--- title: Traefik plugin install summary: null url: >- https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/module-agent-deployment/traefik-plugin --- [Traefik](https://traefik.io/) is an open-source application proxy that you can use with Fastly's Next-Gen WAF. Our Traefik plugin is adapted from our official [Golang module](https://github.com/signalsciences/sigsci-traefik-plugin). ## Prerequisites To use the Traefik plugin, you must be running the [Next-Gen WAF agent](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/getting-started-with-the-agent) (formerly known as the Signal Sciences agent). The Traefik plugin communicates with the agent, typically over a Unix socket, to send request data for inspection. ## Configuring the Traefik plugin Configuring the plugin involves two steps: loading it in Traefik's static configuration and enabling it as middleware in the dynamic configuration. ### Static configuration Add the plugin to your static configuration file (i.e., `traefik.yml`), as shown below, or provide it via command-line arguments. This tells Traefik to load the plugin. ```yaml # traefik.yml experimental: plugins: sigsciwaf: moduleName: "github.com/signalsciences/sigsci-traefik-plugin" version: "v1.0.0" ``` ### Dynamic configuration Next, configure the middleware in your dynamic configuration file (i.e., `dynamic.yml`). This is where you can customize the plugin's behavior. Refer to the list of configuration options in the next section for more information. ```yaml # dynamic.yml http: routers: my-router: rule: "Host(`example.com`)" service: "my-service" middlewares: - "sigsci-waf" # Enable the middleware for this router middlewares: sigsci-waf: plugin: sigsciwaf: # All configuration options are optional and have sensible defaults. # See the options list below for more details. agentNetwork: "unix" agentAddress: "/var/run/sigsci.sock" timeout: "100ms" ``` ### Configuration settings You can use these optional configuration settings in your dynamic configuration. | Name | Type | Description | Default | | --------------------------- | -------- | ------------------------------------------------------------------------------------ | ---------------- | | `maxContentLength` | `int64` | Maximum request body size (in bytes) to inspect. | `100000` | | `allowUnknownContentLength` | `bool` | Allows inspection of request bodies with an unknown length (e.g., chunked encoding). | `false` | | `anomalySize` | `int64` | Response size (in bytes) that triggers an anomaly inspection. | `524288` (512KB) | | `anomalyDuration` | `string` | Response duration that triggers an anomaly inspection (e.g., "1s"). | `1s` | | `serverIdentifier` | `string` | A custom identifier for this server instance. | `traefik` | ## Related content - [Traefik plugin GitHub repository](https://github.com/signalsciences/sigsci-traefik-plugin) - [Working with Traefik Plugins](https://plugins.traefik.io/install) - [About module-agent deployment](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/module-agent-deployment/about-module-agent-deployment) - [Using an API with the Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf)