Edge Functions for Edge Firewall
Edge Functions are functions that run on the Azion Edge Computing Platform with low latency, bringing the operational power closer to the end user.
Edge Firewall supports edge functions. Through them you can write your own security source code in JavaScript and deploy it to run at the edge of the network.
With edge functions on Edge Firewall, you can:
- Boost your protection.
- Have more dynamism.
- Apply the logic that your business requires.
- Use APIs that provide request and response headers manipulation.
Implementation
Section titled ImplementationScope | Guide |
---|---|
Edge function for Edge Firewall | How to create and configure an edge function on your Edge Firewall |
Examples | Examples |
Code samples | GitHub repository |
How Edge Functions work with Edge Firewall
Section titled How Edge Functions work with Edge FirewallProcess
Section titled Process- The rules configured on the Edge Firewall Rules Engine for the function to run are triggered.
- Azion Cells processes the function, returning an outcome.
- Edge Firewall Rules Engine resumes the processing, based on the outcome, from the point the behavior was triggered.
Add Request Header
Section titled Add Request HeaderYou can add new headers to the request that is sent to the origin.
addEventListener("firewall", (event) => { event.addRequestHeader("X-Custom-Header-1", "1"); event.addRequestHeader("X-Custom-Header-2", "2"); event.continue(); });
Add Response Header
Section titled Add Response HeaderYou can add new headers to the response that is sent to users.
addEventListener("firewall", (event) => { event.addResponseHeader("X-Custom-Header-3", "3"); event.addResponseHeader("X-Custom-Header-4", "4"); event.continue(); });
Deny (403 Forbidden)
Section titled Deny (403 Forbidden)Through the event event.deny()
, you can finish a request returning HTTP 403 Forbidden.
addEventListener("firewall", (event) => { event.deny(); });
Drop (Close Without Response)
Section titled Drop (Close Without Response)Through the event event.drop()
you are able to finish the request without returning an answer to the client.
addEventListener("firewall", (event) => { event.drop(); });
Respond with
Section titled Respond withThrough the event event.respondWith()
you can intercept requests, return custom responses, and modify the response headers or content.
event.respondWith(new Response('{"my_custom_response": true}', { status: 599, headers: { "content-type": "application/json" } }));
Metadata
Section titled MetadataThe Edge Functions on Edge Firewall have a set of metadata available for manipulation.
By using this metadata you’re able to filter and manage the access to your application and apply the specific logic in different scenarios, such as:
The GeoIP information
Section titled The GeoIP informationYou can deny access to your application when the request comes from certain places.
Find out more about the GeoIP metadata list.
Remote
Section titled RemoteYou’re able to check the IP address and the TCP port used.
Find out more about the Remote metadata list.
Server
Section titled ServerYou’re able to check the protocol being used in the request.
Find out more about the Server metadata list.
The TLS-related metadata is available when the request is made over a secure TLS connection.
Find out more about the TLS metadata list.
Azion Samples repository
Section titled Azion Samples repositoryCheck the Azion Samples repository on GitHub and analyze the code samples that can help you develop your own edge functions.
Best practices
Section titled Best practicesConditionals
Section titled ConditionalsWhen working with conditionals and event.method
, use if else
. In case the implementation is similar to:
if (someCondition){ event.drop() } event.continue()
It may end up with unexpected behaviors.
It’s highly recommended to use as follows:
if (someCondition){ event.drop() }else{ event.continue() }
Sync x async
Section titled Sync x asyncSince the eventHandler
is sync, it’s necessary to write an async function when await
is implemented.
It’s recommended to use event.waitUntil
, otherwise the promise may end up in unexpected exceptions.
async function firewallHandler(event) { // any async operation here like fetch, timeout etc.}
addEventListener("firewall", (event) => event.waitUntil(firewallHandler(event)));
}
Contributors