This topic describes how to configure a routing policy for a cloud-native gateway. You can enable route-level web application firewall (WAF) protection for cloud-native gateways and configure various policies, including throttling, rewrite, header setting, cross-origin resource sharing (CORS), traffic replication, timeout, and retry policies, to provide more comprehensive protection and optimization for your services.
Enable route-level WAF protection
Cloud-native gateways are deeply integrated with Alibaba Cloud WAF 3.0. Compared with traditional WAF, this integration allows user requests to directly access API gateways without the need to pass through WAF. This way, the overall system performance is significantly improved without compromising security. For more information, see Enable route-level WAF protection.
Configure policies
Policy | Description |
Cloud-native gateways support the implementation of route-level throttling policies. These policies can effectively prevent backend services from being overwhelmed by excessive external requests and prevent cascaded avalanches. The throttling feature helps you block some requests when the number of concurrent requests is large. This ensures the availability of backend services. Fine-grained throttling policies ensure that the number of requests on a route does not exceed a specified threshold during a specified period of time. | |
You can configure a rewrite policy to flexibly change the paths and hostnames in requests before the requests are forwarded to their destination backend services. This meets the requirements for specific business environments and architectures. The rewrite policy provides precise control over the paths and hostnames in requests and ensures that the requests are correctly routed to the service or endpoint. | |
You can configure a header setting policy to modify the headers in requests or responses before the requests are forwarded to destination backend services or before the responses of backend services are returned to clients. | |
CORS is an important security policy that allows web application servers to perform cross-origin access control. This helps implement secure data transfer. Cloud-native gateways allow you to configure route-level CORS policies. You can access resources from a specific domain name by using a specific request method based on your business requirements. | |
You can use cloud-native gateways for route configuration authentication. For more information about how to configure consumer authentication, see Configure consumer authentication. | |
You can configure a traffic replication policy for a route on a cloud-native gateway. This allows you to copy traffic of online applications to a specific application. This feature provides support for simulation tests and fault location on the system and helps you efficiently evaluate application performance and troubleshoot issues. | |
Cloud-native gateways allow you to configure timeout policies at the route level. If a gateway does not receive a response from the backend service within the specified period of time, the gateway returns the 504 (Gateway Timeout) HTTP status code to the client. | |
Cloud-native gateways allow you to configure retry policies at the route level. After you configure a retry policy, cloud-native gateways can automatically retry a failed request based on the retry policy. In a retry policy, you can specify a retry condition, such as failed connections, unavailable backend services, or a response with a specified HTTP status code. |