A "WAF" like modSecurity is not the same as a network packet firewall. And a WAF might contain lots of heuristics and overly strict rules that might break web applications in subtle ways.
What are you talking about? I am saying that they added ModSecurity just now, why didn't they added it years ago? Whether a WAF will affect some features in their forum has nothing to do with my comment that was intended as a critic for the bad timing of their sysadmins. Why add ModSecurity now "after" the breach and not before? Wasn't it obvious that someone would try to hack their forum?
Are you just saying that my critic makes no sense?
Sorry, I thought you assumed they were talking about a "normal firewall" missing since the start. Installing a WAF isn't always standard procedure for LAMP stacks as far as I know, so I wouldn't fault them for not doing that initially. Obviously they have changed their minds now :)
Are you just saying that my critic makes no sense?