Question: Should the compatible WAF engines page include vendors that package ModSecurity too?

[NickMRamirez]

The ENGINE AND INTEGRATION OPTIONS page lists WAF engines that are compatible with the ModSecurity configuration language. Several of our products package a variant of ModSecurity, which we have customized for performance.

Is it appropriate to add our customized ModSecurity WAF module to this page?

Thank you, Nick Ramirez

[RedXanadu]

Hi @NickMRamirez,

That would be fine. What we currently have listed are the CRS-compatible engines and integrations that we ourselves use as CRS developers, or those of our sponsors/employers, or those of our users and collaborators, or those that approach us / make themselves known to us.

I'm aware that HAProxy has WAF + CRS offerings, both commercial/proprietary and via an open source SPOA.

You can see the kind of description lengths that we have under the "Commercial WAF Appliances" section, and you can see that they're impartial and not vendor advertisements/endorsements :) Would you like to work on a blurb to add on that page? Or shout if you'd like a hand and I can help as needed.

[NickMRamirez]

Great! Yes, I'll work on a description and submit a merge request. Thank you for the quick response.

[NickMRamirez]

Thank you @RedXanadu, I have opened a pull request: https://github.com/coreruleset/documentation/pull/96

[RedXanadu]

Resolved in #96. Thanks again @NickMRamirez!

Closing issue.