本文探讨了绿盟WAF的负载均衡特性,参考了Azure Front Door的五级负载均衡器和内容缓存策略,深入理解如何在安全防护的同时实现高效流量分配。
绿盟waf负载均衡
Azure front door provides comprehensive tools for managing the load balancing between the different back-end services, along with integrated web application firewall policies, session affinity, and most importantly the content delivery acceleration. In simple terms, the Azure front door provides everything a web site to be secured, faster, and efficient.
Azure前门提供了用于管理不同后端服务之间的负载平衡的综合工具,以及集成的Web应用程序防火墙策略,会话亲和力以及最重要的是内容交付加速。 简而言之,Azure前门为网站的所有内容提供了安全,快速和高效的保护。
前端(多域\站点) (Front end (multi domain\sites))
Azure front door can manage multiple domains (multiple websites) in a single instance, which is comparatively cost-efficient. It comes from one default domain <instance name>.azurefd.net and additional custom domains can be added & configured as a CNAME to the default domain.
Azure前门可以在单个实例中管理多个域(多个网站),这具有较高的成本效益。 它来自一个默认域<实例名称> .azurefd.net,并且可以将其他自定义域添加并配置为CNAME到默认域。
TLS \ SSL卸载 (TLS \ SSL Offloading)
Azure front door provides the ability to configure the HTTPS protocol. It currently supports TLS 1.0 and 1.2 and uses the custom SSL certificates. But the SSL certificates must be set up in the Key Vault and Azure Front Door application must have access to the key vault. Note that the Azure Front Door Service has to be registered in the AAD.
Azure前门提供了配置HTTPS协议的功能。 它当前支持TLS 1.0和1.2,并使用自定义SSL证书。 但是必须在密钥库中设置SSL证书,并且Azure前门应用程序必须有权访问密钥库。 请注意,必须在AAD中注册Azure前门服务。
Web应用防火墙 (Web application Firewall)
Web application firewall policies support both prevention and detection modes. It provides the ability to redirect the blocked request to a different URL or set custom code & messages. It comes with standard WAF rules and also support custom rules.
Web应用程序防火墙策略同时支持预防和检测模式。 它提供了将阻止的请求重定向到其他URL或设置自定义代码和消息的功能。 它带有标准的WAF规则,还支持自定义规则。
会话亲和力 (Session Affinity)
The front door provides a cookie-based affinity for web traffic. It routes the traffic to the same backend services based on the cookie set up by the front door.
前门为Web通信提供基于cookie的相似性。 它根据前门设置的cookie将流量路由到相同的后端服务。
后端池 (Backend Pools)
Front door support multiple back end services including the custom host, app services, API management, Public IP endpoints, Storage, etc. Both HTTP and HTTPS ports are configurable along with priority & weights as needed.
前门支持多种后端服务,包括自定义主机,应用程序服务,API管理,公共IP端点,存储等。HTTP和HTTPS端口均可根据需要配置优先级和权重。
健康探针 (Health Probes)
Configure the health probe for the load balancer to check the availability of the back-end resources. It supports only HTTP and HTTPS probe at predefined intervals. The back end availability can be determined by the number of successfully responses and also the time taken in milli-seconds
为负载均衡器配置运行状况探针,以检查后端资源的可用性。 它仅以预定义的间隔支持HTTP和HTTPS探测。 后端可用性可以由成功响应的数量以及以毫秒为单位的时间来确定
路由规则 (Routing Rules)
It is the most important capability in the Front door, which helps build custom rules to configure the traffics based on the patterns. It provides the ability to select destination back end services or protocols based on the URL patterns. For example, the HTTP to HTTPS redirects can be configured using rules.
这是前门中最重要的功能,可帮助建立自定义规则以根据模式配置流量。 它提供了根据URL模式选择目标后端服务或协议的功能。 例如,可以使用规则配置HTTP到HTTPS重定向。
规则引擎 (Rule Engine)
It’s a new capability that is included in the front door services, which provide the ability to configure multiple rules and actions. The rule condition can be based on the device type, query-string, request body, file extension, headers, etc. The rule actions can set the request header, response header, and completely override the routing options.
这是前门服务中包含的一项新功能,可提供配置多个规则和操作的功能。 规则条件可以基于设备类型,查询字符串,请求正文,文件扩展名,标头等。规则操作可以设置请求标头,响应标头,并完全覆盖路由选项。
缓存和动态压缩 (Caching & Dynamic Compression)
Dynamically compress the static files such as CSS, JS, etc. Also, cache the web pages and static contents \ images based on the URL pattern and query strings. The cache durations are configurable by days, hours, minutes and seconds
动态压缩CSS,JS等静态文件。此外,根据URL模式和查询字符串缓存网页和静态内容\图像。 缓存持续时间可以按天,小时,分钟和秒进行配置
绿盟waf负载均衡
扫一扫
395
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
