info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
---
...
@@ -15,19 +15,14 @@ much more.
...
@@ -15,19 +15,14 @@ much more.
## Overview
## Overview
GitLab provides a WAF out of the box after Ingress is deployed.
GitLab provides a WAF out of the box after Ingress is deployed. All you need to do is deploy your
All you need to do is deploy your application along with a service
application along with a service and Ingress resource. In GitLab's [Ingress](../../user/clusters/applications.md#ingress)
and Ingress resource.
deployment, the [ModSecurity](https://modsecurity.org/)
module is loaded into Ingress-NGINX by default and monitors the traffic going to the applications
which have an Ingress. The ModSecurity module runs with the [OWASP Core Rule Set (CRS)](https://coreruleset.org/)
by default. The OWASP CRS detects and logs a wide range of common attacks.
In GitLab's [Ingress](../../user/clusters/applications.md#ingress) deployment, the [ModSecurity](https://modsecurity.org/) module is loaded
By default, the WAF is deployed in Detection-only mode and only logs attack attempts.
into Ingress-NGINX by default and monitors the traffic going to the
applications which have an Ingress.
The ModSecurity module runs with the [OWASP Core Rule Set (CRS)](https://coreruleset.org/) by default. The OWASP CRS will detect and log a wide range of common attacks.
NOTE: **Note:**
The WAF is deployed in "Detection-only mode" by default and will only log attack
attempts.
## Requirements
## Requirements
...
@@ -98,5 +93,5 @@ It is good to have a basic knowledge of the following:
...
@@ -98,5 +93,5 @@ It is good to have a basic knowledge of the following:
## Roadmap
## Roadmap
More information on the direction of the WAF can be
You can find more information on the product direction of the WAF in
found in [Product Vision - Defend](https://about.gitlab.com/direction/defend/#waf)
[Category Direction - Web Application Firewall](https://about.gitlab.com/direction/protect/web_application_firewall/).
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
---
...
@@ -17,7 +17,7 @@ These instructions will also work for a self-managed GitLab instance. However, y
...
@@ -17,7 +17,7 @@ These instructions will also work for a self-managed GitLab instance. However, y
need to ensure your own [runners are configured](../../ci/runners/README.md) and
need to ensure your own [runners are configured](../../ci/runners/README.md) and
[Google OAuth is enabled](../../integration/google.md).
[Google OAuth is enabled](../../integration/google.md).
**Note**: GitLab's Web Application Firewall is deployed with [Ingress](../../user/clusters/applications.md#ingress),
GitLab's Web Application Firewall is deployed with [Ingress](../../user/clusters/applications.md#ingress),
so it will be available to your applications no matter how you deploy them to Kubernetes.
so it will be available to your applications no matter how you deploy them to Kubernetes.
## Configuring your Google account
## Configuring your Google account
...
@@ -252,7 +252,7 @@ You can now see the benefits of a using a Web Application Firewall.
...
@@ -252,7 +252,7 @@ You can now see the benefits of a using a Web Application Firewall.
ModSecurity and the OWASP Core Rule Set, offer many more benefits.
ModSecurity and the OWASP Core Rule Set, offer many more benefits.
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers