Requirements discussion for using Defend WAF in GitLab production

A dogfooding opportunity has been brought up to use the Defend WAF in GitLab production. There are requirements that need to be met from the Infrastructure team before this is feasible. This issue is to capture the discussion and provide context around what needs to happen before we can move forward with this opportunity.

For context, here is the original criteria from the Cloudflare project:

• Board: https://gitlab.com/gitlab-com/gl-infra/cloudflare/-/boards/1208230
• Epic: gitlab-com/gl-infra&94

Link to Slack thread: https://gitlab.slack.com/archives/CFHGVJ06R/p1575666816311300