Prepare the lab host
Start with a clean VM or isolated host. Confirm Docker, disk space, outbound network access, and firewall rules before installing the WAF stack.
- Docker is running.
- The upstream test app is reachable.
- Ports needed by the WAF are not already occupied.