WAF usage

You can use WAF to secure APIs. WAF must be contracted by the customer. WAF management will also be the customer’s responsibility. In a macro way, the activation process is:

  1. Change DNS for WAF provider

  2. Configure WAF provider upstream for DNS ALIAS

    1. It is important that WAF maintains the host header of the original request (default behavior in most vendors)

When using WAF, TLS termination will occur at the WAF layer itself.

The diagram below represents the use of API Platform with WAF:

waf
Thanks for your feedback!
EDIT
How useful was this article to you?