WAF

Web应用防火墙架构图，涵盖安全检测链、OWASP保护流程及F5分布式云WAAP功能。

安全检测管道

从CDN边缘经WAF、机器人防御和负载均衡器到源站基础设施的多层安全检测链。

architecture-beta
  group edge(lucide:shield)[Security Edge]
  group origin(carbon:cloud-services)[Origin Infrastructure]

  service cdn(carbon:content-delivery-network)[CDN] in edge
  service waf(carbon:firewall)[WAF] in edge
  service bot(lucide:shield-check)[Bot Defense] in edge
  service lb(carbon:load-balancer-application)[Load Balancer] in origin
  service app(carbon:application)[App Server] in origin
  service db(carbon:data-base)[Database] in origin

  cdn:R --> L:waf
  waf:R --> L:bot
  bot:R --> L:lb
  lb:R --> L:app
  app:B --> T:db

F5 XC WAAP 防护

F5分布式云Web应用与API防护，集成机器人防御及客户端防御功能。

architecture-beta
  group xcedge(lucide:cloud)[F5 XC Edge]
  group cloud(carbon:cloud-services)[Cloud Origin]

  service waap(f5xc:web-app-and-api-protection)[WAAP] in xcedge
  service botdef(f5xc:bot-defense)[Bot Defense] in xcedge
  service csd(f5xc:client-side-defense)[Client-Side Defense] in xcedge
  service lb(carbon:load-balancer-application)[Load Balancer] in cloud
  service app(carbon:application)[Application] in cloud
  service api(carbon:api)[API Service] in cloud

  waap:R --> L:botdef
  botdef:R --> L:csd
  csd:R --> L:lb
  lb:R --> L:app
  lb:B --> T:api

OWASP 保护流程

WAF请求处理管道，展示针对OWASP十大威胁类别的检测阶段。

flowchart LR
  req@{ icon: 'lucide:globe', label: 'Request' }
  tls@{ icon: 'lucide:lock', label: 'TLS Termination' }
  rate@{ icon: 'carbon:load-balancer-vpc', label: 'Rate Limiting' }
  waf@{ icon: 'carbon:firewall', label: 'WAF Rules' }
  bot@{ icon: 'lucide:shield-check', label: 'Bot Check' }
  app@{ icon: 'carbon:application', label: 'Application' }

  req --> tls
  tls --> rate
  rate --> waf
  waf --> bot
  bot --> app