I’ve been trying to find a good way to implement L7 protection policies like XSS and SQL injection with Istio but haven’t had any luck so far. Something along the lines of modsecurity for nginx.
What’s a good way to do something like this in Istio?
I’ve looked at Envoy filters but none of the existing ones seem to fit here, so that would mean creating a custom one, not to mention the backward compatibility issue described here: https://istio.io/docs/reference/config/istio.networking.v1alpha3/#EnvoyFilter
Traditional API gateways like Kong and Apigee provide policies and/or plugins to deal with these kind of scenarios: