[AusNOG] web App firewalls.
Dobbins, Roland
rdobbins at arbor.net
Thu May 27 15:49:08 EST 2010
On May 27, 2010, at 12:42 PM, Jacques Kosky wrote:
> Any recommendations of disrecommendations?
Use mod_security on the servers themselves - it counts as a 'Web application firewall' for PCI DSS compliance purposes. Don't put stateful firewall appliances in front of your Web servers, as you'll make them vastly more vulnerable to DDoS attacks:
<http://www.nanog.org/meetings/nanog48/presentations/Monday/Kaeo_FilterTrend_ISPSec_N48.pdf>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the AusNOG
mailing list