Comment by bombcar

1 day ago

I love that having a web application firewall set to allow EVERYTHING passes the checkbox requirement ...

10 comments

bombcar

(I’m in the anti-WAF camp) That does stand to improve your posture by giving you the ability to quickly apply duct tape to mitigate an active mild denial of service attack. It’s not utterly useless.

krferriter 1 day ago

Denial of service prevention and throttling of heavy users is a fine use, searching for a list of certain byte strings inside input fields and denying requests that contain them isn't.
elevation 1 day ago
Doesn't it also add latency to every request?
- tough 1 day ago
  
  I think the main point is the WAF companies must have lobbied to get that into the checklist
  the main point is you need to pay a third party
  
  2 replies →
- formerly_proven 1 day ago
  
  So does running McAfee on every POST body but some places really wanna do that regardless. (I at least hope the scanner isn't running in the kernel for this one).
  
  1 reply →
- swyx 1 day ago
  
  sure but how much? 3-10ms is fine for the fast protection when shit hits the fan.
- thunderfork 1 day ago
  
  [dead]