Let us know via the open-appsec GitHub or our Website Chat if you identified a potential issue/limitation or via our Website Chat as well if you have any ideas/requirements for additional features.

Declarative Management:

All environments:

Exceptions: only the operator "=" is supported.

General:

Log Trigger Response body: In the log trigger setting "Response body" to true can affect traffic.
SELinux: open-appsec Linux servers: SELinux in “Enforced” mode is not supported. When SELinux is used in “Enforced” mode on the machine running the reverse proxy server and the agent, deployment of the agent might fail during registration. SELinux in “Enforced” mode, blocks the registration attempt.
Country-based Exception rules: When configuring exceptions in Asset edit->Exceptions Tab, an exception rule using the keys Country Name or Country Code cannot be defined with additional conditions based on other keys in the same exception.
- There’s an implicit OR logic between different exception rules, so it is possible to define different exception rules, some using country code/name, and others using other keys.
Source Ip Exception rules: When configuring exceptions in Asset edit->Exceptions Tab, an exception rule using the key Source IP cannot be defined with additional conditions based on other keys in the same exception.
- There’s an implicit OR logic between different exception rules, so it is possible to define different exception rules, some using Source IP and others using other keys.
Parameter Name / Value Exceptions rules: Drop Rules With Parameter Name and / or Parameter Value are not supported.
Country-based Exception rules: are only supported in managed tenants (Declarative / Management)
Containerized agents running version 1.1.9 or earlier cannot be upgraded directly to version 1.1.21 or newer
- As a best practice, we recommend periodically upgrading the agent container to ensure you have the latest software updates.

SaaS Management (WebUI):

Creating a second tenant using the same email address is not supported (the user can be added to another tenant with another main email address as an additional user)
WildCard asset: you can only have a single asset using wildcard resource for each HTTP as well as HTTPS (e.g.: http://* and https://* ) per tenant. This will be resolved soon.
Social log-in: Adding Google or GitHub users as additional users to a tenant is not supported (use regular users with email addresses instead)
Different Log Trigger, user response and exceptions per Practice:
Currently, this behavior is unsupported. The configuration the Web Attacks practice will apply to all other security practices.

Platform support:

Temporarily Fedora is not supported for Linux-embedded installations (consider using Docker-based deployment instead)
Ambassador support is not available yet

Previousopen-appsec Video Tutorials NextGetting Started

Last updated 4 days ago

Was this helpful?