|
|
|
|
|
|
by mac-chaffee
353 days ago
|
|
|
I'd generally confirm that suspicion: https://www.macchaffee.com/blog/2023/wafs/ WAFs have a few valid uses in my opinion: "virtual patching" and the ability to create custom rules such as blocking/challenging/rate limiting obviously bad traffic. But the giant rulesets are actively harmful IMO. "Defense in depth" is not a valid justification for doing something actively harmful to both your users and the time budget of your security team. |
|
|