Versions Compared

Old Version 3

changes.mady.by.user John Gerlock

Saved on

compared with

New Version Current

changes.mady.by.user Philip Deegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because API Protect does not send any of your request data to Data Theorem, our API Protect agent needs to be deployed in your environment. We package our agent for deployment as a RHEL VM, a Kubernetes Service, a Docker Compose service, and a Podman pod. We can also quickly and easily provide different packages on request.

Deploy Agent as

...

Docker Compose Service

Extract the archive

Code Block
unzip network_analyzer.zip

In the directory where the archive has been uncompressed, to start the services of the network traffic analyzer run the following command:

Code Block
languagebash
# unzip the agent software you download from our portal
unzip API_PROTECT_AGENT_VM.zip

# deploy the agent VM named vtap_agent.ova to your VMWare environment

Deploy Agent as Kubernetes Service

Code Block
languagebash
# unzip the agent software you download from our portal
unzip API_PROTECT_AGENT_HELM.zip

# untar the agent Helm chart
tar xf vtap_agent_helm_charts.tgz

# deploy the agent Helm chart to your Kuberenetes cluster
helm install vtap-agent \
    ./vtap_agent        \
    --create-namespacedocker-compose up -d

To verify the network traffic analyzer services have started properly run the following command:

Code Block
docker-compose ps

If the service has started properly you should see something mostly the same as the following:

Code Block
CONTAINER ID   IMAGE                                                                                   COMMAND                  CREATED       STATUS           \     --namespace datatheoremPORTS   \     --set bearerToken=$(cat .dt_client_id)

Deploy Agent as Docker Compose Service

Code Block
languagebash
# unzip the agent software you download from our portal unzip API_PROTECT_AGENT_DOCKER_COMPOSE.zip  # start the docker-compose service docker-compose --env-file .dt_env up

Deploy Agent as Podman Pod Service

Code Block
languagebash
# unzip the agent software you downloadNAMES
from
our360db972caa9 portal unzip API_PROTECT_AGENT_PODMAN.zip

# run the install script to create the podman pod
./create_vtap_agent_pod.sh --env-file .dt_env us-central1-docker.pkg.dev/dev-api-protect-api/cloud-protect-registry/analyzer:latest   "supervisord -c /etc…"   1 hours ago   Up 1 hours (healthy)   0.0.0.0:8081->8081/tcp, :::8081->8081/tcp  api-protect-analyzer-1

Once the agent is deployed, make note of the agent’s HTTPS URL so you can add it to the Cloudflare Worker’s environment as the DATA_THEOREM_SERVICE_URL

Step 2: Add Data Theorem Integration Code to your Cloudflare Workers

API Protect has two modes of operation, observability mode and blocking mode. In observability mode, your API traffic will be analyzed asynchronously which will minimize latency, but we will not block requests even if we detect attacks or other malicious activity. In blocking mode, our analysis happens before the request is forwarded, so attacks will be blocked, but the latency will be slightly higher.

We recommend using observability mode initially.

Deploy In Observability Mode

The API Protect for Cloudflare Workers software package you download from our portal will contain a client_id we generate to authenticate your services with our system. It will also contain instructions and code examples that demonstrate how to add our integration to your existing Cloudflare Worker code.

...

languagebash

...

Creating and deploying a new Cloudflare Worker on Cloudflare site

Extract the archive

Code Block
languagenone
unzip CFW.zip

From the data_theorem_forwarder directory, view the contents of the file wrangler.toml and determine your FORWARD_URL

Code Block
languagetoml
[vars]
CLIENT_ID=<randomly generated value>

# Update FORWARD_URL to the domain you have configured with '/relayed' as the path
# Example: if your domain is `sub.domain.com`, the below line should be: `FORWARD_URL = "<https://sub.domain.com/relayed"`>
FORWARD_URL = "<https://[ANALYZER_DOMAIN]/relayed">

On http://cloudflare.com from the workers page:

  1. click 'Create a Service'

  2. from the 'Select a starter' panel, choose 'HTTP Router' and click 'Create Service'

  3. switch to the 'Setting' tab and click 'Add Variable'

  4. create a variable named CLIENT_ID using the value from the CLIENT_ID key in data_theorem_forwarder/wrangler.toml

  5. create a second variable named FORWARD_URL using value from the instructions in data_theorem_forwarder/wrangler.toml

  6. click 'Save and deploy'

  7. click 'Quick edit'

  8. replace the contents of the left-most code panel by pasting the contents of data_theorem_forwarder/src/index.js then click 'Save and Deploy'

Creating and deploying a new Cloudflare Worker with Wrangler CLI

Extract the archive

Code Block
unzip CFW.zip

From the data_theorem_forwarder directory

Edit the file wrangler.toml to replace [ANALYZER_DOMAIN] with your domain

Code Block
languagetoml
[vars]
CLIENT_ID=<randomly generated value>

# Update FORWARD_URL to the domain you have configured with '/relayed' as the path
# Example: if your domain is `sub.domain.com`, the below line should be: `FORWARD_URL = "<https://sub.domain.com/relayed"`>
FORWARD_URL = "<https://[ANALYZER_DOMAIN]/relayed">
Code Block
languagebash
npx wrangler publish src/index.js --name my-worker