Is your feature request related to a problem? Please describe.
Currently, in Gloo Edge the order of evaluation between WAF and JWT is that WAF happens before JWT.
It should be a reason of why is this done this way.
Describe the solution you'd like
The question from the client was whether this order can be changed (JWT before WAF). The reasoning behind was that we want to avoid 'expensive' WAF evaluations in the case of unauthenticated requests
This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.
Gloo Edge Product
Open Source
Gloo Edge Version
1.14.x
Is your feature request related to a problem? Please describe.
Currently, in Gloo Edge the order of evaluation between WAF and JWT is that WAF happens before JWT.
It should be a reason of why is this done this way.
Describe the solution you'd like
The question from the client was whether this order can be changed (JWT before WAF). The reasoning behind was that we want to avoid 'expensive' WAF evaluations in the case of unauthenticated requests
Describe alternatives you've considered
No response
Additional Context
No response