|
|
|
|
|
|
by sam-white
2189 days ago
|
|
|
> Who in the right mind is going to enable Web Application Firewall feature, when rules exceptions cannot be configured? Currently we are using ModSecurity for our Web Application Firewall and rather than duplicating their documentation, we refer our users to ModSecurity's documentation for rule configuration. Rule exceptions with GitLab's WAF are possible as documented on the ModSecurity website: https://www.modsecurity.org/CRS/Documentation/exceptions.htm... It is also worth noting that we are in the process of designing a more refined, UI-based policy management experience. While this policy management experience is starting with support for Cilium Network Policies only, we plan to eventually add support for WAF rules as well. We would love to get input or feedback you have on the direction we are headed with our policy management interface at https://gitlab.com/groups/gitlab-org/-/epics/3403 |
|
|