Skip to main content

This is documentation for Apache ShenYu 2.3.0-Legacy, which is no longer actively maintained.

For up-to-date documentation, see the latest version (2.7.0.1).

Version: 2.3.0-Legacy

Waf Plugin

Explanation#

Waf is the core implementation of gateway to realize firewall function for network traffic.

Plugin Setting#

In soul-admin --> plugin management-> waf set to enable.
If the user don't use, please disable the plugin in the background.
Add configuration mode in plugin editing.

{"model":"black"}  # The default mode is blacklist mode; If setting is mixed, it will be mixed mode. We will explain it specifically below.

Plugin Detail#

Introducing waf dependency in the pom.xml of the gateway.

  <!-- soul waf plugin start-->  <dependency>      <groupId>org.dromara</groupId>      <artifactId>soul-spring-boot-starter-plugin-waf</artifactId>      <version>${last.version}</version>  </dependency>  <!-- soul waf plugin end-->

Selectors and rules, please refer to : selector
When model is set to black mode, only the matched traffic will execute the rejection policy, and the unmatched traffic will be skipped directly.
When model is set to mixed mode, all traffic will pass through waf plugin. For different matching traffic, users can set whether to reject or pass.

Situation#

Waf is also the pre-plugin of soul, which is mainly used to intercept illegal requests or exception requests and give relevant rejection policies.
When faced with replay attacks, you can intercept illegal ip and host, and set reject strategy according to matched ip or host.
How to determine ip and host, please refer to: parsing-ip-and-host

Explanation
Plugin Setting
Plugin Detail
Situation