Comment on page
We are constantly working on resolving the limitations listed here and adding enhanced functionality.
- (Kong only) Declarative configuration for open-appsec for Kong requires Ingress Resource where the open-appsec Annotation can be added to. Currently doesn't work if there's no ingress resources available and traffic is sent to Kong Gateway directly. (Workaround if there's no ingress resources: Use central management)
- Only ingress resource rules which specify both keys are supported: host and path. Specifying just the path is not supported. In that case either add host key as temporary fix to your ingress rules if currently missing, or switch to WebUI (SaaS) management instead of local declarative management. This will be fixed soon. (Note: This does not impact the optional specific rules as defined in the open-appsec policy CRD.)
- Defining Snort signatures and API schema in open-appsec for K8s and NGINX is not supported yet (this is supported when using central Management via WebUI (SaaS))
- "Redirect" action in CustomResponse CRD/config is not supported (use "block-page" or "response-code-only" options until this is available.
- In a log trigger, setting "Response body" to true can affect traffic.
- Creating a second tenant using the same email address is not supported (user can be added to another tenant with another main email address as an additional user)
- You can only have a single asset using wildcard resource for each HTTP as well as HTTPS (e.g.: http://* and https://* ) per tenant. This will be resolved soon.
- Adding Google or GitHub users as additional users to a tenant is not supported (use regular users with email addresses instead)
- CLI tools for macOS are not available yet
- Temporarily Fedora not supported for Linux-embedded installations (consider using Docker-based deployment instead)
- Envoy and Ambassador support not available yet