GitLab Next

Background and context

Please reference the details provided in the WAF Deprecation issue.

Requirements:

1. GitLab WAF and ModSecurity will be removed from the product
2. GitLab WAF and ModSecurity will be removed from the product documentation
3. Related Modsecurity metrics will be updated to status: removed, including (but not limited to) the following files:
   1. config/metrics/counts_all/20210216175442_ingress_modsecurity_packets_processed.yml
   2. config/metrics/counts_all/20210216175444_ingress_modsecurity_packets_anomalous.yml
   3. config/metrics/counts_all/20210216175450_ingress_modsecurity_logging.yml
   4. config/metrics/counts_all/20210216175452_ingress_modsecurity_blocking.yml
   5. config/metrics/counts_all/20210216175454_ingress_modsecurity_disabled.yml
   6. config/metrics/counts_all/20210216175456_ingress_modsecurity_not_installed.yml
   7. config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
   8. ee/config/metrics/counts_all/20210216175441_ingress_modsecurity_statistics_unavailable.yml
4. Modsecurity will not be uninstalled from clusters where it was previously installed upon upgrade from %13.12 -> %14.0; however, GitLab will no longer manage Modsecurity there and a redeploy of the cluster or Ingress node may remove the WAF functionality
5. A verification test will be performed that Ingress can still be installed and that it works properly without ModSecurity
6. Our packaged ingress configuration and modsecurity.conf will be stored in a public project for historical purposes and for ease of reference if someone should choose to install it manually. This repository and code will be provided as a service to customers, but it will not be actively maintained by GitLab. (for reference, there is an example of where this was done in %13.0)