The ability of a WAF to respond to an 0day incident is rapid rollout, 100% of endpoints, which is a SPOF no matter whether it's done via a big company or by a distributed system.
Assuming there are still 2 WAF makers they hopefully do two mostly independent rollouts at least with separate reviewers.. It is a little shocking to me how far we have slid down the slope to letting one monopoly decide when each part of of computing environment is up.. But if bigger organizations are down it is socially acceptable to have an outage.
Not worth. Competitors like Bunny CDN which is much smaller will inevitably have a much worse incident as they grow. Every large company will inevitably have a couple bad incidents so asking “what other large company will never have incidents” is a moronic perspective IMO
The ability of a WAF to respond to an 0day incident is rapid rollout, 100% of endpoints, which is a SPOF no matter whether it's done via a big company or by a distributed system.
Assuming there are still 2 WAF makers they hopefully do two mostly independent rollouts at least with separate reviewers.. It is a little shocking to me how far we have slid down the slope to letting one monopoly decide when each part of of computing environment is up.. But if bigger organizations are down it is socially acceptable to have an outage.
I have been using https://webdecoy.com and integrating it with Cloudflare WAF.
Not worth. Competitors like Bunny CDN which is much smaller will inevitably have a much worse incident as they grow. Every large company will inevitably have a couple bad incidents so asking “what other large company will never have incidents” is a moronic perspective IMO
some alternatives which can be self hosted:
open-appsec (by checkpoint), their proxy/gateway integration and your favorite firewall daemon:
https://docs.openappsec.io/getting-started/start-with-linux
appsec (by crowdsec), their proxy/gateway integration and your favorite firewall daemon:
https://docs.crowdsec.net/u/getting_started/installation/lin...
What about open source alternative built with Nginx/OpenResty? I forgot the name but that's the spirit
AWS Route53, built-in DDoS basic protections, plus AWS WAF (can be expensive depending on your budget).
I've been using Cloudfront Functions to do some of the filtering that a WAF would do. It's quite flexible, but you've gotta figure out your own rules.
AWS WAF has some presets you can use
I would recommend SafeLine. It's self-hosted and easy to setup
Google Cloud Armor plus Load Balancer?
You can balance traffic to external networks or clouds with it too.
Being down because half the internet is down is an easier sell than being down because you fucked it up yourself.
Fastly (US) and BunnyCDN (EU) are excellent options
Akamai is a decent alternative.
CrowdSec
imperva