Unique WAF rules per-environment
Problem to solve
Users will desire to try different WAF rule sets in testing before rolling them out to production. This is valuable if they want to do invasive security testing, such as DAST or fuzzing, against a staged version of the app to confirm it doesn't have false positives or that it detects a new attack, before being rolled out to production.
Introduce the ability to use a different WAF configuration on a per-environment basis to enable this use case.
Note that this is distinct from per-cluster. Customers may wish to use different WAF rules for the same cluster, depending on where the traffic is directed.
-
Discuss with engineering technical implications of this & if our cluster Ingress installation could work here -
What if multiple Kubernetes clusters are being used?
Intended users
Further details
Proposal
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
Some discussion of the same cluster being used in multiple projects: https://gitlab.slack.com/archives/C0AR2KW4B/p1565025011275300