[WEB SECURITY] Query: Open Source Web Application Firewalls
nmatatal at uci.edu
Wed Aug 19 16:37:02 EDT 2009
Disclaimer: I'm not trying to start a WAF comparison war or debate the
usefulness of WAFs!
Does anyone know of a list of OS WAFs? The OWASP WAF
<http://www.owasp.org/index.php/Web_Application_Firewall> page lists
ModSecurity and WebKnight, but I am looking for more. The only criteria
that matters to me is that the WAF be open source. I'm looking for any
type of WAF whether it's an apache module, ISAPI filter, etc. or if you
can set it up as a standalone appliance (like proxying everything
through a ModSecurity instance).
Yes, the definition of WAF is quite broad here. Signature detection
only would be considered a WAF in my case.
Or if you know a few off the top of your head, I don't mind compiling a
list myself. Also, any experience you've had with these tools (other
than ModSecurity/WebKnight) would be greatly appreciated.
A Google search for "open source web application firewall -apache
-modsecurity -webknight" resulted in Guardian
<http://guardian.jumperz.net/index.html>, any feedback on this product?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity