Docsright arrowEdge Stackright arrowThe WebApplicationFirewall Resource (v1alpha1)

3 min • read

The WebApplicationFirewall Resource (v1alpha1)

The WebApplicationFirewall provides the configuration for an instance of a Web Application Firewall, and the WebApplicationFirewallPolicy resource configures the matching patterns for when WebApplicationFirewalls get executed against requests.

This doc is an overview of all the fields on the WebApplicationFirewall Custom Resource with descriptions of the purpose, type, and default values of those fields. Tutorials and guides for Web Application Firewalls can be found in the usage guides section

WebApplicationFirewall API Reference


firewallRulesFirewallRulesDefines the rules to be used for the Web Application Firewall
logging.onInterrupt.enabledboolWhen enabled, creates additional log lines in the Ambassador Edge Stack pods whenever the WebApplicationFirewall interrupts a request. This is in addition to the logging config that is available via the firewall configuration files.


Defines the rules to be used for the Web Application Firewall

sourceTypeEnum("file","configmap","http")Identifies which method is being used to load the firewall rules. Value must be one of configMapRef;file;http. The value corresponds to the following fields for configuring the selected method.
configMapRefConfigMapReferenceDefines a reference to a Kubernetes ConfigMap to load firewall rules from.
filestringLocation of a file on disk to load the firewall rules from. Example: "/ambassador/firewall/waf.conf". Files can be mounted to the Ambassador Edge Stack auth service deployment pods using a ConfigMap, or similar approach.
http.urlstringURL to fetch firewall rules from. If the rules are unable to be downloaded/parsed from the provided url for whatever reason, the requests matched to this WebApplicationFirewall will be allowed/denied based on the configuration of the onError field.


Defines a reference to a Kubernetes ConfigMap to load firewall rules from.

namestringName of the referenced Kuberntes ConfigMap.
namespacestringNamespace of the referenced Kuberntes ConfigMap.
keystringThe key in the referenced Kuberntes ConfigMap to pull the rules data from.

Web Application Firewall Usage Guides

The following guides will help you get started using Web Application Firewalls