Forum Discussion
spalande
Nacreous
NacreousServer Technology specific WAF policies
Hi WAF experts,
What's your opinion on using server technology-specific WAF policies instead of using kind of generic or high/medium rated policy? what are the pros and cons of using server technology-specific WAF policies?
I think using server technology-specific WAF policies, might bypass/pass through the attacks which are considered of high threat (OWASP top10) but maybe not related to the server technology that we are protecting.
Also, DMZ-based applications talks to other DMZ or internal apps which are of different flavors, so how server technology specific policy can help in such scenarios?
- Lidev
MVP
Hi,
Pros :
- Granular protection
- Reduced false positives
- Better Performance
Cons :
- High maintenance requirements
- Risk of overlooking general threats and limited scope of protection
For me, best solution is to use server technology and a set of attack signatures for generic detection + Top10 OWAP Attack vector (SQLi, XSS...) to cover as much of the attack surface as possible.
Regards - zamroni777
in my opinion, your should use that server tech configuration as detailed as possible to avoid false positives and also reduces unnecessary signature checks
Linux and Windows servers, php and node js, etc. have different syntax so you should not use windows specific signatures on Linux server, etc.
i suggest invite the infra and app team to meeting to configure that settings
