|
|
|
|
|
|
by RajT88
810 days ago
|
|
|
Counterpoint: Just because they won't stop any determined attacker, doesn't mean they don't have value. Stopping casual attackers is one talking point, but still not the real value. In my opinion, the real value is making you look less like "low-hanging fruit" to automated scans - throwing a bunch of 403's makes you less likely for a follow-up after an automated scan. I actually have a side project when I get the time to try and prove it statistically using a honeypot. I would bet the overall volume of attacks is lower with WAF enabled, and inversely correlates with the 403's thrown. Just my 2 cents. |
|
|