5

I'm trying to evaluate benefits of using ModSecurity in our system. From that what I read till now, I have feeling it is not very useful for us. In our web app, there is single entry point, which is encrypted websocket connection. That design might make all content based rules bit useless.

With that setup, is it worth to have ModSecurity as precaution?

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
user902383
  • 258
  • 1
  • 9
  • Could you clarify if you're asking about WAFs in general or ModSecurity in particular? The title sounds a little different than the question body. – Arminius Apr 23 '17 at 21:34
  • @Arminius I changed topic, I wonder in general, but as i'm looking only at modsecurity, it makes sense to ask about mod particular application. Other thing, just out of curiosity, is it big difference between different WAFs? – user902383 Apr 23 '17 at 21:40
  • 1
    I'm not too familiar with different WAFs but [there's quite a bit to research](https://www.owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls). – Arminius Apr 23 '17 at 21:48
  • 1
    I think the quesiton is currently a bit to broad to work on this site. I will try to edit it to make it more narrow. If you dislike my edits, you are free to revert them. – Anders Apr 24 '17 at 13:40

1 Answers1

2

As of 2017, ModSecurity does not support and does not plan to support WebSockets, as stated by Spiderlabs development team:

Currently ModSecurity is not capable to inspect WebSockets. It is only capable to understand the http requests.

So, not only it will not be helpful, but it may even have unexpected side effects making your application unreliable.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104