Reblaze Part of Link11
v5
v5v2.20.4v2.20.2v2.20v2.18v2.16v2.14v2.12v2 Release NotesMobile SDK v2.3.0Mobile SDK v2.2.x
v5
v5v2.20.4v2.20.2v2.20v2.18v2.16v2.14v2.12v2 Release NotesMobile SDK v2.3.0Mobile SDK v2.2.x
  • Reblaze Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Usage within applications and APIs
  • Administration
  • Parameters
  • Name
  • Load Balancing Stickiness Model
  • Description
  • Transport Protocol
  • Endpoint List (not labeled in the UI)

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Sites

Backend Services

PreviousMobile Application GroupsNextEdge Functions

Last updated 3 days ago

Was this helpful?

Overview

This section defines the Backend Services that Link11 WAAP will protect. In other words, these are the destinations to which Link11 WAAP will send the (legitimate) traffic it receives.

A Service consists of one or more endpoints (defined in the Endpoint List, discussed below). Each Service can receive traffic for multiple web applications, and for multiple resources/locations within each web application.

For a single Service, you can define multiple endpoints. Within them you can:

  • Enable and configure load balancing, weighting and distributing traffic across your primary endpoints.

  • Define backups hosts, to which L11WAAP will failover your traffic when your primary hosts aren’t available.

  • Take hosts offline for maintenance by ticking a single box in the interface.

Usage within applications and APIs

Backend Services are designated to receive traffic for specific destination URLs in Server Groups.

Administration

The main window (shown above) lists all currently defined Backend Services.

The administration (addition/deletion/editing/versioning) of these Services follows the conventions described here.

Parameters

Name

A name for this Service, to be used within the interface.

Load Balancing Stickiness Model

Sometimes an application requires a user to be connected to the same instance and backend endpoint throughout the session. L11WAAP can ensure that this occurs, and can do so using a variety of methods.

Setting

Behavior

None

This is the default. Requests will be distributed across the endpoints in a round-robin fashion, according to the Weights assigned to them (described below in the ).

Auto Cookie

L11WAAP will automatically generate a cookie to maintain the session on the same endpoint.

Custom Cookie

You can provide the name of the cookie that L11WAAP will use to track the session, e.g. one generated by an AWS or GCP load balancer.

IP Hash

Routing will be determined from a hash of the client and destination IP addresses.

Least Connection

Requests will be sent to the endpoint with the fewest number of connections.

Description

Information about this Service, for use within the interface.

Transport Protocol

This configures the communication between L11WAAP and the backend.

Option

Value

Per Request

This is the default mode. Incoming HTTP requests will go over HTTP, and incoming HTTPS requests will go over HTTPS.

HTTP Always

All communication between L11WAAP and the backend will be over HTTP. (This mode should not be used unless L11WAAP runs within the same cloud as the backend.)

HTTPS Always

All communication between L11WAAP and the backend will be over HTTPS.

Port Bridge Mode

Link11 WAAP will use the same port as the incoming request. This is not limited to ports 80 and 443; L11WAAP will use whatever port was specified. Note: this mode is not available when more than one host is defined.

Endpoint List (not labeled in the UI)

This is a list of one or more endpoints. The settings for each endpoint in the list are as follows.

Attribute

Description

Host

The name or IP address for each endpoint that L11WAAP protects. (Do not enter self-referential values such as 127.0.0.0/8, 0.0.0.0, ::1/128, ::0/128 or “localhost”.) The host can be a normal web server, or it can be a load-balancer. Note that L11WAAP also provides load-balancing capabilities in its own right, as discussed below. In Port Bridge Mode, it is possible to specify more than one host, separated by commas (as in the screenshot above).

HTTP Port

The HTTP port(s) for the server. To add a port, click in the field, and enter the port number into the "Search" field.

HTTPS Port

The HTTPS port(s) for the server. To add a port, click in the field, and enter the port number into the "Search" field.

Weight

The relative weight of each server for load-balancing purposes. L11WAAP distributes traffic with a round-robin sequence, according to these weights. For example, if two servers are both set to 'weight=1', they will receive equal amounts of traffic. If the first is set to 'weight=3' while the second is set to 'weight=1', the first server will receive three visitors for every single visitor that the second server receives.

Max Fails

The maximum number of failed communication attempts that are allowed for this server. Once this number of failures occurs, L11WAAP will consider the server to be inactive. If other servers are available, L11WAAP will failover the traffic to them. If this was the only server available, the system will return an error to the client (either 504 Timeout, or 502 Bad Gateway).

Fail Timeout

When a server fails, this is the length of time in seconds that L11WAAP will wait before trying to send traffic to it again.

Is Down?

When this box is checked, L11WAAP will not attempt to communicate with this server. This allows you to take a server offline for temporary maintenance or some other purpose.

There is currently a bug when adding a new endpoint to a list of existing endpoints. The second one will have its Is Down? checkbox disabled. Workaround: if you wish to add a "down" endpoint, begin by defining and adding it in "up" mode. Then, edit it; the Is Down? checkbox will be available.