hi
my question is about web application firewall
what's the best WAF free openSource package to use as gateway for enterprise networks in linux ?
the simplicity of configuration is in choice ,which package has the powerful features and has simple configuration too ?
if my question is wrong just tell me which package has the powerful features for Web application firewall
best

Not sure about 'gateway for enterprise networks', but a very good web application firewall is 'mod_security' -> http://www.modsecurity.org/

What web server are you using? Apache?

i want to use a package which is work well for apache and iis.
i want a package which has powerful features ,
let's introduce an example :
iptables is a layer 2 , 3 packet filtering which has powerfull features to packet filtering and many more than simple filtering like some DoS attach ,etc.
can i find an web app layer firewall just like iptables packet filtering ?
best

I've had much success at my DorkBlog using Cloudflare services. It kills Visitor Stats though because all the 'requests' come only from cf IPs. meh. Doesn't mean much to me.
They have a plugin for real IP stats, I think.

5m to sign up and NO SPAM from doing so.
What I like is their country block Threat Control.

.cn (China) acting up?
Threat control can deal with this.

It's a CDN service and my only issue with this service is an infrequent lag on load times.

The best part is it's an 2 minute change of NSs for the domain that point to $name.ns.cloudflare.com.

for my low-rent, low visitor (me!) site, it does a great job.

I turned to them because my .htaccess code is/was 2823 "deny from" lines, is a little crazy. I never could get CIDR rules to work properly in .htaccess.

Some of our senior Team at cirrhus9.com recommend services occasionally, and I usually just go read what they're trying to sell and google for negatives. After 20 years in IT this year, I've seen all kinds of smoke-and-mirrors, but this is one of the few services I have no problem recommending, and isn't that the true measure of "value"?

subscribed with interest...

Have a great day!

Don't let your (perceived) lack of skill and knowledge or false arguments like "haven't got time to learn" guide you. "simple configuration" is not a valid criterion.


We can't and shouldn't decide for you. Have a look at https://www.owasp.org/index.php/Category:OWASP_WAF and https://www.owasp.org/index.php/Web_...ation_Firewall, then test drive http://www.modsecurity.org/, https://www.ironbee.com/, http://w3af.org/ and maybe http://www.aqtronix.com/?PageID=99.


Depends. Unless you decide to go for a WAF you can incorporate in the web server there's nothing against running a reverse proxy WAF in front of whatever web server.


Best read up on resource exhaustion attacks in general and DoS and DDoS attacks specifically. Unless you chose to read misinformed web log or forum posts over OWASP and the SANS Reading Room you'll find end point "protection" is not done at end points but it's the realm of (hosting) providers, their upstream and possibly anti-DDoS service or application providers.

Unless you only have access to that it's not good for several reasons. IMHO efficient CIDR filtering is the realm of Netfilter. Combine that with ipset and you don't need 2823 but just one iptables rule.

1 members found this post helpful.

that's all I have as it's hosted at GD for now. (it was only a test migration from another domain). Test is over and I have 100s of Virtual Servers I can set up over at c9.

Thanks!

Also GeoIP module for Apache2 can be used to block countries, instead of denying raw ip ranges

http://dev.maxmind.com/geoip/mod_geoip2