# Using Kong Konnect (Kong only)

{% hint style="warning" %}
The new Kong integration using Lua-based attachment plugin for the open-appsec integration is currently in beta. This also applies to the new Kong Konnect schema allowing you to manage this plugin directly from Kong Konnect web UI.
{% endhint %}

### Learn how to activate and configure the open-appsec WAF attachment plugin for Kong from Kong Konnect, Kong's central management web UI

If you are using open-appsec WAF integrated with Kong using the modern, Lua-based plugin (not the classical open-appsec attachment plugin, which integrates on NGINX level), then you can also activate and manage the open-appsec attachment plugin for Kong from Kong Konnect.

{% hint style="warning" %}
While Kong Konnect can be used to activate and manage the Lua-based open-appsec attachment plugin, note that you will continue to manage open-appsec in the usual ways, with local, declarative configuration or by using the [open-appsec web UI](https://my.openappsec.io/).
{% endhint %}

1. **Download the Kong Konnect schema** for the open-appsec attachment plugin:

```bash
wget https://raw.githubusercontent.com/openappsec/attachment/main/attachments/kong/plugins/open-appsec-waf-kong-plugin/schema.lua
```

2. **Login to your Kong Konnect web UI**
3. **Upload the schema file** `schema.lua` for the open-appsec-waf-kong-plugin

<figure><img src="/files/tKSKpKp0ESF4tRD4tXfC" alt="" width="563"><figcaption></figcaption></figure>

<figure><img src="/files/Y7eoz8Q3OcXk5F5JGGM4" alt="" width="563"><figcaption></figcaption></figure>

Now you should see the open-appsec-waf-kong-plugin listed under "Custom Plugins" in Kong Konnect.

<figure><img src="/files/ON3MRbfoHVMGinuoxMyR" alt="" width="547"><figcaption></figcaption></figure>

4. **Activate the plugin** in the Kong Konnect web UI by selecting "Enable", then you get to this screen:

<figure><img src="/files/spmXoyx33m4kdzEUdr5c" alt="" width="563"><figcaption></figcaption></figure>

Once enabled, the plugin is configured to be applied in "Global" mode by default, which means it will send all traffic to the open-appsec agent for security inspection, alternatively you can select "Scoped" mode here and apply open-appsec security inspection in a custom way only to e.g. to a selected Gateway Service, Route, Consumer or Consumer Group:

<figure><img src="/files/7BdTjAXa9FkmfOHFIs3S" alt="" width="563"><figcaption></figcaption></figure>

For more info on how to use Kong Konnect, see also the official docs available here: <https://developer.konghq.com/konnect/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openappsec.io/getting-started/using-the-web-ui-saas/using-kong-konnect-kong-only.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.