Features that are considered more fundamental to a WAF #9
Labels
enhancement
New feature or request
help wanted
Extra attention is needed
question
Further information is requested
Comments
Sebbs128
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Are there any features that are fundamental to WAF operations that should be added?
WAFs should offer protection against XSS, SQL injection etc, however these are operations I currently think would be better suited by integrating Core Rule Set (if that is at all possible; see separate issue).
Are there any protocol (or similar) enforcement that is applicable that ASP.NET Core/Kestrel isn't already doing (or hiding/mitigating) that should be included? (CRS does include protocol enforcement rules, but maybe this is better done internally to this project?)
ASP.NET Core includes rate-limiting middleware (and rate-limiting should absolutely be left to that middleware), however is it enough to provide DDoS protection? Should this library provide something at the connection level (middleware can be provided for Kestrel, but what about Http.Sys or others?), or even some default configurations to the existing rate-limiting?
The text was updated successfully, but these errors were encountered: