Skip to main content

Choosing a Guardrail Provider

AISIX enforces content policy through guardrails: checks that run on the request before it reaches the upstream model, on the response before it reaches the caller, or both. Each guardrail is one kind with its own provider, capabilities, and configuration. This page compares the supported kinds so you can choose the right one before reading its dedicated guide.

Provider Comparison

KindProviderDeploymentDetectsActionsHooks
keywordBuilt-inIn-processLiteral / regex patternsblockinput, output
piiBuilt-inIn-processRule-based PII (email, phone, ID, card, keys, …) + custom regexmask, blockinput, output
presidioMicrosoft PresidioSelf-hosted containersRule and NER/ML PII entities (PERSON, LOCATION, …)mask (replace / mask / hash / redact operators), blockinput, output
lakeraLakera GuardManaged cloud APIPrompt injection, jailbreak, content, PIIblock; PII-only detections maskinput, output
azure_content_safetyAzure AI Content SafetyManaged cloud APIPrompt injection / jailbreak (Prompt Shield)blockinput, output
azure_content_safety_text_moderationAzure AI Content SafetyManaged cloud APICategory severity (hate, sexual, self-harm, violence) + blocklistsblockinput, output
openai_moderationOpenAI ModerationManaged cloud API (free)Content categories (harassment, hate, violence, sexual, self-harm, …)blockinput, output
bedrockAWS Bedrock GuardrailsManaged cloud serviceContent filters, denied topics, sensitive information, word filtersblock; PII ANONYMIZE masksinput, output
aliyun_text_moderationAlibaba Cloud AI GuardrailsManaged cloud APIRisk-level content moderationblockinput, output

All kinds share the same platform controls — hook points, enforcement modes, mandatory fail-closed policy, and streaming hold-back — described in Guardrail Behavior.

Picking by Goal

Detect or redact PII. Start with the built-in pii kind: it runs in-process with no external calls and covers rule-based detectors plus custom regex. Move to presidio when you need entities a regex cannot express (person names, locations, nationalities), a self-hosted compliance posture, or hash/placeholder replacement instead of a fixed redaction token. AWS Bedrock sensitive-information filters and Lakera PII detection are alternatives when you already use those providers.

Detect prompt injection and jailbreaks. Lakera Guard and Azure Prompt Shield both screen adversarial input, including indirect injection carried in retrieved documents or tool results that appear in the conversation. They are independent providers — pick the one your security review names, or attach both.

Moderate content categories. OpenAI Moderation is free and covers the standard category set. Azure Text Moderation adds per-category severity thresholds and server-side blocklists; Alibaba Cloud is the natural choice inside that ecosystem.

Enforce organization-specific rules. The built-in keyword kind blocks literal or regex patterns with no external dependency.

Detection Is Probabilistic

Every detection-based guardrail — PII recognizers, injection classifiers, category moderation — carries false-positive and false-negative risk. Before enforcing a new guardrail on production traffic:

  1. Create it with enforcement_mode: monitor. The guardrail evaluates every request and records what it would have blocked or masked, without affecting traffic.
  2. Review the observations and tune the configuration — detector selection, thresholds, entities.
  3. Switch the guardrail to enforcement_mode: block once the hit rate looks right.

See Guardrail Behavior for the mechanics.

What the Gateway Records

Every request records which guardrails governed it, whether one blocked it, and (for fail-open bypasses) why a guardrail was skipped. Matched content never appears in gateway logs, usage records, or error responses — only detector, entity, or category names. See the per-kind guides for the exact redaction-token and block-envelope shapes.

Next Steps

Read Guardrail Behavior for the platform controls shared by every kind, then follow the dedicated guide for the provider you picked.

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation