How to implement a waf

tomcat667 · November 14, 2023, 5:24pm

Hi Vyos Forum,

any idea how to implement a WAF for protect exposed services

Greetz

tjh · November 14, 2023, 7:01pm

Well first of all I’ll just leave this here - personally having run/used them before I think they end up being much, much more trouble than they’re worth and give you a mostly false sense of security.

THAT SAID, I realise many orgs have a requirement for one.

So you could look at using Vyos’ containter function and running something like https://www.tigera.io/blog/using-web-application-firewall-at-container-level-for-network-based-threats/

tomcat667 · November 15, 2023, 7:23am

thanks for this useful hint

Apachez · November 15, 2023, 12:00pm

To do WAF’s at scale you need to either use a hardwarebased plattform such as PaloAlto Networks who offloads to ASIC/FGPA’s to do the heavy lifting.

Or something like this example where Arista were used to split up traffic over multiple installations of Bro to do the processing:

fernando · November 16, 2023, 2:32pm

maybe this helps with your idea.