Cloud-native API Gateway integrates with Alibaba Cloud Web Application Firewall (WAF) 3.0 to provide both instance-level and route-level protection. Route-level WAF protection filters malicious traffic on a per-route basis.
Configure a WAF policy
-
You can configure WAF policies in the Cloud-native API Gateway console in one of the following ways:
Outside an instance
-
Log on to the Cloud-native API Gateway console. In the left-side navigation pane, click API. In the top navigation bar, select a region.
-
Click the instance selection drop-down list at the top and select the target instance from the All Instances list. Then, click the target API. The API's drop-down list also allows you to select an instance or All instances.
-
In the Routes, select the target route.
Inside an instance
-
Log on to the Cloud-native API Gateway console. In the left-side navigation pane, click Instance. In the top navigation bar, select a region.
-
On the Instance page, click the ID of the target gateway instance. In the navigation pane on the left, click API, and then click the target API.
-
In the Routes list, select the target route.
-
-
On the Configure Policy tab, in the Inbound Processing section, click Enable Policy/Plug-in.
-
On the WAF Policy card, click Enable Route-level WAF Protection (Recommended).
-
In the Enable Route-level WAF Protection dialog box, click OK.
What to do next
After you enable protection, traffic to the route passes through the built-in WAF for filtering. By default, the Protection Rules Engine and CC protection modules are enabled. The Protection Rules Engine guards against common web attacks such as SQL injection, cross-site scripting (XSS), and webshell uploads, while the CC protection module mitigates CC attacks. To enable and configure additional protection modules, see Overview of gateway mitigation settings.
References
To enable instance-level WAF protection instead, see Enable Web Application Firewall.