k8sgateway / k8sgateway

The Cloud-Native API Gateway and AI Gateway
https://k8sgateway.io/
Apache License 2.0
4.12k stars 449 forks source link

Change order of waf and JWT validation #8556

Open edubonifs opened 1 year ago

edubonifs commented 1 year ago

Gloo Edge Product

Open Source

Gloo Edge Version

1.14.x

Is your feature request related to a problem? Please describe.

Currently, in Gloo Edge the order of evaluation between WAF and JWT is that WAF happens before JWT.

It should be a reason of why is this done this way.

Describe the solution you'd like

The question from the client was whether this order can be changed (JWT before WAF). The reasoning behind was that we want to avoid 'expensive' WAF evaluations in the case of unauthenticated requests

Describe alternatives you've considered

No response

Additional Context

No response

github-actions[bot] commented 5 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.