WAF usage

You can use WAF to secure APIs. WAF must be contracted by the customer. WAF management will also be the customer’s responsibility. In a macro way, the activation process is:

  1. Change DNS for WAF provider

  2. Configure WAF provider upstream for DNS ALIAS

    1. It is important that WAF maintains the host header of the original request (default behavior in most vendors)

When using WAF, TLS termination will occur at the WAF layer itself.

The diagram below represents the use of API Platform with WAF:

Thanks for your feedback!

Share your suggestions with us!
Click here and then [+ Submit idea]