Pete FreitagPortable Web Application Firewall Rule Format
Updated on March 06, 2024
By Pete Freitag
By Pete Freitag
Ivan Ristic, the author of Apache Security (ISBN 0596007248), and the mod_security Apache module, and Java Filter, is trying to create a spec called the Portable Web Application Firewall Rule Format.
The idea behind the project is to design a portable WAF rule format capable of "fixing" the known security issues in web applications. While the only proper solution is always to fix the root cause of a security issue, we must acknowledge that the fix can not be implemented straight away (for all sorts of reasons, some legal, some technical, some practical). It is all about minimizing the window of opportunity - we want to be able to prevent exploitation of a vulnerability practically as soon as it is discovered.
The format will be supported by mod_security, but the idea is that other vendors will support this as a standard rule language.
The WAF rule format specification is currently in rough draft.
Portable Web Application Firewall Rule Format was first published on August 29, 2005.
If you like reading about security, firewall, rules, or standards then you might also like:
- Adobe eSeminar on FuseGuard
- FuseGuard Released - Protects your ColdFusion Apps
- Web Application Firewall for ColdFusion Launched
- Announcing Web Application Firewall for ColdFusion
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).