Does RhinoWAF support ModSecurity SecLang rulesets like OWASP CRS? Is there a SecLang to RhinoWAF JSON converter?
Shouldn't eBPF be fast at sorting and running rules?
What are good metrics for evaluating WAFs?
coraza: https://github.com/corazawaf/coraza
bunkerweb: https://github.com/bunkerity/bunkerweb
SafeLine: https://github.com/chaitin/SafeLine
RhinoWAF: https://github.com/1rhino2/RhinoWAF
gh topic: waf: https://github.com/topics/waf
awesome-WAF: https://github.com/0xInfection/Awesome-WAF
TPR: True Positive Rate (Detection Rate), TNT: True Negative Rate, FPR: False Positive Rate ("ROC Curve")
Accuracy = TP + TN / # Requests
Latency / Detection Time as percentiles
Throughput: response time in ms given requests per second
Time to Virtual Patch, and CI/CD rule deployment integration
DDoS Response Time: How quickly does the WAF mitigate a Layer 7 (application) DDoS attack?
... Rule Management Overhead: MTTT: Mean Time To Tune, Policy Complexity; CI/CD, SIEM/SOAR integration; https://gemini.google.com/share/0d2d1c53bfb0
awesome-ebpf > Kernel docs, examples, "eBPF/XDP hardware offload to SmartNICs", Go libraries: https://github.com/zoidyzoidzoid/awesome-ebpf#go-libraries
/? ebpf waf site:github.com https://www.google.com/search?q=+ebpf+waf+site%3Agithub.com
harporoeder/ebpfsnitch: "Linux Application Level Firewall based on eBPF and NFQUEUE" https://github.com/harporoeder/ebpfsnitch
ebpf-security/ebpf-https: "eBPF-https is an open source web application firewall (WAF)" https://github.com/ebpf-security/ebpf-https
cilium/cilium: https://github.com/cilium/cilium :
> Cilium is a networking, observability, and security solution with an eBPF-based dataplane. It provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode. It is L7-protocol aware and can enforce network policies on L3-L7 using an identity based security model that is decoupled from network addressing.
1rhino2•3mo ago
Just to clarify, we are not a company of any sorts, simply people willing to help.