Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WAF Deprecate the OWASP solution configuration option #2066

Open
roleyfoley opened this issue Oct 24, 2022 · 0 comments
Open

WAF Deprecate the OWASP solution configuration option #2066

roleyfoley opened this issue Oct 24, 2022 · 0 comments

Comments

@roleyfoley
Copy link
Contributor

Expected Behaviour

The WAFProfile defined in a SecurityProfile for a component is the only way to assign WAFProfiles to a component

Current Behaviour

Currently when you use the OWASP configuration option under the WAF configuration it overrides the WAFProfile defined in the security profile and uses a fixed profile that the provider has deemed to implement WAF. Instead providers can offer their own WAFProfiles that might implement OWASP controls and the user can than choose to use them or make their own.

Possible Solution

Remove the OWASP configuration option from the WAF configuration and rely on using the Security Profile WAF Profile

Context

This aligns with how we handle other security controls within our solutions and creates a single configuration option which will control the WAF profile assigned to a given component.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant