This topic describes the routing policies in Cloud-native API Gateway. You can enable route-level Web Application Firewall (WAF) protection for Cloud-native API Gateway instances and configure various policies, including throttling, rewrite, header setting, cross-origin resource sharing (CORS), traffic replication, timeout, and retry policies, to provide more comprehensive protection and optimization for your services.
Routing policies
Policy | Description |
Cloud-native API Gateway instances are deeply integrated with Alibaba Cloud WAF 3.0. Compared with traditional WAF, this integration allows user requests to directly access API gateways without the need to pass through WAF. This way, the overall system performance is significantly improved without compromising security. | |
Cloud-native API Gateway supports the implementation of route-level throttling policies. These policies can effectively prevent backend services from being overwhelmed by excessive external requests and prevent cascaded avalanches. The throttling feature helps you block some requests when the number of concurrent requests is large. This ensures the availability of backend services. Fine-grained throttling policies ensure that the number of requests on a route does not exceed a specified threshold during a specified period of time. | |
You can configure a rewrite policy to flexibly change the paths and hostnames in requests before the requests are forwarded to their destination backend services. This meets the requirements for specific business environments and architectures. The rewrite policy provides precise control over the paths and hostnames in requests and ensures that the requests are correctly routed to the service or endpoint. | |
You can configure a header setting policy to modify the headers in requests or responses before the requests are forwarded to destination backend services or before the responses of backend services are returned to clients. | |
CORS is an important security policy that allows web application servers to perform cross-origin access control. This helps implement secure data transfer. Cloud-native API Gateway allows you to configure route-level CORS policies. You can access resources from a specific domain name by using a specific request method based on your business requirements. | |
You can configure a traffic replication policy for a route on a Cloud-native API Gateway instance. This allows you to copy traffic of online applications to a specific application. This feature provides support for simulation tests and fault location on the system and helps you efficiently evaluate application performance and troubleshoot issues. | |
Cloud-native API Gateway allows you to configure timeout policies at the route level. If a gateway instance does not receive a response from the backend service within the specified period of time, the gateway instance returns the 504 (Gateway Timeout) HTTP status code to the client. | |
Cloud-native API Gateway allows you to configure route-level retry policies. This allows you to configure automatic retries for failed requests. In a retry policy, you can specify a retry condition, such as failed connections, unavailable backend services, or a response with a specified HTTP status code. |