In the past year , Because of the influence of COVID-19 , Enterprises are forced to telecommuting in unprecedented scope , Try new ways to use technology to serve customers . Statistical display , The number of enterprises carrying out modernization is more than 2020 Years increased 133%. There are many ways to modernize applications , adopt API Enabling modern interfaces is undoubtedly a cost-effective way . And with the API The surge of , How to achieve API Safety reinforcement has become the focus of enterprises . So today we're going to talk about API Gateway security reinforcement architecture and F5 API Reinforcement solutions .
API Gateway security reinforcement architecture
From the perspective of attack ,API The security reinforcement architecture of gateway is similar to that of traditional application , Divided into network layer 、 Delivery and transport layer 、 application layer . stay API The application level of gateway security reinforcement architecture , Focus on two aspects of Robot Attack and vulnerability attack ：
Robot Attack ： Now on the Internet 50% That's what happens to robots BOT, Robots can simulate normal business requests to access the system , cause API The gateway system's resources are consumed on meaningless requests . When a large number of robots simulate normal business access to request API Gateway time , This kind of application layer DDoS The attack will do harm to us API Gateway brings huge performance overhead , Lead to API The gateway system is not available . So in the application layer , Need to deploy WAF Kind of product , To identify and defend against robot attacks , Reduce Robot Attack on API Attack threat from gateway .
Vulnerability attacks ：WAF In addition to defending against robot attacks , Also need to be able to identify vulnerabilities against the application system , For example, injection attacks , Cross site attacks , Scanning, detecting attacks and so on , While dealing with attacks ,WAF Need to detect API Content , Found embedded in API Payload Attack code in . Deployed in API In front of the gateway WAF Need to be programmable , Realize the rapid defense of Zero Day attack .
Advanced WAF(API Security - new generation WAF) Advanced application layer protection module
About F5 API Reinforcement solutions , Mainly involves ：AFM Advanced firewall module 、LTM Load balancing module 、SSLO Encryption and decryption traffic layout module 、Advanced WAF(API Security - new generation WAF) Advanced application layer protection module 、APM Authentication and authorization policy management module 、HSL High speed log engine . This article will talk about Advanced WAF(API Security - new generation WAF) Application layer protection related content .
in the light of API The protection of , First you need to understand the data and API The structure of the application ,F5 Advanced WAF(API Security - new generation WAF) Support will OpenAPI And Swagger Profile import , Automatically generate path policy according to configuration file , And press different API Paths provide different depths of protection . Through the wizard configuration method , It greatly improves the convenience of protection deployment .
application layer DDoS Attack protection ：API DDoS Attacks usually simulate normal API Access Process , Aiming consumption API High performance resources of gateway are attacked , So as to achieve API The gateway is down , The purpose of the business interruption .Advanced WAF(API Security - new generation WAF) The protection module can be detected through multiple dimensions API DDoS attack , adopt Java script To effectively control API Frequency of visits , To reduce DDoS The purpose of the attack impact . meanwhile ,Advanced WAF(API Security - new generation WAF) It will also be based on API The delay returned by the gateway to judge API Whether the gateway is abnormal , Is there an attack in the network . When API When the delay returned by the gateway is higher than the set threshold ,Advanced WAF(API Security - new generation WAF) The module will actively intervene , Active traffic detection and attack protection .
Advanced WAF(API Security - new generation WAF) Application layer protection has more than two functions . Besides , It can also check the content of the agreement 、 Access restrictions 、 Scan blocked 、 Brute force cracking protection 、 Support the hiding of custom data 、IP Address reputation protection and new API Flexible call of interface protection strategy .
API The popularity of technology has a significant impact on application security and delivery technology .API Vulnerable to attack , Because by definition , They expose application logic and sensitive data to other applications or third parties .F5 Advanced WAF(API Security - new generation WAF) The product has AS3 modular , The security operation and maintenance personnel can API Application classification , Template defense strategies according to different types ,API Application in the development process can be through AS3 Module calls automatically Advanced WAF(API Security - new generation WAF) The relevant defense strategy template on , So as to realize the parallel of security deployment and business publishing efficiency .