APIsentry Documentation
APIsentry Documentation
  • Knowledge Base
  • Getting Started
    • Login and MFA
    • Create Project
  • Installation Approach
    • Out-of-band Approach
    • In-line Approach
Powered by GitBook
On this page
  1. Installation Approach

In-line Approach

What is the In-Line Approach or Active Mode Architecture?

The In-Line Approach or Active Mode Architecture refers to a security configuration where the Web Application Firewall (WAF) is placed directly in the path of the application's traffic. Unlike the out-of-band or passive mode, in this setup, all incoming and outgoing traffic passes through the WAF, allowing it to actively monitor, analyze, and take action on the traffic in real-time.

How It Works with API Sentry

When API Sentry WAF is deployed in in-line (active) mode:

  1. Traffic Interception: API Sentry is placed directly in the traffic flow between the client and the server. All API requests and responses pass through API Sentry.

  2. Real-Time Scanning: As each request or response is received, API Sentry performs real-time analysis to detect potential threats, vulnerabilities, or anomalies.

  3. Action on Traffic: Based on the analysis, API Sentry can take immediate action:

    • Block malicious requests or responses to prevent attacks.

    • Allow legitimate traffic to pass through without interruption.

    • Modify certain aspects of the traffic (e.g., sanitizing input data).

  4. Logging and Reporting: Even while taking action, API Sentry logs all activities, providing detailed reports on detected threats, blocked attacks, and overall traffic patterns.

Note: In active mode, API Sentry not only detects threats but also has the capability to prevent them by actively managing traffic in real-time.

Advantages of In-Line (Active) Mode

  1. Real-Time Protection:

    • API Sentry can immediately block or mitigate detected threats, providing real-time security for your application.

  2. Automatic Threat Mitigation:

    • Automated responses to security threats mean you don’t need to manually intervene during an attack. The WAF handles it on the fly.

  3. Comprehensive Security:

    • By being in the direct path of traffic, API Sentry can apply security rules and measures to every single request, ensuring thorough protection.

  4. Customizable Security Policies:

    • API Sentry allows for the creation of custom rules and policies, enabling fine-tuned control over how different types of traffic are handled.

Risks of In-Line (Active) Mode

  1. Potential for Latency:

    • Because every request and response is analyzed in real-time, there is a potential for added latency, especially in high-traffic environments.

  2. Risk of Blocking Legitimate Traffic:

    • False positives can occur, leading to legitimate traffic being blocked or modified, which can disrupt user experience.

  3. Infrastructure Dependency:

    • API Sentry becomes a critical component of your infrastructure, meaning that if the WAF goes down, it could impact the availability of your application unless proper failover mechanisms are in place.

Installation Steps for In-Line Approach

  1. Prepare the Environment:

    • Ensure that your application’s infrastructure can support in-line WAF deployment. This typically involves configuring your load balancer, gateway, or network to route all traffic through API Sentry.

  2. Install API Sentry WAF:

    • Deploy API Sentry WAF on the server, cloud, or container environment where it will intercept the traffic. API Sentry should be configured as a reverse proxy, meaning it will receive all traffic before forwarding it to your application.

  3. Configure Traffic Routing:

    • Adjust your DNS settings, load balancer, or firewall rules to ensure that all traffic destined for your application is routed through API Sentry.

    • This might involve updating DNS records to point to the API Sentry server or adjusting firewall rules to forward traffic to API Sentry.

  4. Set Up Security Policies:

    • Define and apply security policies within API Sentry. This includes setting up rules for traffic filtering, threat detection, and automatic mitigation.

    • Customize policies based on your application’s specific needs, such as blocking specific IPs, filtering input data, or allowing certain types of traffic.

  5. Test the Configuration:

    • Before going live, test the setup thoroughly to ensure that API Sentry is correctly intercepting and analyzing traffic, and that it’s not inadvertently blocking legitimate traffic.

    • Use test cases to simulate both legitimate and malicious traffic to verify the effectiveness of the WAF.

  6. Monitor and Fine-Tune:

    • After going live, continuously monitor the traffic logs and reports generated by API Sentry.

    • Fine-tune the security policies as needed to reduce false positives and ensure optimal performance.

  7. Failover and Redundancy (Optional):

    • To avoid downtime in case of WAF failure, consider setting up a failover mechanism where traffic is redirected to a backup server if API Sentry goes down.

PreviousOut-of-band Approach

Last updated 9 months ago