Hi, We are 200 of websites / webapps for our clients. >From wordpress to .net apps, java and more.
We want to provide a united waf solution for all of them. going to cloud will be very expensive. I have built for this an Apache proxy with mod security and owasp rules. the mod security is not blocking, just logging. I took 10 websites and and pass the traffic via this proxy. after 5 minutes I opened the log and saw 150 different types of security issues. Its more of a conceptual question... How can I manage a solution for 200 of webapps? does it makes sense? I can understand controlling on five websites, but 200 ? its sounds like 24 hours we need to go over rules and suspend them on every usecase.... Ill be glad to hear from people who has an experience with that. Thanks
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
