Cloudflare whmcs WAF rules vs Modsec typical whmcs rules
- Thread starter Hxxx
- Start date
CloudFlare WAF had a lot of false positives last time I tested it out, which was around 2-3 months ago. They were blocking legal requests and broke BitPay and WebMoney payment modules.
Sure, that is fine. False positives happen. Everything would be ok if the were willing to fix the issues. Instead of fixing they just replied and suggested me to whitelist IPs. Yeah, I'm gonna predict all IPs that will pay using BTC or WMZ and whitelist them... non sense.
Sure, that is fine. False positives happen. Everything would be ok if the were willing to fix the issues. Instead of fixing they just replied and suggested me to whitelist IPs. Yeah, I'm gonna predict all IPs that will pay using BTC or WMZ and whitelist them... non sense.
Last edited by a moderator:
GIANT_CRAB
New Member
I remember there's a comparison between Modsec, Cloudflare and some other WAF CDN.
Results was that mod_sec owns everything. Its really good.
Results was that mod_sec owns everything. Its really good.
jarland
The ocean is digital
Sucuri WAF, the lazy man's mod_sec. Cloudflare WAF is terrible. I've had a joomla site running through it for two months and my logs are full of injection attempts that made it through, while apache would only serve the site for Cloudflare requests. Their response? Nothing really. Not one single bit of info about the things they supposedly combat and plenty of crap in the logs.
Sucuri is my new WAF of choice. Specific details for every single occurrence, very thorough in patching known exploits over the proxy. My joomla 1.5 that is hell to update is now secure. If they can do that, whmcs should be a breeze
Sucuri is my new WAF of choice. Specific details for every single occurrence, very thorough in patching known exploits over the proxy. My joomla 1.5 that is hell to update is now secure. If they can do that, whmcs should be a breeze
Last edited by a moderator:
I fail to see any tech details what so ever on their sites. Not even how it the service works. Lots of talk and no details to back it up?Sucuri is my new WAF of choice. Specific details for every single occurrence, very thorough in patching known exploits over the proxy. My joomla 1.5 that is hell to update is now secure. If they can do that, whmcs should be a breeze
jarland
The ocean is digital
http://cloudproxy.sucuri.net/features
I'm not sure what more details you're expecting. Proxy web application firewall is fairly self explanatory. They proxy the site (like cloudflare) and block known exploits while providing you with a full detailed log of every occurrence. To get any more technical than that they'd have to give you all of their rules up front, which probably isn't the best business model
Edit: Ah I see, must have used my signature link, their front page is kinda weird
Last edited by a moderator: