Cloud-native API Gateway provides route-level WAF protection and routing policies, including throttling, rewrite, header setting, CORS, traffic replication, timeout, and retry, to help protect and optimize your services.
Routing policies
|
Policy |
Description |
|
Cloud-native API Gateway integrates with Alibaba Cloud WAF 3.0. Unlike traditional WAF, this integration allows requests to reach the gateway directly without passing through WAF, which significantly improves overall system performance without compromising security. |
|
|
Route-level throttling policies prevent backend services from being overwhelmed by excessive requests and help avoid cascading failures. When the number of concurrent requests is high, throttling blocks excess requests to maintain backend availability. Fine-grained policies ensure that the request count on a route does not exceed a specified threshold within a given period. |
|
|
A rewrite policy modifies request paths and hostnames before requests are forwarded to backend services, ensuring that requests reach the intended service or endpoint. |
|
|
A header setting policy modifies headers in requests or responses before requests are forwarded to backend services or before responses are returned to clients. |
|
|
CORS enables cross-origin access control for secure data transfer. You can configure route-level CORS policies to allow access to resources from specific domains by using specific request methods. |
|
|
A traffic replication policy copies traffic from online applications to a designated application for simulation testing and fault diagnosis, helping you evaluate application performance and troubleshoot issues efficiently. |
|
|
A route-level timeout policy specifies the maximum time a gateway instance waits for a response from the backend service. If no response is received within this period, the gateway returns the 504 (Gateway Timeout) HTTP status code to the client. |
|
|
Route-level retry policies enable automatic retries for failed requests. You can specify retry conditions such as failed connections, unavailable backend services, or responses with a specified HTTP status code. |