Research: Collect ModSecurity information and show them to users
Problem to solve
ModSecurity can provide Web Application Firewall (WAF) functionalities to the cluster ingress, and track all the possible malicious requests that are sent to an application.
This information should be collected by GitLab, and shown to users so they can be aware of possible attacks and take actions.
Further details
This issue could benefit of existing monitor capabilities GitLab already has in ~"devops:monitor".
Proposal
Configure ModSecurity so that log information are sent to a monitoring server, and then consumed via the GitLab UI.
We could leverage the existing Operations Dashboard or create something custom, depending on which functionalities are available.
What does success look like, and how can we measure that?
Users look at information from ModSecurity in the UI and start actions from there.
Edited by Nicole Schwartz