spalande
Aug 15, 2024Nacreous
Server Technology specific WAF policies
Hi WAF experts,
What's your opinion on using server technology-specific WAF policies instead of using kind of generic or high/medium rated policy? what are the pros and cons of using server technology-specific WAF policies?
I think using server technology-specific WAF policies, might bypass/pass through the attacks which are considered of high threat (OWASP top10) but maybe not related to the server technology that we are protecting.
Also, DMZ-based applications talks to other DMZ or internal apps which are of different flavors, so how server technology specific policy can help in such scenarios?