Kong plugin install

  Last updated 2023-04-20

IMPORTANT

This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.

The Kong plugin is a feature of the NGINX module, which allows it to function as a Kong plugin. Accordingly, the process for installing the Kong plugin involves installing the Next-Gen WAF agent and NGINX module, and modifying the NGINX module configuration to enable it for use with Kong.

Installation

  1. Install the Next-Gen WAF agent for your environment.

  2. Edit the agent configuration file located at /etc/sigsci/agent.conf to add the following lines. Replace <AGENT-LISTENER-IP> with the host IP address (usually 127.0.0.1) and <AGENT-LISTENER-PORT> with the TCP port on which the agent will listen for connections from the module. There is no default, but we suggest port 737 to minimize the chance of conflicts with other services:

    rpc-address=<AGENT-LISTENER-IP>:<AGENT-LISTENER-PORT>

  3. Download and extract the latest Next-Gen WAF NGINX module.

    $ curl -O  https://dl.signalsciences.net/sigsci-module-nginx/sigsci-module-nginx_latest.tar.gz
    $ sudo mkdir -p /opt/sigsci/nginx
    $ sudo tar -xf sigsci-module-nginx_latest.tar.gz -C /opt/sigsci/nginx

  4. If you are on Kong 3.0.x, override the handler.lua and schema.lua files in /opt/sigsci/nginx/sigsci-module-nginx/kong/plugins/signalsciences with the handler.lua and schema.lua files in /opt/sigsci/sigsci-module-nginx/nginx/kong/plugins/signalsciences-3.0.x.

  5. Edit the following lines in /opt/sigsci/nginx/sigsci-module-nginx/kong/plugins/signalsciences/handler.lua to reflect the host IP address and the port used for communication with the agent. Replace "localhost" and 12345 with the host IP address and port:

    sigsci.agenthost = "localhost"
    sigsci.agentport = 12345

  6. In the Kong configuration file at /etc/kong/kong.conf, add the following lines:

    plugins=signalsciences
    lua_package_path=/opt/sigsci/nginx/sigsci-module-nginx/?.lua

  7. Enable the Kong plugin by running the following command. Replace <KONG-GATEWAY-IP:PORT> with the Kong IP address and port (for example, 127.0.0.1:1234):

    $ curl -i -X POST --url http://<KONG-GATEWAY-IP:PORT>/plugins/ --data 'name=signalsciences'
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2024