4 reasons not to use mod-security
Apache is a great web server if for no other reason than it offers more flexibility through modules than just about any other web server. You can plug-in all sorts of modules to enhance the functiona...
Published Jul 23, 2008
Version 1.0
Lori_MacVittie
Employee
EmployeeLori_MacVittieEmployee
Employee
Lori_MacVittieEmployee
EmployeeHi Ivan,
I'm sorry that you interpret this as an "attack" on mod_security. It isn't meant to be an "attack" on the module but merely reasons against choosing it over other solutions and points to consider in the process of deciding which WAF to invest in.
I'm a bit confused because you seem to be referencing Breach's ModSecurity as opposed to Apache mod_security. I realize ModSecurity is based on mod_security, but it is also my understanding that it is a bit more polished than the core module.
I am happy to hear people choosing any WAF over none, but that choice should be an informed one. Sharing your opinion here helps that process and presents different views so that people can do additional research and decide which WAF best fits their environment, architecture, budget, and skill sets, which is what such conversation starters are designed to do.