Integrating Cloudflare Workers with the Cequence Unified API Protection (UAP) platform requires access to the Cloudflare dashboard and permissions to manage Cloudflare workers.
This integration uses a Cloudflare Worker to send Cloudflare traffic to the UAP platform for analysis. Cloudflare Workers provide a serverless execution environment. While there are several ways to deploy a Cloudflare Worker, this guide discusses Cloudflare Workers deployed in the Route mode.
This approach to the Cequence integration with Cloudflare workers does not use Cloudflare Queues. Your Cequence team can assist you in deploying a version of this integration that uses Cloudflare Queues. To confirm that your account supports Cloudflare Queues, see the Cloudflare documentation.
This integration uses the ctx.waitUntil() method to establish asynchronous communication between Cloudflare and the Cequence UAP platform, which has negligible effect on site latency. Cequence errors handle errors with the passThroughOnException method to enable silent failures for minimal site impact.
Generating a traffic client and secret
In order to send traffic from the Cequence Bridge to the Cequence UAP platform, you first need to create auth credentials in UAP to enable the Bridge to authenticate to UAP. In order to create the auth credentials, follow the following steps in your UAP management portal.
- Log in to the UAP management portal UI.
The URL for the management portal UI is typically of the form https://ui.<your-tenant-name>.<domain>. - Select General Settings > User Management.
The User Management pane appears. - Click the Clients tab.
- Click Add New Client.
The new client dialog box appears. - Type the client name in the Client Name field.
- Enable the Traffic Management toggle.
- To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
- Click Save.
A dialog box with the client secret appears. - Click the blue Copy icon to copy the secret to the clipboard, then click Close.
The client is now set up. Note the client name for future use.
The client list appears. - Note the value of the client secret for later use.
To maintain security, this value cannot be shown again.
Use the client ID and secret you just generated in the Cloudflare configuration below as CEQUENCE_CLIENT_ID and CEQUENCE_ID_SECRET respectively.
Cloudflare Configuration
The procedures in this section configure your Cloudflare instance to work with the Cequence UAP platform.
Create a new Worker
In order to create a new Worker to integrate with Cequence, follow the steps below.
- Log in to the Cloudflare dashboard.
- In the left navigation bar, click Workers & Pages > KV.
The KV page appears.
- Click Create a namespace.
The Create a namespace pane appears. - In Namespace Name, type in a name for the Cequence integration. This can be any arbitrary name. Let's select CEQ_KV for this integration example.
- Click Add.
The tabular list of namespaces updates to include CEQ_KV. - Click the copy to clipboard icon from the ID column to copy the namespace ID to your clipboard.
Note this ID for later use. - In the left navigation bar, click Workers & Pages > Overview.
The Overview page appears. - Click Create application.
The Create an application page appears. - Click Create Worker.
The worker creation page appears.
- In the field for Name, type in a name for the Cequence Worker, e.g. cequence-worker-single-dev.
- Click Deploy.
The new Cloudflare Worker deploys and the Preview your Worker page appears.
Configure the Worker with the Cequence Integration
Follow this procedure to configure the newly created Worker with the code that Cequence provides in order to integrate with the UAP platform.
- Click Edit code.
The Cloudflare code window appears. - In the Cloudflare code window, paste the contents of the cequence-standalone-worker.js file available here.
The file is attached to this article and is also available in the build/ directory of the zip file shared with you by your Cequence team. - Click Deploy.
A confirmation dialog box appears. - Click Save and deploy.
The confirmation dialog box closes and the worker deploys.
Configure Routes for the Worker
Follow this procedure to configure routes for the hosts to send traffic to the Cequence UAP platform using Cloudflre Workers. This procedure uses cq-route.com as an example host name. Use the relevant host names from your deployment instead.
- Above the code window, click the worker name, cequence-worker-single-dev.
The worker configuration page appears. - From the top horizontal menu, click Settings > Triggers.
The triggers configuration pane appears. - In Routes, click the ellipsis (...) next to the cequence-worker-single-dev.cq-route.workers.dev route and select Disable route.
A confirmation dialog box appears. - Click Disable.
The confirmation dialog box closes. The default route is now disabled. - Click Add route.
The Add route pane appears. - In Route, type in a host value, e.g. *cq-route.com/*
- From the Zone drop-down, select cq-route.com.
- Click Add route.
Repeat these steps to add further routes. - Optionally, edit an existing route by clicking the ellipsis (...) next to an existing route and selecting Edit route.
- From the top horizontal menu, click Settings > Variables.
The Environment Variables page appears. - Click Add variable.
Add the following environmental variables and click Deploy.
Variable Name Value Needs changing CEQ_ENV DEV No; do not change CEQUENCE_AUTH_ENDPOINT https://auth.<your-tenant-name>/auth/realms/cequence/protocol/openid-connect/token Yes CEQUENCE_EDGE_ENDPOINT https://edge.<your-tenant-name>/api-transactions Yes CEQ_TOKEN_RETRY_COUNT 5 No; do not change CEQ_SINGLE_EVENT_RETRY_COUNT 5 No; do not change CEQ_INITIAL_RETRY_DELAY_SEC 0.5 No; do not change CEQUENCE_CLIENT_ID client-id Yes CEQUENCE_CLIENT_SECRET client-secret Yes
Associate Namespace Binding with the Worker
Follow this procedure to associate the newly configured Worker with the namespace created at the beginning of this guide.
- In the Environment Variables page, scroll to KV Namespace Bindings and click Add binding.
The KV Namespace Bindings pane appears. - In Variable name, type CEQ_KV.
- From the KV Namespace drop-down, select CEQ_KV.
- Click Deploy.
The Cloudflare Worker is now configured to integrate with the Cequence UAP platform.
To confirm successful integration, send requests to the configured routes and watch for activity on your Cequence UAP platform dashboard.
Validating the Cloudflare Configuration
- Log in to the Cloudflare dashboard.
- In the left navigation bar, click Workers & Pages > Overview.
- Select the CEQ_KV worker.
The configuration page for the worker appears. - From the top horizontal menu, click Logs.
The logs pane appears. - Click Begin log stream.
Activity logs display in the log window.