Istio is an open source service mesh that layers transparently onto existing distributed applications.
Cequence Unified API Protection integrates with the Istio Gateway.
Cequence Defender may be integrated using either an Envoy Filter or establishing Cequence Defender as an alternate Virtual Service.
Cequence Defender container will usually be deployed to its own pod, but may also be co-located in the Istio Gateway pod.
Client requests to the Application are routed via Envoy Proxy in the Istio Gateway Pod to Cequence Defender. Defender processes the request based on Cequence Bot Defense detection and mitigation policies and routes the request back to the Envoy Proxy with an injected header. The Istio Envoy Proxy forwards this request to the Application. The Application response then flows back in the reverse direction, and again, is routed through Defender.
The routing is defined as part of the VirtualService definition and achieved via header routing.
Detailed documentation steps are available to existing and prospective customers.