Please bundle VMware modsecurity into the gateway #669
Comments
|
thanks for raising this issue and also linking the specific project that can be used to implement WAF.
Will bring this up in the community meeting, to start discussing when can WAF be introduced into EG, stay tuned ! |
|
@arkodg thanks. I didn't know about https://github.com/corazawaf/coraza-proxy-wasm before today. I don't have any particular preference personally as long the Envoy Gateway comes up with some kind of WAF bundled. Happy to test for sure in a production setting and may contribute if I can set aside time. The VMWare project also talks about being more of an |
|
@lakamsani thanks for creating the issue. The intent of #671 is to develop a WAF solution that can support different implementations, with https://github.com/corazawaf/coraza-proxy-wasm being the first supported implementation. I'm open to discussing a different initial implementation but I have concerns about supporting https://github.com/vmware-archive/ModSecurity-envoy since it recompiles Envoy. Does the ModSecurity-envoy project intend on supporting a more pluggable approach, e.g. Wasm, ExternalProcessor, etc? |
|
@danehans I don't know much about that VmWare project. Just found that via Google. As it was developed by VmWare and they created the envoy based Contour project, I thught it might be useful here. I wasn't aware of the Coraza project until yesterday. Don't have a preference either way on how WAF support is added. As long as the OWASP CRS is supported. I will close this so we can use #671 for further WAF discussions. Thanks. |
Description:
This will give us basic WAF features like we can with Apache or Ngnix.
Here's the VmWare project link.
https://github.com/vmware-archive/ModSecurity-envoy
As VMware is involved in this project, perhaps already in a future roadmap? Requesting because the current roadmap doesn't mention it.
The text was updated successfully, but these errors were encountered: