Current behaviour

If a policy is not executed/loaded due to incorrect configuration, non-compliant code (applicable only to custom policies) or any other factors that could cause this behaviour, the policy chain is still executed and APIcast will not fail and continues to process requests based on cached policy chain.

Expected behaviour

If a policy is not executed/loaded due to incorrect configuration, non-compliant code (applicable only to custom policies) or any other factors that could cause this behaviour, the policy chain is not executed and the incoming request simply rejected.

For context, if the policy which is not loaded/executed is expected to be part of the policy chain and has any sort of security level functionality then it is not expected that the request reaches the upstream. Rather than make the default behaviour to reject requests when this occurs it would be best to make this a configurable option per policy as some policies are not critical enough to cause APIcast to abort the request.