WAF custom rule validation

Problem to solve

Users can provide custom rules to be used with their WAF. This enables them to get maximum control over their security, but requires they become proficient at writing WAF rules, which have a fairly complicated syntax. Because these must be deployed to the WAF & run before an error can be detected, this can make their iteration times longer and make it harder to test their WAF configurations.

Intended users

Devon (DevOps Engineer)
Sidney (Systems Administrator)
Sam (Security Analyst)

Further details

Proposal

Minimal

Provide a way to validate that a set of custom WAF rules are valid syntax and could be successfully loaded into the WAF.
Provide meaningful error messages about why the rules are invalid whenever possible.

Provide a way to auto-correct errors when possible.

WAF custom rule validation

Problem to solve

Intended users

Further details

Proposal

Minimal

Next

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references