[WEB SECURITY] Query: Open Source Web Application Firewalls

Neil Matatall nmatatal at uci.edu
Wed Aug 19 17:26:10 EDT 2009


Thanks to the senders of the offlist responses.  I need to clarify that 
I am just compiling a list of options for a presentation so the quality 
of the WAF is relevant, but the variety of options is more important to me.

One that was brought to my attention was PHPIDS

So far:
ModSecurity
PHPIDS
Guardian
WebKnight

Thanks!

Neil Matatall wrote:
> Hello,
>
> Disclaimer:  I'm not trying to start a WAF comparison war or debate 
> the usefulness of WAFs!
>
> Does anyone know of a list of OS WAFs?  The OWASP WAF 
> <http://www.owasp.org/index.php/Web_Application_Firewall> page lists 
> ModSecurity and WebKnight, but I am looking for more.  The only 
> criteria that matters to me is that the WAF be open source.  I'm 
> looking for any type of WAF whether it's an apache module, ISAPI 
> filter, etc. or if you can set it up as a standalone appliance (like 
> proxying everything through a ModSecurity instance). 
>
> Yes, the definition of WAF is quite broad here.  Signature detection 
> only would be considered a WAF in my case. 
>
> Or if you know a few off the top of your head, I don't mind compiling 
> a list myself.  Also, any experience you've had with these tools 
> (other than ModSecurity/WebKnight) would be greatly appreciated. 
>
> A Google search for "open source web application firewall -apache 
> -modsecurity -webknight" resulted in Guardian 
> <http://guardian.jumperz.net/index.html>, any feedback on this product?
>
> Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090819/d400d1ea/attachment.html>


More information about the websecurity mailing list