|
2 | 2 | title: Zuplo + WAF/DDoS Services |
3 | 3 | --- |
4 | 4 |
|
5 | | -A common setup for customers using Zuplo (or any API Gateway) is how to setup a |
6 | | -WAF and DDoS protection in front of their API Gateway. Because Zuplo is deployed |
7 | | -to the edge (meaning lots of different locations all around the world close to |
8 | | -your customers), it's important that your WAF/DDoS services also support |
9 | | -edge-based deployments. Configuring a legacy WAF solution that runs in one or |
10 | | -only a few data centers in front of Zuplo will result in increased latency and |
11 | | -suboptimal experiences for your end users. This document outlines the various |
12 | | -strategies as well as the recommended setup for several popular services. |
13 | | - |
14 | | -When picking WAF + DDoS services to run in front of your Zuplo API Gateway |
15 | | -consider the following: |
16 | | - |
17 | | -- What level of customization do you require for your WAF + DDoS? If common |
18 | | - configurations are enough, consider Zuplo Managed WAF. |
19 | | -- Is your WAF/DDoS service also deployed at the edge? |
20 | | -- How can you ensure that requests can't bypass your WAF/DDoS and make requests |
21 | | - directly to your API Gateway? |
| 5 | +Many customers using Zuplo (or any other API Gateway) often choose to deploy WAF |
| 6 | +and DDoS protection in front of their gateway. You can use any WAF - we have |
| 7 | +customers today using Azure, AWS, Akamai, CloudFlare and many other options. |
| 8 | + |
| 9 | +However, there are some things to consider depending on how you host Zuplo |
| 10 | +(edge, dedicated, or self-hosted). |
| 11 | + |
| 12 | +If for some reason these don't work for you - we can also offer a managed WAF as |
| 13 | +part of your Zuplo Enterprise agreement; contact sales to discuss. |
| 14 | + |
| 15 | +More details on some third-party WAF solutions are included below. |
| 16 | + |
| 17 | +## Managed Edge Deployments |
| 18 | + |
| 19 | +Zuplo when running on the managed edge is running in over 300 data centers |
| 20 | +around the world. If you care about worldwide presence, be sure to choose a WAF |
| 21 | +that is globally distributed as all traffic will be routed through your WAF. |
| 22 | + |
| 23 | +## Managed Dedicated and Self-hosted Deployments |
| 24 | + |
| 25 | +Customers typically use a WAF offered by their selected hosting platform (e.g. |
| 26 | +Azure, Akamai, AWS etc) to simplify management, improve latency and reduce |
| 27 | +bandwidth costs. |
22 | 28 |
|
23 | 29 | ## Zuplo Managed WAF |
24 | 30 |
|
@@ -67,16 +73,38 @@ If you require the ability to finely control your WAF Rules or are using a |
67 | 73 | third-party WAF provider, Zuplo integrates seamlessly with popular edge-based |
68 | 74 | WAF solutions. |
69 | 75 |
|
| 76 | +### Akamai App & API Protector |
| 77 | + |
| 78 | +Akamai's App & API Protector provides comprehensive WAF and DDoS protection with |
| 79 | +a global edge network. Akamai offers advanced bot management, API security, and |
| 80 | +DDoS mitigation that works well with Zuplo's edge-deployed architecture. With |
| 81 | +over 4,000 edge locations worldwide, Akamai ensures minimal latency when |
| 82 | +protecting your Zuplo API Gateway. |
| 83 | + |
| 84 | +Key features include: |
| 85 | + |
| 86 | +- Advanced bot detection and mitigation |
| 87 | +- API-specific security rules and rate limiting |
| 88 | +- Real-time threat intelligence |
| 89 | +- Automatic protection against OWASP Top 10 vulnerabilities |
| 90 | +- DDoS protection across all layers |
| 91 | + |
| 92 | +Akamai's extensive edge network ensures that security checks happen close to |
| 93 | +your users, maintaining the low-latency benefits of Zuplo's edge deployment. |
| 94 | + |
| 95 | +- [Akamai Edge Locations](https://www.akamai.com/why-akamai/our-edge-platform) |
| 96 | + |
70 | 97 | ### Cloudflare WAF + DDoS |
71 | 98 |
|
72 | 99 | Cloudflare is the easiest solution for custom WAF + DDoS in front of your Zuplo |
73 | | -API Gateway. Because Zuplo is already terminated with Cloudflare, the |
74 | | -integration is seamless and requires virtually zero configuration. Simply point |
75 | | -your Cloudflare managed domain to Zuplo and you are protected. You can fully |
76 | | -customize your WAF, firewall, DDoS or any other security configuration offered |
77 | | -by Cloudflare. When a request comes into Cloudflare, it will be routed first |
78 | | -through your account's configuration, then will be sent to your Zuplo API |
79 | | -Gateway. The same thing happens on the outbound as well. |
| 100 | +API Gateway deployed as managed-edge. Because managed-edge is already terminated |
| 101 | +with Cloudflare, the integration is seamless and requires virtually zero |
| 102 | +configuration. Simply point your Cloudflare managed domain to Zuplo and you are |
| 103 | +protected. You can fully customize your WAF, firewall, DDoS or any other |
| 104 | +security configuration offered by Cloudflare. When a request comes into |
| 105 | +Cloudflare, it will be routed first through your account's configuration, then |
| 106 | +will be sent to your Zuplo API Gateway. The same thing happens on the outbound |
| 107 | +as well. |
80 | 108 |
|
81 | 109 | A custom domain configured on Zuplo that utilizes Cloudflare DNS is completely |
82 | 110 | protected from requests bypassing your WAF and hitting Zuplo directly. |
@@ -110,24 +138,3 @@ For more information on AWS Shield and WAF, see the following links: |
110 | 138 |
|
111 | 139 | - [Configuring Zuplo + AWS WAF & Shield](./waf-ddos-aws-waf-shield.mdx) |
112 | 140 | - [AWS Cloudfront Locations](https://aws.amazon.com/cloudfront/features/?whats-new-cloudfront&whats-new-cloudfront.sort-by=item.additionalFields.postDateTime&whats-new-cloudfront.sort-order=desc) |
113 | | - |
114 | | -### Akamai App & API Protector |
115 | | - |
116 | | -Akamai's App & API Protector provides comprehensive WAF and DDoS protection with |
117 | | -a global edge network. Akamai offers advanced bot management, API security, and |
118 | | -DDoS mitigation that works well with Zuplo's edge-deployed architecture. With |
119 | | -over 4,000 edge locations worldwide, Akamai ensures minimal latency when |
120 | | -protecting your Zuplo API Gateway. |
121 | | - |
122 | | -Key features include: |
123 | | - |
124 | | -- Advanced bot detection and mitigation |
125 | | -- API-specific security rules and rate limiting |
126 | | -- Real-time threat intelligence |
127 | | -- Automatic protection against OWASP Top 10 vulnerabilities |
128 | | -- DDoS protection across all layers |
129 | | - |
130 | | -Akamai's extensive edge network ensures that security checks happen close to |
131 | | -your users, maintaining the low-latency benefits of Zuplo's edge deployment. |
132 | | - |
133 | | -- [Akamai Edge Locations](https://www.akamai.com/why-akamai/our-edge-platform) |
|
0 commit comments