Bringing WAF to Envoy and Istio with WebAssembly and... Go?

Envoy is a cloud-native proxy with many networking features but does not come with built-in features for Web Application Firewall (WAF). Luckily, Envoy provides a plugin interface via WebAssembly - it is possible to customize request handling by implementing a plugin in one of several languages that can compile to WebAssembly. This presentation will show how we brought WAF to Envoy by compiling the off-the-shelf WAF library, Coraza, to WebAssembly.

Anuraag Agrawal

登壇者プロフィール

Anuraag Agrawal

Tetrate

Software Engineer

anuraaga

発表資料

Anuraag works on WebAssembly integration at Tetrate, using it to allow extension of various aspects of a service mesh. Currently his main focus is bringing WAF to Envoy with the Coraza project to help users secure there services. Anuraag is an OSS enthusiast and before Coraza has also been an active maintainer on OpenTelemetry, Zipkin, and Armeria. You may also find small fixes in various projects due to his nature of sending a fix instead of filing an issue.