Protect Application with Web Application Firewall (FEA409)
| Document Type | Feature Description |
| Feature | FEA409 |
| Author | Noora Kuikka |
| Version | 1.0 |
| Date | 19.02.2024 |
Description
The feature involves implementing a Web Application Firewall to safeguard the Tukko application from various online threats and attacks. A WAF acts as a protective barrier between the application and the internet, inspecting incoming traffic and filtering out malicious requests, such as SQL injection, cross-site scripting (XSS), and other common web-based attacks. By deploying a WAF, the project aims to enhance the security posture of the application and protect it from potential vulnerabilities and exploits.
Feature-related restrictions, requirements, and use cases
| Linked Use Cases | Use Case |
| Linked Requirements | ReqID list |
User Stories related to the feature
| User Story ID | Description | Affected Feature |
|---|---|---|
| US055 | As an administrator, I want to protect my application with Web Application Firewall. | FEA409 |
Links to issues:
Implementation
We set up a Docker container running Nginx with the ModSecurity module to filter traffic to the Tukko application containers.
The detailed implementation guide can be found here!
Testing / possible approval criteria
| Test Case | Description |
|---|---|
| Acceptance Test Case | Acceptance Test |
| Functional System Test Case | Test Case |
| Security Test Case | Test Case |