Opinions on using a WAF like Incapsula for MyBB forum?
#5
(2015-01-30, 10:11 PM)damoncloudflare Wrote:
(2015-01-30, 09:21 PM)Finlan Wrote:
(2015-01-30, 09:04 PM)Rakes Wrote: Will help against auto scanners but can easily be bypassed.

"I've read that Cloudflare's WAF is mediocre but that the Incapsula one is pretty decent. The sites that I have with the paid Incapsula plan get an average of 10 to 20 MySQL attacks per day, which worries me as to the abuse a site with no WAF gets and to what extent a WAF can be of help."

If someone was testing our WAF around 3-4 years ago, yes. Our first WAF was not designed to replace WAFs with rulesets & was taking more of heuristic approach to attacks and learning about the attacks. Since that time, however, we have modified our WAF to include OWASP rule sets & we have built a number of custom rule sets to deal with current attacks (things like WordPress attacks, etc.).

 

The last testing I read was from February 2013, and clearly shows Cloudflare less capable of stopping common attacks.

http://www.slideshare.net/zeroscience/cl...odsecurity

I have no doubts Cloudflare is working hard to improve their WAF. I don't have any dogs in this fight, and I actually use Cloudflare for some small sites and I'm happy with it. However, tests like the above really make me question the product when it comes to protecting important sites of mine. I'm sure you/Cloudflare are aware of the literature in the above link.

ModSecurity actually fares really well compared to both Incapsula and Cloudflare.

Any more opinions WRT WAFs or other security scripts?
Reply


Messages In This Thread
RE: Opinions on using a WAF like Incapsula for MyBB forum? - by Finlan - 2015-01-30, 10:28 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)