Looking for Recommendations - FOSS WAF
from Admax@lemmy.world to selfhosted@lemmy.world on 23 Jan 09:41
https://lemmy.world/post/24620174

Hey everyone !

I’m looking into spinning up a WAF as the number of services I’m hosting is slowly growing. I want to have a better understanding of the traffic and also have a relative peace of mind that if there is a flaw in one of the services I’m hosting, the WAF could help mitigate it.

I’ve seen two big names come up while searching :

They are popular and look quite good all around but I don’t want to just mindlessly take the project with the most GitHub stars.

What WAF are you using / have you used ? Which ones do you recommand ?

#selfhosted

threaded - newest

BlackEco@lemmy.blackeco.com on 23 Jan 09:45 next collapse

I have been using BunkerWeb for the past 4 years and have been mostly happy with it. Its default settings are sometimes a bit agressive but you can change those globally or service per service.

Admax@lemmy.world on 23 Jan 10:49 next collapse

Thanks that’s good to know :)

MangoPenguin@lemmy.blahaj.zone on 23 Jan 14:28 collapse

The fact that they lock Letsencrypt DNS-01 behind the pro version is so incredibly annoying.

BlackEco@lemmy.blackeco.com on 23 Jan 14:44 collapse

Yeah, I use Caddy for that, as I only use DNS-01 for local-only services.

just_another_person@lemmy.world on 23 Jan 09:47 next collapse

Crowdsec

Admax@lemmy.world on 23 Jan 10:49 collapse

I just read a bit about it and it sounds quite interesting with the community aspect of it all. I’ll give it a deeper look later, thanks !

ptz@dubvee.org on 23 Jan 12:30 collapse

I run a custom build of Nginx with a few extra modules compiled in:

Some guidance can be found here: docs.nginx.com/…/nginx-plus-modsecurity-waf-owasp…

That guidance is for NginxPlus, but you can compile the dynamic module yourself with the community versions.