About agent-only deployment
Last updated 2023-10-19
The core deployment method includes both agent-only and module-agent deployment options. With an agent-only deployment, you're responsible for managing your Next-Gen WAF deployment in your hosting environment and the agent performs the following functions:
- decides how requests should be handled and executes the decisions (e.g., blocks, allows, and tags requests).
- acts as a proxy to the web application that you're protecting.
- provides an interface between your web server and our cloud-hosted collection and analysis system.
While setting up an agent-only deployment, you'll install the Signal Sciences agent component. You will not install the optional module component.
The Signal Sciences agent can be configured to run as a reverse proxy. In reverse proxy mode, the agent interacts directly with requests and responses without the need for a module. Running the agent in reverse proxy mode is ideal when a module for your web service does not yet exist or you do not want to modify your web service configuration (e.g., while testing the product). In this mode, the agent sits inline as a service in front of your web service. For more information, check out our Configuring Agent reverse proxy deployments guide.
The Signal Sciences agent can integrate directly with Envoy, a cloud-native reverse proxy, to inspect and protect web traffic. For more information, check out our Configuring Envoy proxy deployments guide.
The Signal Sciences agent can integrate with Istio service mesh to inspect and protect north-south and east-west traffic in microservices architecture applications. For more information, check out our guide on Istio and Kubernetes.
The Signal Sciences agent can integrate with AWS Lambda. To provide on-demand protection, the agent can be set up to initialize with each function and close out upon function completion. For more information, check out our guide on AWS Lambda.
You can configure the Signal Sciences agent to use a proxy for egress traffic.