Overview: APIM can be setup in multiple regions and incoming request will be routed to the closest APIM endpoint. If there is only 1 APIM region, it is best to ensure the API/App Service/Function is hosted in the same region. With multiple APIM's you can also host a API in the same region. The routing is either done automatically using Azure Front Door or via policy on the APIM.
Front Door can be substituted with Azure WAF, or Cloudflare or Barracuda's SaaS solution.
WAF Options:
- Azure WAF simple in 1 region for a WAF especially with APIM and if you are an Azure customer.
- Competitor options: Barracuda WAF SaaS Service or Any software firewall KEMP, F5, Check Point, Fortinet/Fortigate, Cloudflare WAF, AWS WAF, AWS Network Firewall, ....
- Check WAF service has protection at least for DDoS, XSS, SQL injection attacks, SSL Termination if you need it, Managed RuleSets.
- Azure Front Door is pretty amazing, Cloudflare is historically the leader with similar functionality.
- Cloudflare is a Secure access service edge (SASE). Cloudflare provides a WAF service at hundreds of endpoints around the globe (for instance there are 5 Cloudflare endpoints in Australia). WAF functionality like SSL, DDoS (L7), customer rule e.g. rate limiting, OWASP rules applied, "api protection", et al. is done close to the user request (nice low latency) and then if successful it is pushed to the backend.
0 comments:
Post a Comment