Skip to content

Extend NGINXProxy with waf enabled toggle #3453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ciarams87 opened this issue Jun 5, 2025 · 0 comments
Open

Extend NGINXProxy with waf enabled toggle #3453

ciarams87 opened this issue Jun 5, 2025 · 0 comments
Assignees
@ciarams87
Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Milestone
v2.1.0

Comments

@ciarams87
Copy link
Contributor

As a user
I want to be able to toggle WAF protection on for my Gateway
So that my dataplane deployment is running with the NAP engine enabled

Acceptance

  • Extend NGINXProxy to provide a configuration option to enable WAF, and to support optional setting of other WAF related fields, e.g.
apiVersion: gateway.nginx.org/v1alpha2
kind: NginxProxy
metadata:
  name: nginx-proxy-waf
  namespace: nginx-gateway
spec:
  # WAF policy configuration (extensible design)
  waf: "Enabled"  # "Enabled" | "Disabled"
# configuration tweaks optional, e.g.:
#   kubernetes:
#     deployment:
#       # NGINX container with NAP module (will set to default if waf is "Enabled" but these values are not configured)
#       container:
#         image:
#           repository: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus-waf
#           tag: "2.1.0"

#       # NAP v5 required containers (will set to defaults if waf is "Enabled" but these values are not configured)
#       wafContainers:
#         enforcer:
#           image:
#             repository: private-registry.nginx.com/nap/waf-enforcer
#             tag: "5.6.0"

#         configManager:
#           image:
#             repository: private-registry.nginx.com/nap/waf-config-mgr
#             tag: "5.6.0"
  • Update the provisioner to conditionally deploy WAF containers as part of the NGINX deployment when waf is enabled
@ciarams87 ciarams87 added this to the v2.1.0 milestone Jun 5, 2025
@ciarams87 ciarams87 added the enhancement New feature or request label Jun 5, 2025
@ciarams87 ciarams87 self-assigned this Jun 6, 2025
@ciarams87 ciarams87 added the refined Requirements are refined and the issue is ready to be implemented. label Jun 6, 2025
@ciarams87 ciarams87 moved this from 🆕 New to 🏗 In Progress in NGINX Gateway Fabric Jun 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ciarams87 ciarams87

Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Projects
NGINX Gateway Fabric
Status: 🏗 In Progress
Milestone
v2.1.0
Development

No branches or pull requests
1 participant
@ciarams87