The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
| Stage | Protect |
| Maturity | Minimal |
| Content Last Reviewed | 2021-04-28 |
A web application firewall (WAF) filters, monitors, and blocks web traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications, while regular firewalls serve as a safety gate between servers. By inspecting the contents of web traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
GitLab's WAF comes with a default out-of-the-box OWASP ruleset in detection only mode.
GitLab's WAF is now deprecated as of our %13.6 release and will be removed from the product in our %14.0 release. Please reference this issue for additional details.
