Cequence UAP is comprised of the control plane components running in the central UAP CQAI platform and the data plane components, Cequence Defender and Cequence Sensor. UAP CQAI includes CQAI functions as the analysis platform and includes the core analytics engine and management modules for API Sentinel and Bot Defense.
Data plane components include the Cequence Sensor and Cequence Defender. Sensor is a passive listener and consumes mirrored traffic flow. Defender is deployed logically in-line and both monitors network traffic and actively mitigates threats.
Cequence Defender deployment to reverse proxy deployment may be done in two different approaches: inline-upstream or inline-hairpin. In both approaches Cequence Defender is configured as topologically in-line to network flow and logically between the client and the origin server(s).
In an Inline-upstream configuration, the reverse proxy forwards requests from the client directly to Defender, which then processes the request, mitigates if appropriate, and forwards the request on to the origin server(s). Responses flow through Defender in a similar manner.
In an Inline-hairpin configuration both requests and responses are routed through the reverse proxy prior to being forwarded on to the origin server or client, respectively.
Step-by-step deployment instructions for both Envoy and Nginx reverse proxy configurations are available on request from the Cequence Success team.