Vapor: Introducing Managed Firewalls

May, 27 2021#vapor

Today, we are proud to introduce Vapor's managed firewalls for basic protection against denial-of-service attacks targeting your environment, as well as protection against pervasive bot traffic that can consume your environment's resources.

image

You may start using Vapor's managed firewall by defining the firewall configuration option within your application's vapor.yml file:

image

rate-limit

When using the rate-limit option, Vapor's managed firewall tracks the rate of requests for each originating IP address and blocks IPs with request rates over the given rate-limit value. In the example above, if the request count for an IP address exceeds 1,000 requests in any 5-minute time span then the firewall will temporarily block requests from that IP address with the 403 Forbidden HTTP status code.

bot-control

When using the bot-control option, Vapor's managed firewall blocks requests from pervasive bots, such as scrapers or search engines. Over a dozen categories are available for use, and their usage will depend on the type of application you have.

Be sure to check out Vapor's managed firewall documentation before you begin using this feature. Behind the scenes, Vapor's managed firewall uses Amazon WAF - feel free to check out the WAF documentation for more information about the WAF service and its pricing.

We hope you enjoy this new addition to Laravel Vapor. At Laravel, we're committed to providing you with the most robust and developer-friendly PHP experience in the world. If you haven't checked out Vapor, now is a great time to start! You can create your account today at: vapor.laravel.com.

By Nuno Maduro

Laravel Team, Creator of Pest.

Follow the RSS Feed.