Edge Functions

Running custom code during traffic processing

Overview

An Edge Function (EF) allow you to extend Link11 WAAP's tools and functionality. An EF consists of Lua code that can be run at different points in L11WAAP's traffic processing.

An EF can be configured to execute before any other processing occurs. Therefore, it can override or preempt other configured settings within L11WAAP. Or, it can be run after traffic filtering has been completed.

Out of the box, L11WAAP includes a number of Edge Functions. Initially, they are not assigned to any Backend Services.

When an admin creates an Edge Function, L11WAAP validates the code with a Lua compiler. If any syntax errors are found, an error message will be shown. However, Link11 does not validate the code beyond this. Please ensure that the code is valid and tested before adding it. If the code has errors, undefined behavior can occur when L11WAAP attempts to execute it.

Edge Functions are a very powerful tool. If you need assistance with this feature, please feel free to contact support.

Usage within applications and APIs

Edge Functions are assigned to destination paths/URLs within Security Policies.

Administration

The main window (shown above) lists all current Edge Functions.

The administration (addition/deletion/editing/versioning) of EFs follows the conventions described here.

Parameters

Name

A name for this EF, to be used within the interface.

Description

Information about this EF, for use within the interface.

Phase

This specifies when the Edge Function code will be executed.

Phase
Description

Request Pre Processing

Executes immediately when L11WAAP receives an incoming request, before any other processing occurs.

  • Runs before the security logic.

  • Cannot be preempted/prevented by the security logic, since it executes beforehand.

  • A request might only be blocked here if NGINX itself blocks it (e.g., due to malformed headers or connection limits).

Request Post Processing

Executes after L11WAAP has finished processing the request, and before it sends the request to the backend server.

  • Runs after the security logic.

  • Will only be reached if the request is allowed by the security logic.

  • If the request is blocked, this stage will not be executed.

Response Pre Processing

Executes when L11WAAP receives the response from the backend.

  • Runs on the response coming back from the origin, before any potential processing.

  • The response cannot be blocked here, as L11WAAP does not evaluate or filter responses from the origin at this stage (unless NGINX does it for some reason).

Response Post Processing

Executes as the last action before L11WAAP sends the response to the client.

  • Runs after the response has been processed (e.g., the addition of the upstream-status tag) and just before it is sent to the client.

  • Similar to the previous stage, since there is no security logic evaluating responses, this function cannot be blocked and will execute as normal.

Code

The Lua code for the Edge Function.

Connections to Security Policies

The list of Security Policies that include this Edge Function. Each Security Policy defines the scope (i.e., the paths within Backend Services) for which the Function will be active.

For a discussion of how to use this control, see Connections to Security Policies.

PreviousBackend ServicesNextDNS Records

Last updated

Was this helpful?