1. Home
2. Guides
3. Next-Gen WAF
4. Setup and configuration
5. Module-agent deployment

Traefik is an open-source application proxy that you can use with Fastly's Next-Gen WAF. Our Traefik plugin is adapted from our official Golang module.

Prerequisites

To use the Traefik plugin, you must be running the Next-Gen WAF agent (formerly known as the Signal Sciences agent). The Traefik plugin communicates with the agent, typically over a Unix socket, to send request data for inspection.

Configuring the Traefik plugin

Configuring the plugin involves two steps: loading it in Traefik's static configuration and enabling it as middleware in the dynamic configuration.

Static configuration

Add the plugin to your static configuration file (i.e., traefik.yml), as shown below, or provide it via command-line arguments. This tells Traefik to load the plugin.

# traefik.yml
experimental:
  plugins:
    sigsciwaf:
      moduleName: "github.com/signalsciences/sigsci-traefik-plugin"
      version: "v1.0.0"

Dynamic configuration

Next, configure the middleware in your dynamic configuration file (i.e., dynamic.yml). This is where you can customize the plugin's behavior. Refer to the list of configuration options in the next section for more information.

# dynamic.yml
http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: "my-service"
      middlewares:
        - "sigsci-waf" # Enable the middleware for this router

  middlewares:
    sigsci-waf:
      plugin:
        sigsciwaf:
          # All configuration options are optional and have sensible defaults.
          # See the options list below for more details.
          agentNetwork: "unix"
          agentAddress: "/var/run/sigsci.sock"
          timeout: "100ms"

Configuration settings

You can use these optional configuration settings in your dynamic configuration.

Related content

• Traefik plugin GitHub repository
• Working with Traefik Plugins
• About module-agent deployment
• Using an API with the Next-Gen WAF