Post-use evaluation feedback

[zhouhao425]

Dear ModSecurity Team,

I am a student at Cyber security, and I recently conducted an evaluation of open-source Web Application Firewalls (WAFs) as part of my research. Among the WAFs evaluated, ModSecurity (version 2.9.3) demonstrated strong detection capabilities, particularly in handling various injection attacks. Its flexibility and configurability were impressive.

Based on my findings, I would like to offer a few suggestions for further improvement:

1. Simplify the rule-writing and configuration process to make it more beginner-friendly, as it currently requires significant expertise.
2. Develop a more intuitive and visual interface for monitoring logs and managing configurations to enhance user experience.
3. Improve default settings and rules to provide stronger out-of-the-box protection, particularly for advanced attack scenarios like obfuscated payloads.

Thank you for your continued efforts in developing ModSecurity as a robust WAF solution. I would be happy to share detailed findings from my evaluation if they would be of help.

Best regards,
Lance Zhou

[airween]

Hi @zhouhao425,

thanks for your suggestions.

For the items:

1: there is a plan to create a new seclang engine, see this wiki page
2: yes, the demand is valid, but at the moment there is no such intention
3: could you explain this item?