# Edge Functions
## Overview An Edge Function (EF) allow you to extend Link11 WAAP's tools and functionality. An EF consists of Lua code that can be run at different points in L11WAAP's traffic processing. An EF can be configured to execute before any other processing occurs. Therefore, it can override or preempt other configured settings within L11WAAP. Or, it can be run after traffic filtering has been completed. An example use case is [custom logic based on the tags that Link11 WAAP attached to the request](#custom-function-for-accessing-tag-data). {% hint style="warning" %} When an admin creates an Edge Function, L11WAAP validates the code with a Lua compiler. If any syntax errors are found, an error message will be shown. However, Link11 does not validate the code beyond this. **Please ensure that the code is valid and tested before adding it.** If the code has errors, undefined behavior can occur when L11WAAP attempts to execute it. {% endhint %} Edge Functions are a very powerful tool. If you need assistance with this feature, please feel free to [contact support](/support.md). ## Usage within applications and APIs Edge Functions are assigned to destination paths/URLs within [Security Policies](/console-walkthrough/security/security-policies.md). {% hint style="info" %} Out of the box, L11WAAP includes a number of Edge Functions. Initially, they are not assigned to any Security Policies, and thus, are inactive by default. {% endhint %} ## Administration The main window (shown above) lists all current Edge Functions. The administration (addition/deletion/editing/versioning) of EFs follows the conventions described [here](/how-link11-waap-works/ui-overview-and-common-elements.md#configuration-and-administration). ## Parameters
### Name A name for this EF, to be used within the interface. ### Description Information about this EF, for use within the interface. ### Phase This specifies when the Edge Function code will be executed.
PhaseDescription
Request Pre Processing

Executes immediately when L11WAAP receives an incoming request, before any other processing occurs.

  • Runs before the security logic.
  • Cannot be preempted/prevented by the security logic, since it executes beforehand.
  • A request might only be blocked here if NGINX itself blocks it (e.g., due to malformed headers or connection limits).
Request Post Processing

Executes after L11WAAP has finished processing the request, and before it sends the request to the backend server.

  • Runs after the security logic.
  • Will only be reached if the request is allowed by the security logic.
  • If the request is blocked, this stage will not be executed.
Response Pre Processing

Executes when L11WAAP receives the response from the backend.

  • Runs on the response coming back from the origin, before any potential processing.
  • The response cannot be blocked here, as L11WAAP does not evaluate or filter responses from the origin at this stage (unless NGINX does it for some reason).
Response Post Processing

Executes as the last action before L11WAAP sends the response to the client.

  • Runs after the response has been processed (e.g., the addition of the upstream-status tag) and just before it is sent to the client.
  • Similar to the previous stage, since there is no security logic evaluating responses, this function cannot be blocked and will execute as normal.
### Code The Lua code for the Edge Function. ### Connections to Security Policies The list of Security Policies that include this Edge Function. Each Security Policy defines the scope (i.e., the paths within Backend Services) for which the Function will be active. For a discussion of how to use this control, see [Connections to Security Policies](/how-link11-waap-works/ui-overview-and-common-elements.md#connections-to-security-policies). ## Examples Out of the box, Link11 WAAP includes multiple Edge Functions. These can be studied as good illustrations of how to create and use Edge Functions. Typically, an Edge Function will leverage built-in capabilities of nginx. Link11 WAAP also includes some custom capabilities, described below with examples. ## Custom Capabilities ### Accessing geolocation and ASN/org data Sometimes customers need certain metadata to be sent to their origin servers, such as the request's country code, country name, ASN, or organization. Edge Functions can access this information using these variables: ``` ngx.var.geo_country_code ngx.var.geo_country_name ngx.var.geo_asn ngx.var.geo_org ``` If data is not available, the variable will contain this string: `-`. Here's a usage example of inserting this information into request headers : ``` ngx.req.set_header("x-waap-geo-country-code", string.upper(ngx.var.geo_country_code)) ngx.req.set_header("x-waap-geo-country", ngx.var.geo_country_name) ngx.req.set_header("x-waap-geo-asn", ngx.var.geo_asn) ngx.req.set_header("x-waap-geo-org", ngx.var.geo_org) ``` ### Accessing Tag data Sometimes customers need to access the [Tags](/how-link11-waap-works/tagging.md) attached to the request during L11WAAP's processing, for case-specific purposes (business logic, customized responses, etc.) This can be done in the [Request Post Processing phase](#phase)**,** with a custom function \[`ngx.tag_exist`] that returns a boolean. Its usage is as follows: ``` // returns true if tag1 was attached to the request, false otherwise ngx.tag_exist("tag1") // returns true if tag1 AND tag2 were attached to the request, false otherwise ngx.tag_exist("tag1","tag2") // returns true if tag1 OR tag2 were attached to the request, false otherwise ngx.tag_exist("tag1") || ngx.tag_exist("tag2") ``` For example, L11WAAP includes a default Global Filter that adds a tag (`cloudfront`) to all requests bearing an AWS CloudFront IP. An Edge Function can pass this information to the origin in a header named "is-cloudfront", like this: ``` ngx.header["is-cloudfront"] = ngx.tag_exist("cloudfront") ``` ### Adding custom messages to log events An Edge Function can inject custom messages into events. This can be useful for increasing visibility into traffic logs, debugging, etc. The syntax is as follows: ``` ngx.ctx.additional_messages = {"$MESSAGE"}; ``` So, this Edge Function code: ``` ngx.ctx.additional_messages = {"Hello world"}; ``` ...will add `Hello world` to the event. This message will appear in: * the Event Log's Messages section (shown below) * and the `messages` field when [retrieving traffic data from the API](/reference-information/api/api-access-to-traffic-data.md), or when downloading data from the Events Log.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://waap.docs.link11.com/console-walkthrough/sites/edge-functions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.