CommunityRelease Apache APISIX 3.9.0We are glad to present Apache APISIX 3.9.0 with exciting new features, bug fixes, and other improvements to user experiences.
EcosystemHardening Apache APISIX with the OWASP's Coraza and Core RulesetThe Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.--OWASP websiteThe OWASP regularly publishes a Top 10 vulnerability report. The report targets vulnerabilities in web applications.In this post, I'd like to describe how to fix some of them via the Apache APISIX API Gateway.
PluginsRate Limit Your APIs With Apache APISIXIn this article, we will look at examples of how we can use the rate limiting plugins in APISIX.
PluginsCreating a Custom Data Mask PluginCreating a custom plugin for APISIX in Lua might be trivial or daunting, depending on your level of expertise in APISIX+OpenResty+Nginx. In this article, we will look at how you can create and run a custom plugin from the ground up while learning some basics of APISIX plugin development.
Case StudiesHow to Supercharge Large-Scale Video Operations with APISIXAuthor: Yu Xia, Senior DevOps Engineer at Migu Video Construction and Operation Center. This article is based on a presentation given by Yu Xia at the APISIX Shanghai Meetup in November 2023.
Case StudiesAPISIX Boosts Lenovo to Build Lightweight and Decentralized GatewayLenovo established a decentralized gateway and centralized dev portal based on APISIX, resolving the bottlenecks of its previous system.
CommunityApache APISIX North America TourOnce in a while, I write non-technical blog posts when I've something worth sharing. Today, I'd like to write about my North America "Tour" across several conferences and user groups.
VulnerabilitiesHTTP Request Smuggling in forward-auth Plugin (CVE-2024-32638)For APISIX versions 3.8.0 and 3.9.0, enabling the forward-auth plugin allows APISIX to trigger illegal requests (HTTP Request Smuggling).
EcosystemFive ways to pass parameters to Apache APISIXI recently read 6 Ways To Pass Parameters to Spring REST API. Though the title is a bit misleading, as it's unrelated to REST, it does an excellent job listing all ways to send parameters to a Spring application. I want to do the same for Apache APISIX; it's beneficial when you write a custom plugin.
CommunityMonthly Report (April 01 - April 30)We have recently made some additions and improvements to specific features within Apache APISIX. These include adding discovery k8s dump data interface, adding max req/resp body size attributes (max_resp_body_bytes and max_req_body_bytes) in the kafka-logger plugin, and autogenerating the admin API key if they are not configured in the configuration file. For detailed information, please read the monthly report.
CommunityRelease Apache APISIX 3.8.1We are glad to release Apache APISIX 3.8.1 with a bug fix to improve user experiences.
CommunityRelease Apache APISIX 3.9.1We are glad to release Apache APISIX 3.9.1 with a bug fix to improve user experiences.
PluginImplementing the Idempotency-Key specification on Apache APISIXLast week, I wrote an analysis of the IETF Idempotency-Key specification. The specification aims to avoid duplicated requests. In short, the idea is for the client to send a unique key along with the request:If the server doesn't know the key, it proceeds as usual and then stores the responseIf the server knows the key, it short-circuits any further processing and immediately returns the stored responseThis post shows how to implement it with Apache APISIX.
EcosystemHow to build APISIX in SLES 15By reading this article you will learn how to build Apache APISIX SLES 15 from source code. The build process will be done in the SLE BCI 15 SP5 Base Container
CommunityFixing duplicate API requestsThe first rule of distributed systems is "Don’t distribute your system". Designing distributed systems right is infamously hard for multiple reasons.
CommunityMonthly Report (March 01 - March 31)We have recently made some additions and improvements to specific features within Apache APISIX. For detailed information, please read the monthly report.