Lack of visibility limits usability
I agree with other reviewers that the ability to understand why a request is counted or blocked is paramount.
In the current scenario we will be required to create custom rules to detect and allow any false positives, in order to have working solution. It would be much more useful to at least output the rule and condition that was triggers, along with the request. It would be good to be able to disable a specific rule if it was triggered.
I understand that we should not be able to list the actual rule details, but not having a list of the rule coverage also seems bad.
This box is just a bit too black for my liking. Knowing what protection is in place is a cornerstone of good security. I don't have that with this offering.
Does any of the other WAF marketplace have this offering. Did you get to try another vendor which offers to give clarity into why a certain request was blocked.
Has this situation changed? We're pondering the possibility of purchasing this product at our company but these comments are discouraging, to say the least.
Thank you for trying out FortinetâÂÂs WAF Ruleset and providing feedback. We understand your need for more visibility on why a request is being blocked. AWS did announce recently a comprehensive logging support to help you better understand why certain web requests are blocked. AWS also announced rule group exceptions that allows you to override individual rules with a managed rule group. Now you can choose which rules within the rule group should be excluded and set in count-only mode, preventing those rules from blocking a request. Here are links to learn more about these updates: 1. https://aws.amazon.com/about-aws/whats-new/2018/08/aws-waf-launches-new-comprehensive-logging-functionality/ 2. https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html If more advanced features and visibility is required, please check out Fortinet FortiWeb which is our Web Application Firewall solution. FortiWeb gives you the ability to visualize and drill-down into key elements such as server/IP configurations, attack and traffic logs, attack maps, OWASP Top 10 attack categorization, and user activity. You can learn more about FortiWeb at: https://www.fortinet.com/products/web-application-firewall/fortiweb.html