We changed our name from IT Central Station: Here's why

Which open-source WAF would you recommend for a large company?


Would you recommend using an open-source WAF for a large company? If so, which one and why?


ITCS user
22 Answers

author avatar

I do NOT have a simple answer. 

However, we have to start looking at the OSI Model. WAF only satisfies some but not all OSI layers. 

I would list out the requirements, prior to asking this question. With the requirements in place, there are open-source packages that would satisfy most of your requirements (there is NOT one Hat that fits all)

I am using NGINX as an internal WAF. In a normal mode, the internal traffic is a lot less malicious than from the public network.

author avatar
Community Manager

Hi @Manjil Bhetwal, @Etienne WEHRLE, @Vipin Garg ​and @Enayat Galsulkar,

Possibly, you have some recommendations for the community. 

Thanks in advance.

Find out what your peers are saying about SonarSource, Veracode, Sonatype and others in Application Security. Updated: January 2022.
563,780 professionals have used our research since 2012.