Migrate from Modules to Traffic Policy Actions
✨ Modules to Traffic Policy Actions Ref
| Endpoint Module | Traffic Policy Action | Phase | Notes |
|---|---|---|---|
oauth | set-vars, oauth, custom-response | on_http_request | Maps OAuth provider and settings. |
oidc | oidc | on_http_request | Maps OpenID Connect settings. |
ip_policy | restrict-ips | on_tcp_connect | Maps allowed IPs or policies. |
mutual_tls and tls_termination | terminate-tls | on_tcp_connect | Maps mTLS and TLS termination settings. |
request_headers | add-headers, remove-headers | on_http_request | Modify request headers. |
response_headers | add-headers, remove-headers | on_http_response | Modify response headers. |
compression | compress-response | on_http_response | Enable response compression. |
webhook_validation | webhook-verification | on_http_request | Validate webhook secrets. |
circuit_breaker | circuit-breaker | on_http_request | Define circuit breaking thresholds. |
saml | (⚠️ Not supported) | N/A | Try OIDC or contact support for help. |
🛠️ Migration Instructions Per Module
OAuth Authentication (oauth)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
OpenID Connect Authentication (oidc)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
IP Policy (ip_policy)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
Mutual TLS and TLS Termination (mutual_tls, tls_termination)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
Request Headers (request_headers)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
Response Headers (response_headers)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
Compression (compression)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
Webhook Validation (webhook_validation)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
Circuit Breaker (circuit_breaker)
Old config example:
Loading…
New Traffic Policy YAML:
Leverages the following actions:
Loading…
SAML Authentication (saml)
- Traffic Policy does not currently natively support SAML.
- You may want to try out the OIDC action or reach out to ngrok support.
✅ Quick Checklist
| Module | Traffic Policy Action |
|---|---|
| OAuth | set-vars, oauth, custom-response |
| OIDC | oidc |
| IP Policy | ip-restriction |
| Mutual TLS / TLS Term | terminate-tls |
| Request Headers | add-headers, remove-headers |
| Response Headers | add-headers, remove-headers |
| Compression | compress-response |
| Webhook Verification | webhook-verification |
| Circuit Breaker | circuit-breaker |
| SAML | ⚠️ (Not yet supported) |
🛡️ Final Tips
- Always test your traffic policy in staging before production.
- Validate YAML syntax carefully — indentation matters.
- If you have complex
expressions, validate them in small steps. - If unsure, rebuild small features first, then layer on more complex features.
- Backup your endpoint configuration before deletion.