#[non_exhaustive]pub struct Config {
pub proxy: ProxyConfig,
pub waf: WafConfig,
pub limits: LimitsConfig,
pub modules: ModulesConfig,
pub rate_limit: RateLimitConfig,
pub network: NetworkConfig,
pub resilience: ResilienceConfig,
pub tls: TlsConfig,
pub metrics: MetricsConfig,
}Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.proxy: ProxyConfig§waf: WafConfig§limits: LimitsConfig§modules: ModulesConfig§rate_limit: RateLimitConfig§network: NetworkConfigShared network settings (trusted-proxy client-IP resolution). Reused by rate limiting, structured logging and future Geo/IP-reputation.
resilience: ResilienceConfigPer-scenario behaviour when the WAF itself is in trouble.
tls: TlsConfigInbound TLS termination (Phase 12). Default off → the listener stays cleartext,
exactly as before. Basic, cert-from-file termination is core (BOUNDARY.md §3.2);
cert management at scale (ACME/rotation/mTLS-PKI) is enterprise.
metrics: MetricsConfigPrometheus metrics exposition (B1). Default off → no separate listener. Served on a dedicated loopback port (never the data port — see ARCHITECTURE §9).
Implementations§
Trait Implementations§
Source§impl Default for Config
impl Default for Config
Source§fn default() -> Self
fn default() -> Self
A valid, non-disruptive base for programmatic/test construction: detection-only mode
(detects but never blocks), the standard detection modules ON at their defaults
(GraphQL/gRPC off — opt-in), rate limiting off, cleartext, metrics off. Production
always supplies [proxy]/[waf] from TOML; this default exists so external code never
needs a Config { .. } literal (forbidden by #[non_exhaustive]).