Update time: 2021-03-05


  • Waf is the core implementation of gateway to realize firewall function for network traffic.

Plugin Setting

  • In soul-admin –> plugin management-> waf set to enable.

  • If the user don’t use, please disable the plugin in the backgroud.

  • Add configuration mode in plugin editing.

# The default mode is blacklist mode; If setting is mixed, it will be mixed mode. We will explain it specifically below.

Plugin Setting

  • Introducing waf dependency in the pom.xml of the gateway.
  <!-- soul waf plugin start-->
  <!-- soul waf plugin end-->
  • Selectors and rules, please refer to : selector

    • When model is set to black mode, only the matched traffic will execute the rejection policy, and the unmatched traffic will be skipped directly.

    • When model is set to mixed mode, all traffic will pass through waf plugin. For different matching traffic, users can set whether to reject or pass.


  • Waf is also the pre-plugin of soul, which is mainly used to intercept illegal requests or exception requests and give relevant rejection policies.

  • When faced with replay attacks, you can intercept illegal ip and host, and set reject strategy according to matched ip or host.

  • How to determine ip and host, please refer to: parsing-ip-and-host