You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The WAFProfile defined in a SecurityProfile for a component is the only way to assign WAFProfiles to a component
Current Behaviour
Currently when you use the OWASP configuration option under the WAF configuration it overrides the WAFProfile defined in the security profile and uses a fixed profile that the provider has deemed to implement WAF. Instead providers can offer their own WAFProfiles that might implement OWASP controls and the user can than choose to use them or make their own.
Possible Solution
Remove the OWASP configuration option from the WAF configuration and rely on using the Security Profile WAF Profile
Context
This aligns with how we handle other security controls within our solutions and creates a single configuration option which will control the WAF profile assigned to a given component.
The text was updated successfully, but these errors were encountered:
Expected Behaviour
The WAFProfile defined in a SecurityProfile for a component is the only way to assign WAFProfiles to a component
Current Behaviour
Currently when you use the OWASP configuration option under the WAF configuration it overrides the WAFProfile defined in the security profile and uses a fixed profile that the provider has deemed to implement WAF. Instead providers can offer their own WAFProfiles that might implement OWASP controls and the user can than choose to use them or make their own.
Possible Solution
Remove the OWASP configuration option from the WAF configuration and rely on using the Security Profile WAF Profile
Context
This aligns with how we handle other security controls within our solutions and creates a single configuration option which will control the WAF profile assigned to a given component.
The text was updated successfully, but these errors were encountered: