Cleafy protects online services against today’s targeted attacks. Cleafy patented real-time threat detection and protection technology is effective in detecting account takeover and transaction tampering leveraging Man-In-The-Browser (MITB), Man-In-The-Middle (MITM), Mobile Overlay, SIM Swap, API Abuse, and others advanced techniques.
Cleafy real-time continuous risk assessment prevents sensitive data loss and payment fraud while minimizing false positives and operational impact. Cleafy threat visibility also makes possible to implement automated threat responses and an adaptive security posture.
Cleafy is client-less and does not require any change to the monitored applications. Cleafy passively monitors application traffic by integrating into any application delivery architecture, typically at ADC or API Gateway level. Cleafy plugin for Kong allows Cleafy to smoothly integrate into any Kong-powered architecture.
For more details visit the Cleafy resources page.
Cleafy-Stream Kong plugin
Installation
Plugin installation mainly depends on where your Kong installation runs:
Standalone Installation
Once the .rock file has been obtained from your Cleafy distributor it can be installed using the luarocks package manager.
luarocks install cleafy-plugin-for-kong-VERSION.rock
Typical configuration (via curl)
Register Cleafy backend as a Kong service:
$ curl -i -X POST --url http://url-to-kong-api:8001/services/ --data 'name=cleafy' --data 'url=<url-to-cleafy-api>'
Moreover, each application you want to manage via Kong must be registered as a service:
$ curl -i -X POST --url http://url-to-kong-api:8001/services/ --data 'name=app1' --data 'url=<url-to-app1-application-server>'
For each application registered (Cleafy excluded) you must define two Kong routes: the first routing traffic to the application server and the second routing traffic to the Cleafy backend:
$ curl -i -X POST --url http://url-to-kong-api:8001/routes/ --data 'hosts[]=<hostname>' --data 'service.id=<cleafy-service-id>' --data 'paths[]=/<ingestion-prefix>'
$ curl -i -X POST --url http://url-to-kong-api:8001/routes/ --data 'hosts[]=<hostname>' --data 'service.id=<app-service-id>'
Then you must activate the stream plugin over each app-related route:
$ curl -i -X POST --url http://url-to-kong-api:8001/plugins/ --data 'name=stream' --data 'route_id=<app-route-id' --data 'config.api_address=<cleafy-api-address>' --data 'config.api_token=<ingestion-token>'
Configuration Reference
This plugin is compatible with DB-less mode.
Example plugin configuration
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
Form Parameter | Description |
---|---|
name
required Type: string |
The name of the plugin, in this case cleafy-plugin-for-kong . |
route.name or route.id
Type: string |
The name or ID of the route the plugin targets.
Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint.
Not required if using /routes/ROUTE_NAME|ROUTE_ID/plugins . |
enabled
Type: boolean Default value: true |
Whether this plugin will be applied. |
config.api_address
required |
Specifies the URL pointing to the Cleafy API. |
config.accept_encoding
optional |
Specifies the type of encoding accepted from the backend server. This plugin does not support gzip-encoded requests. |