Custom rules for Web Application Firewall
Problem to solve
GitLab will support Web Application Firewall with OWASP default rules.
Users may want to tune the configuration to fit their specific needs. We can consider to allow new configuration to be pushed to the ModSecurity module on the ingress.
Users can specify their own rules and activate them in the WAF configuration. This is possible via
What does success look like, and how can we measure that?
Number of customized WAF configurations.