Hello NetScaler Ingress Controller team,
Currently, the WAF CRD (kind: waf, apiVersion: citrix.com/v1) allows enabling/disabling the buffer overflow check under security_checks.common.buffer_overflow, but there is no way to configure the actual postBodyLimit value (in bytes) that controls the maximum allowed POST body size in the underlying AppFW profile on the NetScaler ADC.
This forces users to either:
Disable the buffer overflow check entirely (which reduces security), or
Manually configure the postBodyLimit directly on the NetScaler ADC (via CLI/GUI), which breaks the declarative Kubernetes approach and is not managed by the ingress controller.
Feature Request:
Please extend the WAF CRD to include a field for setting the postBodyLimit in the AppFW profile, for example:
YAMLspec:
security_checks:
common:
buffer_overflow:
action: "on" # or "off"
postBodyLimit: 104857600 # e.g., 100 MB in bytes (optional, default to NetScaler default)
Or as a top-level field under spec.appfw_profile or similar.
This would allow users to handle large file uploads securely and declaratively without manual intervention on the ADC.
Use case: Applications requiring large POST bodies (e.g., file uploads > 10-20 MB) while keeping WAF enabled.
Thank you for considering this enhancement!
Hello NetScaler Ingress Controller team,
Currently, the WAF CRD (kind: waf, apiVersion: citrix.com/v1) allows enabling/disabling the buffer overflow check under security_checks.common.buffer_overflow, but there is no way to configure the actual postBodyLimit value (in bytes) that controls the maximum allowed POST body size in the underlying AppFW profile on the NetScaler ADC.
This forces users to either:
Disable the buffer overflow check entirely (which reduces security), or
Manually configure the postBodyLimit directly on the NetScaler ADC (via CLI/GUI), which breaks the declarative Kubernetes approach and is not managed by the ingress controller.
Feature Request:
Please extend the WAF CRD to include a field for setting the postBodyLimit in the AppFW profile, for example:
YAMLspec:
security_checks:
common:
buffer_overflow:
action: "on" # or "off"
postBodyLimit: 104857600 # e.g., 100 MB in bytes (optional, default to NetScaler default)
Or as a top-level field under spec.appfw_profile or similar.
This would allow users to handle large file uploads securely and declaratively without manual intervention on the ADC.
Use case: Applications requiring large POST bodies (e.g., file uploads > 10-20 MB) while keeping WAF enabled.
Thank you for considering this enhancement!