There will be good load on this env/service because it will be exposed to internet and all the traffic for back-end resources will be routed by this setup. Roughly 1000+hits/minute.
I am looking for what is optimal config recommendation for setting up ApiGateway in DMZ/internet facing env and general security recommendations i.e. (make sure you have threat protection, checking the size of the request, logging the incoming traffic, have session checks, apply/tune rate limit).
From your points: What I should be checking for -
available resources to gateway - you mean hardware resources here?
capacity of backend - mysql instance of ApiGW?
Original Message:
Sent: 08-07-2019 01:24 PM
From: Leandro Dantas
Subject: Recommendation for internet facing ApiGW server
Hi.
It really depends on service usage.
You need to consider various aspects on a service execution (e.g.: payload size, simultaneous requests, available resources to gateway, capacity of backend) to determine a starting point. From there it is a work of observation and fine tunning as needed.
------------------------------
Sr. Consultant Services
HCL Enterprise Studio
Original Message:
Sent: 08-06-2019 08:57 PM
From: Shashi Ranjan
Subject: Recommendation for internet facing ApiGW server
We are setting up internet facing ApiGW instance and looking for recommendation/guide. I couldn't find a guide anywhere on internet/CA docops so, posting my query here for your recommendations.
We are planning on implementing following assertions. Would you be able to recommend the optimal configuration or share the recommended link if you may have?
https://docops.ca.com/ca-api-gateway/9-4/en/policy-assertions/assertion-palette/threat-protection-assertions
https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/threat-protection-assertions/limit-message-size-assertion
https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/service-availability-assertions/resolve-service-assertion
https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/service-availability-assertions/apply-rate-limit-assertion/
(currently, setting maximum limit of 100 requests per second, over 5 seconds, the bucket can hold up to 500 tokens) – what you would have set?
Appreciate your response & view on this.
------------------------------
Thanks,
Shashi
------------------------------