[WEB SECURITY] Query: Open Source Web Application Firewalls
nmatatal at uci.edu
Wed Aug 19 17:26:10 EDT 2009
Thanks to the senders of the offlist responses. I need to clarify that
I am just compiling a list of options for a presentation so the quality
of the WAF is relevant, but the variety of options is more important to me.
One that was brought to my attention was PHPIDS
Neil Matatall wrote:
> Disclaimer: I'm not trying to start a WAF comparison war or debate
> the usefulness of WAFs!
> Does anyone know of a list of OS WAFs? The OWASP WAF
> <http://www.owasp.org/index.php/Web_Application_Firewall> page lists
> ModSecurity and WebKnight, but I am looking for more. The only
> criteria that matters to me is that the WAF be open source. I'm
> looking for any type of WAF whether it's an apache module, ISAPI
> filter, etc. or if you can set it up as a standalone appliance (like
> proxying everything through a ModSecurity instance).
> Yes, the definition of WAF is quite broad here. Signature detection
> only would be considered a WAF in my case.
> Or if you know a few off the top of your head, I don't mind compiling
> a list myself. Also, any experience you've had with these tools
> (other than ModSecurity/WebKnight) would be greatly appreciated.
> A Google search for "open source web application firewall -apache
> -modsecurity -webknight" resulted in Guardian
> <http://guardian.jumperz.net/index.html>, any feedback on this product?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity