DEV Community

Lulu
Lulu

Posted on

Boost API Security: Kong and SafeLine WAF Integration Guide

Kong is a cloud-native, fast, scalable, and distributed microservices abstraction layer (also known as an API gateway or middleware). It offers robust traffic control, security, monitoring, and operational features through plugins.

Installing the Kong Plugin

Custom plugins can be installed via LuaRocks. Lua plugins are distributed as .rock packages, which are self-contained and can be installed from local or remote servers.

If you've installed Kong using the official package, the LuaRocks utility should already be included in your system.

To install the SafeLine plugin, follow these steps:

luarocks install kong-safeline
Enter fullscreen mode Exit fullscreen mode

Then, enable the SafeLine plugin by adding the following configuration to your kong.conf file:

plugins = bundled,safeline              # Comma-separated list of plugins this node
                                        # should load. By default, only plugins
                                        # bundled in official distributions are
                                        # loaded via the `bundled` keyword.
Enter fullscreen mode Exit fullscreen mode

This line adds SafeLine to the list of enabled plugins, alongside any bundled plugins in the official distribution.

Finally, restart the Kong Gateway:

kong restart
Enter fullscreen mode Exit fullscreen mode

Using the SafeLine Plugin with Kong

To enable the SafeLine plugin for a specific service, configure the detector_host and safeline_port, which refer to the SafeLine detection engine's address and port, as set during the initial setup.

curl -X POST http://localhost:8001/services/{service}/plugins \
    --data "name=safeline" \
    --data "config.safeline_host=<detector_host>" \
    --data "config.safeline_port=<detector_port>"
Enter fullscreen mode Exit fullscreen mode

Testing the Protection

To verify that SafeLine is working, you can simulate a simple SQL injection attack by sending a request to Kong. If SafeLine is protecting your service, you should receive a 403 Forbidden response.

curl -X POST http://localhost:8000?1=1%20and%202=2
Enter fullscreen mode Exit fullscreen mode

You should get the following response:

{
  "code": 403,
  "success": false,
  "message": "blocked by Chaitin SafeLine Web Application Firewall",
  "event_id": "8b41a021ea9541c89bb88f3773b4da24"
}
Enter fullscreen mode Exit fullscreen mode

Additionally, you can check SafeLine's dashboard to see a full record of the blocked attack.

Top comments (0)