18 points | by rco8786 6 hours ago
7 comments
The ability of a WAF to respond to an 0day incident is rapid rollout, 100% of endpoints, which is a SPOF no matter whether it's done via a big company or by a distributed system.
Akamai is a decent alternative.
Being down because half the internet is down is an easier sell than being down because you fucked it up yourself.
CrowdSec
AWS Route53, built-in DDoS basic protections, plus AWS WAF (can be expensive depending on your budget).
I've been using Cloudfront Functions to do some of the filtering that a WAF would do. It's quite flexible, but you've gotta figure out your own rules.
AWS WAF has some presets you can use
The ability of a WAF to respond to an 0day incident is rapid rollout, 100% of endpoints, which is a SPOF no matter whether it's done via a big company or by a distributed system.
Akamai is a decent alternative.
Being down because half the internet is down is an easier sell than being down because you fucked it up yourself.
CrowdSec
AWS Route53, built-in DDoS basic protections, plus AWS WAF (can be expensive depending on your budget).
I've been using Cloudfront Functions to do some of the filtering that a WAF would do. It's quite flexible, but you've gotta figure out your own rules.
AWS WAF has some presets you can use