I am looking for an open-source WAF solution that could be deployed in Kubernetes. I've looked a ModSecurity but it seems like good rules cost money and it also requires lots of tuning.
CodePudding user response:
As you mentioned the most common one is ModSecurity. It’s well proven solution that uses signatures. They work well but are reactive by nature, meaning that often signatures aren't available until after vulnerabilities have been known for some time and exploits are put into circulation, as such they don't provide good enough response for modern fast-spreading attacks. From an operational perspective they require constant tuning and exception handling to avoid false positives.
You can look at open-appsec (https://www.openappsec.io) - it is a new open-source initiative that builds on machine learning to provide web application and API security with no threat signature upkeep. It can be deployed as add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways.
CodePudding user response:
it seems like good rules cost money and it also requires lots of tuning
How can you define the "good rules"?
There are "good rules" in my opinion, called CoreRuleSet, it's absolutely free. And I don't think you need to tune it too much. CRS has a good community, you can ask anything. Its development is very active.
I think you should take a look.
Beside ModSecurity, there is a new competitor, called Coraza. It also uses SecLang format for the configuration, and it's 100% compatible with CRS.