Modsec is a sloppy tool thats honestly sucky. Its config hell, rule hell and its outdated ash. Its vulnerable to just about EVERY modern attack surface. We are gonna make that change: https://github.com/1rhino2/RhinoWAF/
Just to clarify, we are not a company of any sorts, simply people willing to help.
3 comments
[ 2.9 ms ] story [ 17.0 ms ] threadJust to clarify, we are not a company of any sorts, simply people willing to help.
Does RhinoWAF support ModSecurity SecLang rulesets like OWASP CRS? Is there a SecLang to RhinoWAF JSON converter?
Shouldn't eBPF be fast at sorting and running rules?
What are good metrics for evaluating WAFs?
coraza: https://github.com/corazawaf/coraza
bunkerweb: https://github.com/bunkerity/bunkerweb
SafeLine: https://github.com/chaitin/SafeLine
RhinoWAF: https://github.com/1rhino2/RhinoWAF
gh topic: waf: https://github.com/topics/waf
awesome-WAF: https://github.com/0xInfection/Awesome-WAF