Closed dune73 closed 4 months ago
As a workaround, here is the question I sent :
Hi there,
Releasing Pingora into the wild is very welcome.
Does this, or will this also include WAF functionality? Ability to run OWASP CRS perhaps?
Best,
Christian Folini
also interested in WAF and other security features
I've contacted folks internally about what's going on with the opensource@
email. For now, using GitHub issues works.
We should be providing the hooks/tools to implement WAF functionality, e.g. let us know if request_filter
is missing necessary context. Implementing a particular ruleset isn't on the roadmap for Pingora itself though that sounds like a great idea for another crate or HttpModule
implementation.
Also consider opening a feature request in River if you'd like to see this by default in that application to be built on top of Pingora.
Thank you. I have created said River feature request at https://github.com/memorysafety/river/issues/8
I do not really have time to dig into pingora, but I can help to connect to the WAF engine developers for discussions and of course the OWASP CRS project.
Describe the bug
I sent an email to contact address listed in https://github.com/cloudflare/pingora/blob/main/.github/CONTRIBUTING.md
This is the delivery failure I got: