How to configure Edge Firewall main settings
Once you create an edge firewall with Azion, you can modify a few configurations. In this guide, you’ll learn to modify the domains associated with your firewall and to enable the available modules.
- Run the following
GETrequest in your terminal, replacing[TOKEN VALUE]with your personal token to retrieve your<edge_firewall_id>:
curl --location 'https://api.azionapi.net/edge_firewall \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]'- You’ll receive a response with all your existing edge firewalls. Copy the value of the
<id>that you want to configure. - Run a
PATCHrequest to modify the firewall as follows:
curl --location --request PATCH 'https://api.azionapi.net/edge_firewall/<edge_firewall_id>' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \--header 'Content-Type: application/json' \--data '{ "name": "My edge firewall", "domains": [ <domains_id> ], "is_active": true, "edge_functions_enabled": true, "network_protection_enabled": true, "waf_enabled": true, "debug_rules": true}'| Key | Description |
|---|---|
name | Name of the edge firewall |
domains | Array of IDs of the domains you want to associate with this edge firewall |
is_active | Boolean value that enables (true) or disables (false) the edge firewall |
edge_functions_enabled | Boolean value that enables (true) or disables (false) the Edge Functions module |
network_protection_enabled | Boolean value that enables (true) or disables (false) the Network Layer Protection module |
waf_enabled | Boolean value that enables (true) or disables (false) the Web Application Firewall (WAF) module |
debug_rules | Boolean value that enables (true) or disables (false) the Debug Rules feature |
- You’ll receive a response similar to this:
{ "results": { "name": My edge firewall", "waf_enabled": true, "is_active": true, "edge_functions_enabled": true, "last_modified": "2023-06-01T18:00:11.994514Z", "domains": [ 0123456789 ], "last_editor": "last.editor@azion.com", "network_protection_enabled": true, "id": 12345, "debug_rules": false }, "schema_version": 3}Wait a few minutes for the changes to propagate and your edge firewall will be updated.
In this section, you’ll modify the main settings of your edge firewalls: name, domains, and modules via Azion Console.
- Access Azion Console > select Edge Firewall.
- From the list, select the edge firewall you want to edit or click + Edge Firewall to create a new one.
- Give your edge firewall a unique and easy-to-remember name.
Domains
In the Domains section, you’ll choose the domains associated with this edge firewall. This means that all configurations made in this edge firewall will be associated with the selected domains.
- On the Available box, you can:
- Scroll through the list of your domains.
- Select each domain you want to associate with this edge firewall and click the
>button. - Select multiple domains by using ctrl on Windows and Linux or command on Mac and click the
>button. - Select
>>to move all domains presented on the list.
- After you click the
>button, the selected domains are moved to the Selected box.- You can also use the
<button to remove specific domains already chosen or select<<to remove all domains.
- You can also use the
Modules
Modules can unlock additional functionalities and features related to your configured firewalls. See the Pricing page for more details.
There are four available modules that can be activated with your edge firewall:
-
DDoS Protection Unmetered Protects your content and applications against Distributed Denial of Service (DDoS) attacks. Automatically enabled in all accounts. -
Edge Functions Enables you to run serverless functions on Azion’s edge with low latency, bringing the operational power closer to the end user. -
Network Layer Protection Allows the creation of filters by IP/CIDR, ASN addresses, or by countries (geolocation) through the configuration of Network Lists and the definition of business rules that will validate blocking or releasing Criteria. -
Web Application Firewall Protects your applications against threats such as SQL Injections, Remote File Inclusion (RFI), Cross-Site Scripting (XSS), and many others.
You can choose between the list of modules: you can select one, a few, or even all.
Debug rules
You’ll also find a switch labeled Debug Rules. If you enable the switch, you’ll turn on the feature that allows you to check if the rules you’ve created using Rules Engine for Edge Firewall have been successfully executed in your application.
Go to How to debug rules guideStatus
You’ll also find a switch labeled Active. You can enable the switch to activate your edge firewall, and disable the switch if you no longer want this edge firewall active.
Once you’re done configuring your main settings, click the Save button.
In this section, you’ll modify the main settings of your edge firewalls: name, domains, and modules via Real-Time Manager (RTM).
- Access Real-Time Manager (RTM) > select Edge Firewall.
- From the list, select the edge firewall you want to edit or click Add Rule Set to create a new one.
- Give your edge firewall a unique and easy-to-remember name.
Domains
In the Domains section, you’ll choose the domains associated with this edge firewall. This means that all configurations made in this edge firewall will be associated with the selected domains.
- On the Available Domains box, you can:
- Type characters or words to find domains or scroll through the list of your domains.
- Select each domain you want to associate with this edge firewall and click the
>button. - Select multiple domains by using ctrl on Windows and Linux or command on Mac and click the
>button. - Select Choose all to select all domains presented on the list.
- After you click the
>button, the selected domains are moved to the Chosen Domains box.- You can also use the
<button to remove specific domains already chosen or select Clear selection to remove all domains.
- You can also use the
Modules
Modules can unlock additional functionalities and features related to your configured firewalls. See the Pricing page for more details.
There are four available modules that can be activated with your edge firewall:
-
DDoS Protection Unmetered Protects your content and applications against Distributed Denial of Service (DDoS) attacks. Automatically enabled in all accounts. -
Edge Functions Enables you to run serverless functions on Azion’s edge with low latency, bringing the operational power closer to the end user. -
Network Layer Protection Allows the creation of filters by IP/CIDR, ASN addresses, or by countries (geolocation) through the configuration of Network Lists and the definition of business rules that will validate blocking or releasing Criteria. -
Web Application Firewall Protects your applications against threats such as SQL Injections, Remote File Inclusion (RFI), Cross-Site Scripting (XSS), and many others.
You can choose between the list of modules: you can select one, a few, or even all.
Status
You’ll also find a switch labeled Active. You can enable the switch to activate your edge firewall, and disable the switch if you no longer want this edge firewall active.
Debug rules
You’ll also find a switch labeled Debug Rules. If you enable the switch, you’ll turn on the feature that allows you to check if the rules you’ve created using Rules Engine for Edge Firewall have been successfully executed in your application.
Go to How to debug rules guideOnce you’re done configuring your main settings, click the Save button.
Contributors
