Remove GitLab WAF
Background and context
Please reference the details provided in the WAF Deprecation issue.
Requirements:
- GitLab WAF and ModSecurity will be removed from the product
- GitLab WAF and ModSecurity will be removed from the product documentation
- Related Modsecurity metrics will be updated to
status: removed
, including (but not limited to) the following files:config/metrics/counts_all/20210216175442_ingress_modsecurity_packets_processed.yml
config/metrics/counts_all/20210216175444_ingress_modsecurity_packets_anomalous.yml
config/metrics/counts_all/20210216175450_ingress_modsecurity_logging.yml
config/metrics/counts_all/20210216175452_ingress_modsecurity_blocking.yml
config/metrics/counts_all/20210216175454_ingress_modsecurity_disabled.yml
config/metrics/counts_all/20210216175456_ingress_modsecurity_not_installed.yml
config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
ee/config/metrics/counts_all/20210216175441_ingress_modsecurity_statistics_unavailable.yml
- Modsecurity will not be uninstalled from clusters where it was previously installed upon upgrade from %13.12 -> %14.0; however, GitLab will no longer manage Modsecurity there and a redeploy of the cluster or Ingress node may remove the WAF functionality
- A verification test will be performed that Ingress can still be installed and that it works properly without ModSecurity
-
Our packaged ingress configuration and
modsecurity.conf
will be stored in a public project for historical purposes and for ease of reference if someone should choose to install it manually. This repository and code will be provided as a service to customers, but it will not be actively maintained by GitLab. (for reference, there is an example of where this was done in %13.0)