[WEB SECURITY] thoughts on WAF deployment options?
rcbarnett at gmail.com
Tue Apr 22 17:21:42 EDT 2008
On Tue, Apr 22, 2008 at 4:58 PM, Arian J. Evans <arian.evans at anachronic.com>
> > One correction - Breach's WebDefend is out of line (you had it in the
> > inline transparent bridge group).
> To clarify my post (correct me again if wrong): Mod runs inline proxy
> only, and WedDefend OoB. (I knew there was another OoB product
> I'd seen besides Imperva, but couldn't remember it)
We just completed a ModSecurity user survey so I actually have some info :)
Open source Mod users typically run it embedded, however using it in a
reverse proxy scenario is also popular. Breach has a commercial appliance
called the M1100 that uses Mod as the base WAF-engine and it can be run in a
transparent bridge mode.
> To be clear -- I am not working with Breach WebDefend products.
> The *only* WAF I've worked wtih recently is F5, though I've worked
> with most of them on the market over the last 7 years.
> I *have* heard multiple positive things about WebDefend's technology
> from both technical peers at VARs, and several customers I work with.
> While second-hand info, they are opinions from smart folks, hence
> my recommendation to put that on the investigation list.
> btw// I hear a lot of *talk* about Modsecurity, but I don't know anyone
> who actually runs it (another topic of discussion).
Yeah, like most security related products, getting people to publicly state
what they are using is often a chore. As I stated in my previous response,
there are many very large Mod deployments however we are under an NDA with
most of them.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity