DEV Community

Lulu
Lulu

Posted on

2 1 1 1 1

Boost API Security: Kong and SafeLine WAF Integration Guide

#api #opensource #devops #cybersecurity

Kong is a cloud-native, fast, scalable, and distributed microservices abstraction layer (also known as an API gateway or middleware). It offers robust traffic control, security, monitoring, and operational features through plugins.

Installing the Kong Plugin

Custom plugins can be installed via LuaRocks. Lua plugins are distributed as .rock packages, which are self-contained and can be installed from local or remote servers.

If you've installed Kong using the official package, the LuaRocks utility should already be included in your system.

To install the SafeLine plugin, follow these steps:

luarocks install kong-safeline
Enter fullscreen mode Exit fullscreen mode

Then, enable the SafeLine plugin by adding the following configuration to your kong.conf file:

plugins = bundled,safeline              # Comma-separated list of plugins this node
                                        # should load. By default, only plugins
                                        # bundled in official distributions are
                                        # loaded via the `bundled` keyword.
Enter fullscreen mode Exit fullscreen mode

This line adds SafeLine to the list of enabled plugins, alongside any bundled plugins in the official distribution.

Finally, restart the Kong Gateway:

kong restart
Enter fullscreen mode Exit fullscreen mode

Using the SafeLine Plugin with Kong

To enable the SafeLine plugin for a specific service, configure the detector_host and safeline_port, which refer to the SafeLine detection engine's address and port, as set during the initial setup.

curl -X POST http://localhost:8001/services/{service}/plugins \
    --data "name=safeline" \
    --data "config.safeline_host=<detector_host>" \
    --data "config.safeline_port=<detector_port>"
Enter fullscreen mode Exit fullscreen mode

Testing the Protection

To verify that SafeLine is working, you can simulate a simple SQL injection attack by sending a request to Kong. If SafeLine is protecting your service, you should receive a 403 Forbidden response.

curl -X POST http://localhost:8000?1=1%20and%202=2
Enter fullscreen mode Exit fullscreen mode

You should get the following response:

{
  "code": 403,
  "success": false,
  "message": "blocked by Chaitin SafeLine Web Application Firewall",
  "event_id": "8b41a021ea9541c89bb88f3773b4da24"
}
Enter fullscreen mode Exit fullscreen mode

Additionally, you can check SafeLine's dashboard to see a full record of the blocked attack.

profile
Sentry
 Promoted

API Trace View

Struggling with slow API calls? đź‘€

Dan Mindru walks through how he used Sentry's new Trace View feature to shave off 22.3 seconds from an API call.

Get a practical walkthrough of how to identify bottlenecks, split tasks into multiple parallel tasks, identify slow AI model calls, and more.

Read more →

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

wimadev profile image

Test your Docker knowledge

Lukas Mauser -

thepracticaldev profile image

Join us for the Bright Data Web Scraping Challenge: $3,000 in Prizes!

dev.to staff -

anthonymax profile image

🔥How to fetch HTML from server

Anthony Max -

suzuki0430 profile image

Simplify Environment Variable Management with GitHub Environments

Atsushi Suzuki -

đź‘‹ Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay