Anypoint Security features a high-performance, reliable, and scalable service to enforce policies that apply to all nodes deployed to your Runtime Fabric.
You can protect your APIs using these policies:
DoS (Denial of service) Policy
These policies are designed to protect your network nodes against malicious clients trying to flood your network to prevent legitimate traffic to your APIs.
Learn more about the DoS policy.
Create an explicit list of IP addresses that can access your deployed endpoints.
Learn more about the IP Whitelist.
These policies prevent attacks from clients that send large messages that can consume all of your processing bandwidth.
Learn more about the HTTP Limits policy.
WAF (Web Application Firewall Policy)
These policies provide the Open Web Application Security Project (OWASP) Core Rule Set (CRS) for checking requests and responses to detect common Web application attacks.
Learn more about the WAF policy
You can use these policies to handle all traffic to your Runtime Fabric, and leverage API Manager policies for handling specific behaviors to specific APIs.
Anypoint Security policies then act as a default router capability through which all traffic traverses.
Threat detection and prevention.
Content attack prevention (HTTP header and message limits checks)
Denial of Service
Advanced TLS (for example, certificate pinning, CRL)
Basic TLS (for example, Mutual TLS, SSL Termination)
API policies configured in API Manager and running through an API gateway give you the ability to further customize or extend certain limitations you are applying at the Mule application level.
This layer of security provides the same control as any API Manager policy offers. For example:
Basic TLS (for example, mutual TLS, SSL termination)
Authorization and Accounting (AAA)
You must have Runtime Fabric and Security Edge Policies entitlements enabled for your Anypoint Platform account, in addition to API Manager and Analytics.
To apply policies, you must have the Manage Runtime Fabrics permission assigned to your user.
An administrator for your organization can grant you this permission in Access Management.