Hello teamI would like to ask a question about security, specifically the WAF, from a beginner’s perspective.In O11 on-premises, my understanding is that we could manage and customize WAF settings such as signatures and rules on our own.For ODC, however, I understand that security controls including the WAF are fully managed by OutSystems.
I would like to better understand how the WAF works in ODC, but so far I have only been able to find high-level information in the public documentation, and not much detail about what kind of rules or signatures are actually applied.
I would appreciate your help with the following questions:
Is the WAF used in OutSystems ODC based on AWS architecture (for example, AWS WAF)?
If ODC is using AWS WAF, is it reasonable to assume that by understanding the AWS-managed WAF rule sets and signatures, we can roughly understand what is applied in ODC?
Or does ODC include additional OutSystems-specific rules and controls, meaning that AWS WAF information alone would not be sufficient to understand the actual behavior?
Since my knowledge is still at an introductory level, guidance such as “this information is not available to customers by design” would also be very helpful.
Thank you in advance for your support.
Hi Kazuna - Yes, at this time ODC is using the AWS WAF with Cloudfront. We don't specify the underlying technology in the documentation because it may change. We are, in fact, looking to make some changes to this in the coming year or so that would allow customers to define their own rule sets and customize them to fit their needs. Right now, we use the AWS rulesets with some customizations to ensure they work best for all customers.
Hope this helps.
@Dan IorgThank you for the information.It was very helpful.