CommunityRelease Apache APISIX 3.9.0We are glad to present Apache APISIX 3.9.0 with exciting new features, bug fixes, and other improvements to user experiences.
EcosystemHardening Apache APISIX with the OWASP's Coraza and Core RulesetThe Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.--OWASP websiteThe OWASP regularly publishes a Top 10 vulnerability report. The report targets vulnerabilities in web applications.In this post, I'd like to describe how to fix some of them via the Apache APISIX API Gateway.
PluginsRate Limit Your APIs With Apache APISIXIn this article, we will look at examples of how we can use the rate limiting plugins in APISIX.
PluginsCreating a Custom Data Mask PluginCreating a custom plugin for APISIX in Lua might be trivial or daunting, depending on your level of expertise in APISIX+OpenResty+Nginx. In this article, we will look at how you can create and run a custom plugin from the ground up while learning some basics of APISIX plugin development.
Case StudiesHow to Supercharge Large-Scale Video Operations with APISIXAuthor: Yu Xia, Senior DevOps Engineer at Migu Video Construction and Operation Center. This article is based on a presentation given by Yu Xia at the APISIX Shanghai Meetup in November 2023.
Case StudiesAPISIX Boosts Lenovo to Build Lightweight and Decentralized GatewayLenovo established a decentralized gateway and centralized dev portal based on APISIX, resolving the bottlenecks of its previous system.
CommunityApache APISIX North America TourOnce in a while, I write non-technical blog posts when I've something worth sharing. Today, I'd like to write about my North America "Tour" across several conferences and user groups.
EcosystemDynamic watermarking with imgproxy and Apache APISIXLast week, I described how to add a dynamic watermark to your images on the JVM. I didn't find any library, so I had to develop the feature, or, more precisely, an embryo of a feature, by myself. Depending on your tech stack, you must search for an existing library or roll up your sleeves. For example, Rust offers such an out-of-the-box library. Worse, this approach might be impossible to implement if you don't have access to the source image.Another alternative is to use ready-made components, namely imgproxy and Apache APISIX. I already combined them to resize images on-the-fly.
CommunityMonthly Report (June 01 - June 30)We have recently made some additions and improvements to specific features within Apache APISIX. These include replacing YAML parser tinyyaml with lyaml, and supporting storing certificates and privat...
EcosystemRandom and fixed routes with Apache APISIXMy ideas for blog posts inevitably start to dry up after over two years at Apache APISIX. Hence, I did some triage on the APISIX repo. I stumbled upon this one question:
EcosystemEven more OpenTelemetry!I continue to work on my Opentelemetry demo. Its main idea is to showcase traces across various technology stacks, including asynchronous communication via an MQTT queue. This week, I added a couple of components and changed the architecture. Here are some noteworthy learnings; note that some of them might not be entirely connected to OpenTelemetry.
CommunityMonthly Report (May 01 - May 31)We have recently made some additions and improvements to specific features within Apache APISIX. These include supporting the hcv namespace in HashiCorp Vault and allowing setting headers in introspec...
VulnerabilitiesHTTP Request Smuggling in forward-auth Plugin (CVE-2024-32638)For APISIX versions 3.8.0 and 3.9.0, enabling the forward-auth plugin allows APISIX to trigger illegal requests (HTTP Request Smuggling).
EcosystemFive ways to pass parameters to Apache APISIXI recently read 6 Ways To Pass Parameters to Spring REST API. Though the title is a bit misleading, as it's unrelated to REST, it does an excellent job listing all ways to send parameters to a Spring application. I want to do the same for Apache APISIX; it's beneficial when you write a custom plugin.
CommunityMonthly Report (April 01 - April 30)We have recently made some additions and improvements to specific features within Apache APISIX. These include adding discovery k8s dump data interface, adding max req/resp body size attributes (max_resp_body_bytes and max_req_body_bytes) in the kafka-logger plugin, and autogenerating the admin API key if they are not configured in the configuration file. For detailed information, please read the monthly report.
CommunityRelease Apache APISIX 3.8.1We are glad to release Apache APISIX 3.8.1 with a bug fix to improve user experiences.