Hey everyone !
I’m looking into spinning up a WAF as the number of services I’m hosting is slowly growing. I want to have a better understanding of the traffic and also have a relative peace of mind that if there is a flaw in one of the services I’m hosting, the WAF could help mitigate it.
I’ve seen two big names come up while searching :
- SafeLine
- BunkerWeb
They are popular and look quite good all around but I don’t want to just mindlessly take the project with the most GitHub stars.
What WAF are you using / have you used ? Which ones do you recommand ?
You must log in or register to comment.
Crowdsec
I just read a bit about it and it sounds quite interesting with the community aspect of it all. I’ll give it a deeper look later, thanks !
I run a custom build of Nginx with a few extra modules compiled in:
- ModSecurity
- Nginx GeoIP2 Module (https://github.com/leev/ngx_http_geoip2_module.git)
- OWASP Core Rule Set: https://github.com/coreruleset/coreruleset/tree/v4.10.0/rules
Some guidance can be found here: https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs/
That guidance is for NginxPlus, but you can compile the dynamic module yourself with the community versions.
I have been using BunkerWeb for the past 4 years and have been mostly happy with it. Its default settings are sometimes a bit agressive but you can change those globally or service per service.
The fact that they lock Letsencrypt DNS-01 behind the pro version is so incredibly annoying.
Yeah, I use Caddy for that, as I only use DNS-01 for local-only services.
Thanks that’s good to know :)
