4 reasons not to use mod-security
Published Jul 23, 2008
Version 1.0Was this article helpful?
I'm sorry that you interpret this as an "attack" on mod_security. It isn't meant to be an "attack" on the module but merely reasons against choosing it over other solutions and points to consider in the process of deciding which WAF to invest in.
I'm a bit confused because you seem to be referencing Breach's ModSecurity as opposed to Apache mod_security. I realize ModSecurity is based on mod_security, but it is also my understanding that it is a bit more polished than the core module.
I am happy to hear people choosing any WAF over none, but that choice should be an informed one. Sharing your opinion here helps that process and presents different views so that people can do additional research and decide which WAF best fits their environment, architecture, budget, and skill sets, which is what such conversation starters are designed to do.