1. Home
2. Guides
3. Next-Gen WAF
4. Setup and configuration
5. Module-agent deployment
6. Java module

The Next-Gen WAF Netty module is implemented as a handler which inspects HttpRequest events before forwarding the event to the next handler in the pipeline.

Download

Download the Next-Gen WAF Java module manually or access it with Maven.

Download manually

1. Click one of the following links to download the latest version of our Java module:

   • https://dl.security.fastly.com
   • https://dl.signalsciences.net

2. Extract sigsci-module-java_latest.tar.gz.

3. Deploy the jars using one of the following options:

   • Copy sigsci-module-java-{version}-shaded.jar (an uber jar with all the dependencies bundled) to your application’s classpath (e.g., %CATALINA_HOME%\webbapps\<APP_FOLDER>\WEB-INF\lib).
   • Copy sigsci-module-java-{version}.jar and its dependencies in the lib folder to your application’s classpath (e.g., %CATALINA_HOME%\webbapps\<APP_FOLDER>\WEB-INF\lib). If you already have any of the dependency jar files in your application classpath folder (i.e., for Tomcat in the WEB-INF\lib) then it is not necessary to copy them, even if the version numbers are different. The logging jars are optional based on how slf4j is configured.

Access with Maven

For projects using Maven for build or deployment, the latest version of Next-Gen WAF Java modules can be installed by adding XML to the project pom.xml file. For example:

<repositories>
   <repository>
      <id>sigsci-stable</id>
      <url>https://packages.signalsciences.net/release/maven2</url>
   </repository>
</repositories>

<dependency>
   <groupId>com.signalsciences</groupId>
   <artifactId>sigsci-module-java</artifactId>
   <version>LATEST_MODULE_VERSION</version>
</dependency>

Be sure to replace LATEST_MODULE_VERSION with the latest release of the Java module. You can find the latest version in our version file at https://dl.signalsciences.net/sigsci-module-java/VERSION.

Install and configure

Create a new instance of WafHandler for every new connection.

• WafHandler must be added after FlowControlHandler.
• HttpObjectAggregator handler should be added before FlowControlHandler to inspect HTTP Post body.
• WafHandler may send HttpResponse for blocked request.

Example deployment

// Update configuration
WafHandler.getSigSciConfig().setMaxPost(40000);

// start server and handle requests
new ServerBootstrap()
.group(bossGroup, workerGroup)
.channel(NioServerSocketChannel.class)
.childHandler(
  new ChannelInitializer<SocketChannel>() {
      @Override
      public void initChannel(SocketChannel ch) throws Exception {
    ch.pipeline()
    .addLast(new HttpServerCodec())
    .addLast(new HttpObjectAggregator(6 * (1 << 20)))
    .addLast(new FlowControlHandler())
    .addLast("waf", new WafHandler())
    .addLast(new SimpleChannelInboundHandler<FullHttpRequest>() {

      // send response

    });
      }
  })
.bind(8080)
.sync();

Related content

• About module-agent deployment
• Next-Gen WAF API documentation