Skip to content
CTRL K
    Docs Standalone Kubernetes Tutorials Standalone Kubernetes Models Blog Enterprise Community Get Started GitHub

    For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.

    Page as Markdown
    MCP target policies
    Apply policies to individual MCP backend targets
    Apply policies at the MCP target level to control behavior for individual MCP servers within a multiplexed backend.
    Overview

    MCP target policies allow you to configure policies for specific MCP backend targets, rather than applying them globally to all targets in a backend. This is useful when you have multiple MCP servers with different security, authorization, or routing requirements.
    Policies are merged from the backend group level down to the target level, with more specific policies taking precedence.
    Best practices

    • Use backend-level policies for common settings: Apply shared policies at the backend level to reduce duplication.
    • Use target-level policies for exceptions: Override specific targets that need different behavior.
    • Be explicit about authorization: Always configure authorization policies, even if permissive.
    • Test policy inheritance: Verify that policies merge correctly by checking logs and testing access.
    Supported policy types

    The following policies can be configured at the MCP target level.
    PolicyDescription
    mcpAuthorizationFine-grained authorization rules for tools, prompts, and resources
    backendAuthBackend authentication (API key, passthrough, AWS, GCP, Azure)
    backendTLSTLS configuration for backend connections
    requestHeaderModifierModify request headers
    responseHeaderModifierModify response headers
    aiLLM processing policies (prompt guards, overrides, defaults, model aliases)
    a2aMark traffic as agent-to-agent
    Policy inheritance

    Policies are merged hierarchically:
    1. Backend group level: Policies defined at backends[].policies
    2. Target level: Policies defined at backends[].mcp.targets[].policies
    Target-level policies override backend-level policies for the same policy type.
    Before you begin

    Set up MCP multiplexed backends.
    Configuration examples

    Target-level policies are configured under mcp.targets[].policies.
    Authorization per target

    Apply different authorization rules to different MCP servers.
    # yaml-language-server: $schema=https://agentgateway.dev/schema/config
mcp:
  port: 3000
  targets:
  - name: public-tools
    stdio:
      cmd: npx
      args: ["@modelcontextprotocol/server-everything"]
    policies:
      mcpAuthorization:
        rules:
        # Allow anyone to access tools from this server
        - 'true'
  
  - name: admin-tools
    stdio:
      cmd: npx
      args: ["@mycompany/admin-server"]
    policies:
      mcpAuthorization:
        rules:
        # Only authenticated admins can access these tools
        - 'has(jwt.sub) && "admin" in jwt.roles'
    Authentication per target

    Use different authentication methods for different targets.
    # yaml-language-server: $schema=https://agentgateway.dev/schema/config
mcp:
  port: 3000
  targets:
  - name: service-a
    mcp:
      host: https://service-a.example.com/mcp
    policies:
      backendAuth:
        key: "$SERVICE_A_API_KEY"
      backendTLS:
        sni: service-a.example.com
  
  - name: service-b
    mcp:
      host: https://service-b.example.com/mcp
    policies:
      backendAuth:
        key: "$SERVICE_B_API_KEY"
      backendTLS:
        sni: service-b.example.com
    LLM policies per target

    Apply different prompt guards to different MCP servers.
    # yaml-language-server: $schema=https://agentgateway.dev/schema/config
mcp:
  port: 3000
  targets:
  - name: production-llm
    mcp:
      host: https://prod-llm.example.com
    policies:
      ai:
        promptGuard:
          - regex:
              deny:
                - pattern: ".*password.*"
                - pattern: ".*secret.*"
  
  - name: sandbox-llm
    mcp:
      host: https://sandbox-llm.example.com
    # No prompt guard for sandbox environment
    Inheritance

    In this example:
    • public-server allows anonymous access (target policy overrides backend policy).
    • restricted-server requires authentication (uses backend policy).
    # yaml-language-server: $schema=https://agentgateway.dev/schema/config
mcp:
  port: 3000
  policies:
    # Top-level policy applies to all targets
    mcpAuthorization:
      rules:
        # Default: require authentication
        - 'has(jwt.sub)'
  
  targets:
  - name: public-server
    stdio:
      cmd: npx
      args: ["@modelcontextprotocol/server-everything"]
    # Target-level policy overrides top-level
    policies:
      mcpAuthorization:
        rules:
          # Override: allow anonymous access for this target
          - 'true'
  
  - name: restricted-server
    stdio:
      cmd: npx
      args: ["@mycompany/restricted-server"]
    # This target uses the top-level policy (requires auth)
    Learn more

    
MCP authorization
MCP observability

    Was this page helpful?
    

    
Agentgateway assistant
    


    Ask me anything about agentgateway configuration, features, or usage.
    Note: AI-generated content might contain errors; please verify and test all returned information.
    Tip: one topic per conversation gives the best results. Use the + button in the chat header to start a new conversation.
    Switching topics? Starting a new conversation improves accuracy.

    ↑↓ navigate
 select
esc dismiss
    

    

    What could be improved?
    Your feedback helps us improve assistant answers and identify docs gaps we should fix.
    Need more help? Join us on Discord:
https://discord.gg/y9efgEmppm
    Want to use your own agent? Add the Solo MCP server to query our docs directly. Get started here:
https://search.solo.io/.