|
|
|
|
|
|
by wafwafwaf
1566 days ago
|
|
|
It's fair to say that they are waf for the mass! Basic modsec provides much better security... AWS has the same bypass (documented). The WAF provided by cloud providers is more to protect their infrastructure from noise than clients. Unfortunately this type of restrictions are never evaluated.
You can really tell if a WAF provider is serious when reviewing the whitelisting. (i.e. not just a on/off). |
|
|