Any layer7 ddos protection providers?

CharlieC

Hi, I've looked at cloudflare and sucuri but I didn't like both.

I need something with built-in antihack system to avoid things such as xss and
sql injection.

Thank you

DP

@combahton_it?

Jorbox

@CharlieC said:
Hi, I've looked at cloudflare and sucuri but I didn't like both.

I need something with built-in antihack system to avoid things such as xss and
sql injection.

Thank you

Its called WAF

yoursunny

@Jorbox said:
Its called WAF

It's called vertical rivers.

@CharlieC said:
xss and sql injection.

XSS and SQL injection need to be prevented at the origin server through good coding practice.

• XSS: htmlspecialchars
• SQL injection: prepared statements

WAF (Web Application Firewall) has too many false positives.
For example, it's impossible to post certain JavaScript snippets on this forum due to overly sensitive WAF.
Consequently, my best contents are no longer posted on this forum.

Do you really want to cripple the user experience?

ehhthing

Don't use a WAF to solve your security problems.

Plain and simple.

itzaname

Imperva is probably #1 in this area.

HostMedia

Our UK data center location providers our racks with Level 7 DDoS protection with Corero which works really well BUT as others have said things like SQL injection etc hacks should be solved at the application level as even the best DDoS protection could allow something in and hack your application.

CharlieC

@yoursunny said:
XSS and SQL injection need to be prevented at the origin server through good coding practice.

Obviously, I know how to prevent these attacks but I always use a WAF as an extra layer protection.