HN Reader

How does RhinoWAF compare to other open WAFs like OWASP Coraza WAF, bunkerweb, and SafeLine?

Does RhinoWAF support ModSecurity SecLang rulesets like OWASP CRS? Is there a SecLang to RhinoWAF JSON converter?

Shouldn't eBPF be fast at sorting and running rules?

What are good metrics for evaluating WAFs?

coraza: https://github.com/corazawaf/coraza

bunkerweb: https://github.com/bunkerity/bunkerweb

SafeLine: https://github.com/chaitin/SafeLine

RhinoWAF: https://github.com/1rhino2/RhinoWAF

gh topic: waf: https://github.com/topics/waf

awesome-WAF: https://github.com/0xInfection/Awesome-WAF

Modsec is a sloppy tool thats honestly sucky. Its config hell, rule hell and its outdated ash. Its vulnerable to just about EVERY modern attack surface. We are gonna make that change: https://github.com/1rhino2/RhinoWAF/

Just to clarify, we are not a company of any sorts, simply people willing to help.

Is there a good way to go from an OpenAPI / Swagger schema to WAF rules; and then to verify that the rules don't collide? IIUC eBPF does part of this