example
# Deploy with Docker Compose
git clone https://github.com/apache/casbin-gateway
cd casbin-gateway
# Set your Casdoor endpoint in .env
cp .env.example .env
docker compose up -d
# Gateway is now running at http://localhost:8080
# Admin UI at http://localhost:7001