hello, community,
Apache APISIX does not yet have a WAF plug-in, so when encountering a
security vulnerability in log4j2, users of Apache APISIX need to write
their own plug-ins.
In my opinion, Apache APISIX can add a general WAF plug-in to solve
similar security problems. We can deal with HTTP header, URI args, request
body (this needs to be cautious and affect performance).
What do you think?
Thanks,
Ming Wen, Apache APISIX PMC Chair
Twitter: _WenMing
