SBell Posted September 20, 2015 Report Share Posted September 20, 2015 I know this is an old thread but I thought it may be appropriate to ask: Do you use WAF's on client servers, or should I invest in some counter measures for a new data driven website I am building on a hosting account with your yourselves? Quote Link to comment Share on other sites More sharing options...
Michael D. Posted September 24, 2015 Report Share Posted September 24, 2015 Hello SBell - we do run ModSecurity [which you can disable] as well as server-wide protection against things like brute force password guessing, etc. It's not really feasible to have a WAF for a whole shared server from the standpoint that it would be impossible to configure in such a way that it was effective and caused no issues for anybody. I know we used Imperva in the past and well ... in our experience they were terrible from a support standpoint - even disabling our WAF with them in the middle of the night due to a billing error on their end which we brought to their attention so that they could fix it. And then not being able to resolve the issue for over a month and our account continually becoming disabled. Support was less than helpful. CloudFlare is more expensive but, imho, works very well and is way more customizable. There are plenty of other options out there though! . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.