Now let's have a closer look at the Applications configuration. Here is the Applications list page, let's go to the openresty.org application.
Now we've got the Overview page for the application configuration panel.
The Summary tab shows all the configurations we've already added for this applicaiton.
The Overview tab gives a brief introduction to various pages, which can be accessed from the left hand side menu.
The most important page is the Releases page. In this page you can manage any historical releases, and revert to any old releases, or make a new release of configuration to the gateway.
The SSL page lets you configure downstream SSL and TLS certificates and private keys, as well as rate limiting in the downstream SSL handshake phase to avoid DOS attacks.
The User Variables page lets you add customized variables which can be used in the conditions or actions of the rulesets.
The Filtering and Redirects page allows you to define early stage request rewriting rules and redirects, and configure custom rules for rewriting response headers and so on.
The backend application servers are configured in the Upstream page.
And you can add cache flush jobs on the Cache Flush page.
The Error Logs page allows you to view real-time error log messages for the current application.
The WAF Whitelist page provides a built-in web application firewall for your incoming traffic. We use the Core Rule Set (CRS) of ModSecurity. The whole WAF is running on our own OpenResty Edge infrastructure, so it's much more efficientthan ModSecurity, the Apache ModSecurity module.
The WAF Logs page shows the real-time logs for detected suspicious requests.
The Metrics page allows you to view real-time metrics for the current application. In the future we will also allow defining custom metrics on the fly.
The User Access Control page allows you to grant access to other Normal Users and also manage their permissions, like read, write, and release permissions in this application.
The Tests page allows you to craft and send test requests to the current application gateway without actually releasing the changes to the gateway.