Contact Free trial Login

Anypoint Security Policies for Edge

Anypoint Security features a high-performance, reliable, and scalable service that works with Anypoint Runtime Fabric to enforce security policies on nodes deployed to your Anypoint Runtime Fabric. Anypoint Security provides denial-of-service (DoS), IP whitelist, HTTP limits, and Web Application Firewall (WAF) policies to protect your APIs.

You can use the Anypoint Security policies to manage all traffic to your Runtime Fabric, and leverage API Manager policies to apply specific behaviors to specific APIs.

index e9021

Anypoint Security policies then act as a default router capability through which all traffic traverses.

  • Threat detection and prevention

    • Content attack prevention (HTTP header and message limits checks)

    • Denial of Service

    • IP whitelists

  • Advanced TLS (for example, certificate pinning, CRL)

  • Basic TLS (for example, Mutual TLS, SSL Termination)

API policies that are configured in API Manager and running through an API gateway give you the ability to further customize or extend certain limitations you are applying at the Mule application level.

This layer of security provides the same control as any API Manager policy offers. For example:

  • Basic TLS (for example, mutual TLS, SSL termination)

  • Rate limiting

  • OAuth

  • Authorization and Accounting (AAA)

DoS Policy

DoS policies are designed to protect your network nodes against malicious clients trying to flood your network to prevent legitimate traffic to your APIs.
Learn more about the DoS policy.

IP Whitelist Policy

Create an IP address whitelist policy to configure an explicit list of IP addresses that can access your deployed endpoints.
Learn more about the IP Whitelist.

HTTP Limits Policy

HTTP limits policies prevent attacks from clients that send large messages that can consume all of your processing bandwidth.
Learn more about the HTTP Limits policy.

WAF Policy

WAF policies provide the Open Web Application Security Project (OWASP) Core Rule Set (CRS) for checking requests and responses to detect common web application attacks.
Learn more about the WAF policy.

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.