Protect Application with Web Application Firewall (FEA409)
Document Type | Feature Description |
Feature | FEA409 |
Author | Noora Kuikka |
Version | 1.0 |
Date | 19.02.2024 |
Description
The feature involves implementing a Web Application Firewall to safeguard the Tukko application from various online threats and attacks. A WAF acts as a protective barrier between the application and the internet, inspecting incoming traffic and filtering out malicious requests, such as SQL injection, cross-site scripting (XSS), and other common web-based attacks. By deploying a WAF, the project aims to enhance the security posture of the application and protect it from potential vulnerabilities and exploits.
Feature-related restrictions, requirements, and use cases
Linked Use Cases | Use Case |
Linked Requirements | ReqID list |
User Stories related to the feature
User Story ID | Description | Affected Feature |
---|---|---|
US055 | As an administrator, I want to protect my application with Web Application Firewall. | FEA409 |
Links to issues:
Implementation
We set up a Docker container running Nginx with the ModSecurity module to filter traffic to the Tukko application containers.
The detailed implementation guide can be found here!
Testing / possible approval criteria
Test Case | Description |
---|---|
Acceptance Test Case | Acceptance Test |
Functional System Test Case | Test Case |
Security Test Case | Test Case |