Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Category Direction - Web Application Firewall


A web application firewall (WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications, while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.


GitLab's goal with WAF is to provide visibility into your applications, clusters, and the traffic they receive. By being able to see what is being sent to your systems, GitLab wants to empower you to either block malicious traffic or to act on it somehow.

Additionally, we want to make it possible to identify and update parts of your app that are subject to malicious traffic. In this way, even if malicious traffic bypasses the WAF, you can ensure the underlying application itself is resilient against attacks like SQL injection or XSS.


Roadmap Board

What's Next & Why

Our next step is to allow blocking mode for WAF. This will ensure that any traffic identified as potentially malicious will be dropped before it reaches the application.

Competitive Landscape


Analyst Landscape

Gartner's Magic Quadrant for Web Application Firewalls, September 2019 lists the following vendors:

Top Customer Success/Sales Issue(s)

There is no feature available for this category.

Top Customer Issue(s)

The category is very new, so we still need to engage customers and get feedback about their interests and priorities in this area.

Top Vision Item(s)


Upcoming Releases