Kong is a cloud-native, fast, scalable, and distributed microservices abstraction layer (also known as an API gateway or API middleware).
It offers rich traffic control, security, monitoring, and operational features through plugins.
Usage
Version Requirements
- Kong >= 2.6.x
- Safeline >= 5.6.0
Preparations
Refer to the preparations in the documentation: APISIX integration with SafeLine.
Installing the Kong Plugin
Custom plugins can be installed via LuaRocks. Lua plugins are distributed in .rock format, a self-contained package that can be installed from a local or remote server.
If you used the official Kong Gateway installation package, the LuaRocks utility should already be installed on your system.
1. Install the Safeline Plugin
luarocks install kong-safeline
2. Enable the Safeline Plugin
Add the following configuration to the kong.conf configuration file:
plugins = bundled,safeline # Comma-separated list of plugins this node
# should load. By default, only plugins
# bundled in official distributions are
# loaded via the `bundled` keyword.
3. Restart Kong Gateway
kong restart
Using the Kong Plugin
Enable the Safeline plugin on a specific service:
In the configuration, detector_host and safeline_port refer to the address and port of the Safeline detection engine, which were configured during the preparation stage.
curl -X POST http://localhost:8001/services/{service}/plugins \
--data "name=safeline" \
--data "config.safeline_host=<detector_host>" \
--data "config.safeline_port=<detector_port>"
Testing the Protection Effect
Simulate a simple SQL injection attack to access Kong. If a 403 Forbidden response is returned, the protection is effective.
curl -X POST http://localhost:8000?1=1%20and%202=2
You will receive a 403 Forbidden response:
{"code": 403, "success": false, "message": "blocked by Chaitin SafeLine Web Application Firewall", "event_id": "8b41a021ea9541c89bb88f3773b4da24"}
Open the Safeline console interface to see the complete attack information recorded by Safeline.
Top comments (0)