Unique WAF rules per-environment

Problem to solve

Users will desire to try different WAF rule sets in testing before rolling them out to production. This is valuable if they want to do invasive security testing, such as DAST or fuzzing, against a staged version of the app to confirm it doesn't have false positives or that it detects a new attack, before being rolled out to production.

Introduce the ability to use a different WAF configuration on a per-environment basis to enable this use case.

Note that this is distinct from per-cluster. Customers may wish to use different WAF rules for the same cluster, depending on where the traffic is directed.

• Discuss with engineering technical implications of this & if our cluster Ingress installation could work here
• What if multiple Kubernetes clusters are being used?

Intended users

Further details

Proposal

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references

Some discussion of the same cluster being used in multiple projects: https://gitlab.slack.com/archives/C0AR2KW4B/p1565025011275300