---

sidebar_position: 10 title: Waf Plugin keywords: [“waf”] description: waf plugin

Explanation

• Waf is the core implementation of gateway to realize firewall function for network traffic.

Plugin Setting

• In soul-admin --> plugin management-> waf set to enable.
• If the user don't use, please disable the plugin in the background.
• Add configuration mode in plugin editing.

{"model":"black"}  
# The default mode is blacklist mode; If setting is mixed, it will be mixed mode. We will explain it specifically below.

Plugin Detail

• Introducing waf dependency in the pom.xml of the gateway.

  <!-- soul waf plugin start-->
  <dependency>
      <groupId>org.dromara</groupId>
      <artifactId>soul-spring-boot-starter-plugin-waf</artifactId>
      <version>${last.version}</version>
  </dependency>
  <!-- soul waf plugin end-->

• Selectors and rules, please refer to : selector
• When model is set to black mode, only the matched traffic will execute the rejection policy, and the unmatched traffic will be skipped directly.
• When model is set to mixed mode, all traffic will pass through waf plugin. For different matching traffic, users can set whether to reject or pass.

Situation

• Waf is also the pre-plugin of soul, which is mainly used to intercept illegal requests or exception requests and give relevant rejection policies.
• When faced with replay attacks, you can intercept illegal ip and host, and set reject strategy according to matched ip or host.
• How to determine ip and host, please refer to: parsing-ip-and-host