Skip to content

Extend NGINXProxy with waf enabled toggle #3453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ciarams87 opened this issue Jun 5, 2025 · 0 comments · Fixed by #3481
Closed

Extend NGINXProxy with waf enabled toggle #3453

ciarams87 opened this issue Jun 5, 2025 · 0 comments · Fixed by #3481
Assignees
@ciarams87
Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Milestone
v2.1.0

Comments

@ciarams87
Copy link
Contributor

As a user
I want to be able to toggle WAF protection on for my Gateway
So that my dataplane deployment is running with the NAP engine enabled

Acceptance

  • Extend NGINXProxy to provide a configuration option to enable WAF, and to support optional setting of other WAF related fields, e.g.
apiVersion: gateway.nginx.org/v1alpha2
kind: NginxProxy
metadata:
  name: nginx-proxy-waf
  namespace: nginx-gateway
spec:
  # WAF policy configuration (extensible design)
  waf: "Enabled"  # "Enabled" | "Disabled"
# configuration tweaks optional, e.g.:
#   kubernetes:
#     deployment:
#       # NGINX container with NAP module (will set to default if waf is "Enabled" but these values are not configured)
#       container:
#         image:
#           repository: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus-waf
#           tag: "2.1.0"

#       # NAP v5 required containers (will set to defaults if waf is "Enabled" but these values are not configured)
#       wafContainers:
#         enforcer:
#           image:
#             repository: private-registry.nginx.com/nap/waf-enforcer
#             tag: "5.6.0"

#         configManager:
#           image:
#             repository: private-registry.nginx.com/nap/waf-config-mgr
#             tag: "5.6.0"
  • Update the provisioner to conditionally deploy WAF containers as part of the NGINX deployment when waf is enabled
@ciarams87 ciarams87 added this to the v2.1.0 milestone Jun 5, 2025
@ciarams87 ciarams87 added the enhancement New feature or request label Jun 5, 2025
@ciarams87 ciarams87 self-assigned this Jun 6, 2025
@ciarams87 ciarams87 added the refined Requirements are refined and the issue is ready to be implemented. label Jun 6, 2025
@ciarams87 ciarams87 moved this from 🆕 New to 🏗 In Progress in NGINX Gateway Fabric Jun 6, 2025
@ciarams87 ciarams87 mentioned this issue Jun 9, 2025
Merged
5 tasks
@ciarams87 ciarams87 moved this from 🏗 In Progress to 👀 In Review in NGINX Gateway Fabric Jun 9, 2025
@ciarams87 ciarams87 linked a pull request Jun 9, 2025 that will close this issue
Deploy WAF containers when enabled in NGINXProxy #3481
Merged
5 tasks
@ciarams87 ciarams87 moved this from 👀 In Review to ✅ Done in NGINX Gateway Fabric Jun 11, 2025
@ciarams87 ciarams87 closed this as completed by moving to ✅ Done in NGINX Gateway Fabric Jun 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ciarams87 ciarams87

Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Projects
NGINX Gateway Fabric
Status: Done
Milestone
v2.1.0
Development

Successfully merging a pull request may close this issue.

Deploy WAF containers when enabled in NGINXProxy nginx/nginx-gateway-fabric
1 participant
@ciarams87