How to configure main settings

Once you create an edge firewall with Azion, you can modify a few configurations. In this guide, you’ll learn to modify the domains associated with your firewall and to enable the available modules.

Via Azion Console

Section titled Via Azion Console

In this section, you’ll modify the main settings of your edge firewalls: name, domains, and modules via Azion Console.

  1. Access Azion Console > select Edge Firewall.
  2. From the list, select the edge firewall you want to edit or click + Add to create a new one.
  3. Give your edge firewall a unique and easy-to-remember name.

Domains

Section titled Domains

In the Domains section, you’ll choose the domains associated with this edge firewall. This means that all configurations made in this edge firewall will be associated with the selected domains.

  1. On the Available Domains box, you can:
    • Type characters or words to find domains or scroll through the list of your domains.
    • Select each domain you want to associate with this edge firewall and click the > button.
    • Select multiple domains by using ctrl on Windows and Linux or command on Mac and click the > button.
    • Select Choose all to select all domains presented on the list.
  2. After you click the > button, the selected domains are moved to the Chosen Domains box.
    • You can also use the < button to remove specific domains already chosen or select Clear selection to remove all domains.

Modules

Section titled Modules

Modules can unlock additional functionalities and features related to your configured firewalls. See the Pricing page for more details.

There are four available modules that can be activated with your edge firewall:

  • DDoS Protection Unmetered Protects your content and applications against Distributed Denial of Service (DDoS) attacks. Available for the Business and higher Service Plans.

  • Edge Functions Enables you to run serverless functions on Azion’s edge with low latency, bringing the operational power closer to the end user.

  • Network Layer Protection Allows the creation of filters by IP/CIDR, ASN addresses, or by countries (geolocation) through the configuration of Network Lists and the definition of business rules that will validate blocking or releasing Criteria.

  • Web Application Firewall Protects your applications against threats such as SQL Injections, Remote File Inclusion (RFI), Cross-Site Scripting (XSS), and many others.

You can choose between the list of modules: you can select one, a few, or even all.

Status

Section titled Status

You’ll also find a switch labeled Active. You can enable the switch to activate your edge firewall, and disable the switch if you no longer want this edge firewall active.

Debug rules

Section titled Debug rules

You’ll also find a switch labeled Debug Rules. If you enable the switch, you’ll turn on the feature that allows you to check if the rules you’ve created using Rules Engine for Edge Firewall have been successfully executed in your application.

go to How to debug rules guide

Once you’re done configuring your main settings, click the Save button.

Via API

Section titled Via API
  1. Run the following GET request in your terminal, replacing [TOKEN VALUE] with your personal token to retrieve your <edge_firewall_id>:
Terminal window
curl --location 'https://api.azionapi.net/edge_firewall \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]'
  1. You’ll receive a response with all your existing edge firewalls. Copy the value of the <id> that you want to configure.
  2. Run a PATCH request to modify the firewall as follows:
Terminal window
curl --location --request PATCH 'https://api.azionapi.net/edge_firewall/<edge_firewall_id>' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
    "name": "My edge firewall",
    "domains": [
        <domains_id>
    ],
    "is_active": true,
        "edge_functions_enabled": true,
        "network_protection_enabled": true,
        "waf_enabled": true,
    "debug_rules": true
}'
KeyDescription
nameName of the edge firewall
domainsArray of IDs of the domains you want to associate with this edge firewall
is_activeBoolean value that enables (true) or disables (false) the edge firewall
edge_functions_enabledBoolean value that enables (true) or disables (false) the Edge Functions module
network_protection_enabledBoolean value that enables (true) or disables (false) the Network Layer Protection module
waf_enabledBoolean value that enables (true) or disables (false) the Web Application Firewall (WAF) module
debug_rulesBoolean value that enables (true) or disables (false) the Debug Rules feature
  1. You’ll receive a response similar to this:
{
    "results": {
        "name": My edge firewall",
        "waf_enabled": true,
        "is_active": true,
        "edge_functions_enabled": true,
        "last_modified": "2023-06-01T18:00:11.994514Z",
        "domains": [
            0123456789
        ],
        "last_editor": "last.editor@azion.com",
        "network_protection_enabled": true,
        "id": 12345,
        "debug_rules": false
    },
    "schema_version": 3
}

Wait a few minutes for the changes to propagate and your edge firewall will be updated.



Contributors