Installing the Java Module as a Netty Handler
Last updated 2023-01-20
IMPORTANT
This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.
The Next-Gen WAF Netty module is implemented as a handler which inspects HttpRequest
events before forwarding the event to the next handler in the pipeline.
Download
Download the Next-Gen WAF Java module manually or access it with Maven.
Download manually
- Download the Java module archive from https://dl.signalsciences.net/sigsci-module-java/sigsci-module-java_latest.tar.gz.
- Extract
sigsci-module-java_latest.tar.gz
. - Deploy the jars using one of the following options:
- Copy
sigsci-module-java-{version}-shaded.jar
(an uber jar with all the dependencies bundled) to your application’s classpath (e.g.,%CATALINA_HOME%\webbapps\<APP_FOLDER>\WEB-INF\lib
). - Copy
sigsci-module-java-{version}.jar
and its dependencies in thelib
folder to your application’s classpath (e.g.,%CATALINA_HOME%\webbapps\<APP_FOLDER>\WEB-INF\lib
). If you already have any of the dependency jar files in your application classpath folder (i.e., for Tomcat in theWEB-INF\lib
) then it is not necessary to copy them, even if the version numbers are different. The logging jars are optional based on howslf4j
is configured.
- Copy
Access with Maven
For projects using Maven for build or deployment, the latest version of Next-Gen WAF Java modules can be installed by adding XML to the project pom.xml
file. For example:
1<repositories>2 <repository>3 <id>sigsci-stable</id>4 <url>https://packages.signalsciences.net/release/maven2</url>5 </repository>6</repositories>7
8<dependency>9 <groupId>com.signalsciences</groupId>10 <artifactId>sigsci-module-java</artifactId>11 <version>LATEST_MODULE_VERSION</version>12</dependency>
Be sure to replace LATEST_MODULE_VERSION
with the latest release of the Java module. You can find the latest version in our version file at https://dl.signalsciences.net/sigsci-module-java/VERSION.
Install and configure
Create a new instance of WafHandler
for every new connection.
WafHandler
must be added afterFlowControlHandler
.HttpObjectAggregator
handler should be added beforeFlowControlHandler
to inspect HTTP Post body.WafHandler
may sendHttpResponse
for blocked request.
Example deployment
1// Update configuration2WafHandler.getSigSciConfig().setMaxPost(40000);3
4// start server and handle requests5new ServerBootstrap()6.group(bossGroup, workerGroup)7.channel(NioServerSocketChannel.class)8.childHandler(9 new ChannelInitializer<SocketChannel>() {10 @Override11 public void initChannel(SocketChannel ch) throws Exception {12 ch.pipeline()13 .addLast(new HttpServerCodec())14 .addLast(new HttpObjectAggregator(6 * (1 << 20)))15 .addLast(new FlowControlHandler())16 .addLast("waf", new WafHandler())17 .addLast(new SimpleChannelInboundHandler<FullHttpRequest>() {18
19 // send response20
21 });22 }23 })24.bind(8080)25.sync();
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.