OWASP Waf for J8a

[simonmittag]

Is your feature request related to a problem? Please describe. Web application firewall principles: https://github.com/0xInfection/Awesome-WAF

AWS has WAF on ALB: https://aws.amazon.com/about-aws/whats-new/2016/12/AWS-WAF-now-available-on-Application-Load-Balancer/#:~:text=With%20this%20launch%20customers%20can,CloudFront%20and%20Application%20Load%20Balancer.&text=Use%20AWS%20WAF%20to%20block,such%20as%20the%20IP%20addresses.

Apache, Nginx have WAF implementations for OWASP with modsecurity: https://owasp.org/www-project-modsecurity-core-rule-set/ (doesn't appear to be ported to golang).

Describe the solution you'd like While a whole WAF is too heavyweight for Jabba and does not apply to the type of back-ends we support (API vs. HTML), there is a subset of features available for REST: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html