Re: [Apiman-dev] Web Application Firewall integration
Hi Juca.
Thanks for the question!
I think we have only scratched the surface of what is possible and
relevant for apiman, in terms of the policies we support. We're always
looking to expand our catalog of policies when it makes sense to do so.
Looking at the documenation for ModSecurity, I think there are
definitely some features that would make sense for apiman to have.
Can you perhaps give us some bullet points of features you would like
your Web Application Firewall to support? :)
-Eric
On 4/8/2016 12:21 PM, Juraci Paixão Kröhling wrote:
Hello,
I'm currently working on a Web Application Firewall idea on my free
time, and I think this might somehow fit within the scope of apiman.
Web Application Firewall is a proxy or filter that sits in front of an
application, accepting/rejecting requests. The main idea is to block
malicious requests before they reach the protected application. One
example of such component is ModSecurity[1].
I see that apiman already has some features around security, but I'm not
sure how far into this realm the project wants to go. Is there an
interest in having such a feature? If so, what would make most sense:
something completely inside apiman, or light integration with an
external service (in a microservices fashion)?
1 - https://www.modsecurity.org/
Best,
- Juca.
_______________________________________________
Apiman-dev mailing list
Apiman-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-dev