Installing the Java Module on Weblogic
Last updated 2022-04-11
IMPORTANT
This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.
Compatibility
The Next-Gen WAF Java module is compatible with WebLogic version 12c (12.2.1) or higher.
Installation
To deploy the Next-Gen WAF Java module on WebLogic servers, you must first add it to your application as a servlet filter.
Then, deploy your application to your WebLogic server through the same process you would deploy any other Web Application.
Module Configuration
| Option | Default | Description |
|---|---|---|
rpcServerURI | Required, tcp://127.0.0.1:9999 | The Unix domain socket or TCP connection to communicate with the agent. |
rpcTimeout | Required, 300ms | The timeout in milliseconds that the RPC client waits for a response back from the agent. |
maxResponseTime | Optional, no default | The maximum time in seconds that the server response time will be evaluated against (i.e., to see if it exceeds this value) to determine if the module should send a post request to the agent. |
maxResponseSize | Optional, no default | The maximum size in bytes that the server response size will be evaluated against (i.e. to see if it exceeds this value) to determine if the module should send a post request to the agent. |
maxPost | Optional, no default | The maximum POST body size in bytes that can be sent to the Next-Gen WAF agent. For any POST body size exceeding this limit, the module will not send the request to the agent for detection. |
asyncStartFix | Optional, false | This can be set to true to workaround missing request body when handling requests asynchronously in servlets. |
altResponseCodes | Optional, no default | Space separated alternative agent response codes used to block the request in addition to 406. For example 403 429 503. |
excludeCidrBlock | Optional, no default | A comma-delimited list of CIDR blocks or specific IP addresses to be excluded from filter processing. |
excludeIpRange | Optional, no default | A comma-delimited list of IP ranges or specific IP addresses to be excluded from filter processing. |
excludePath | Optional, no default | A comma-delimited list of paths to be excluded from filter processing. If the URL starts with the specified value it will be excluded. Matching is case-insensitive. |
excludeHost | Optional, no default | A comma-delimited list of host names to be excluded from filter processing. Matching is case-insensitive. |
Sample module configuration:
Module configuration changes must be made in the <!-- Signal Sciences Filter --> section of your application's web.xml file:
12345678910111213141516171819<!-- Signal Sciences Filter --><filter> <filter-name>sigSciFilter</filter-name> <filter-class>com.signalsciences.servlet.filter.SigSciFilter</filter-class> <async-supported>true</async-supported><init-param> <param-name>rpcTimeout</param-name> <param-value>500</param-value></init-param> <init-param> <param-name>asyncStartFix</param-name> <param-value>true</param-value></init-param></filter><filter-mapping> <filter-name>sigSciFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping><!-- end Signal Sciences Filter -->Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
