ModSecurity for web-application firewalls

Posted Dec 18, 2016 4:57 UTC (Sun) by dune73 (guest, #17225)
In reply to: ModSecurity for web-application firewalls by anselm
Parent article: ModSecurity for web-application firewalls

It is tempting to do the full input validation via ModSecurity rules. But the client and the application are in a much better position to do so.

Not having a surname is a typical example. It's up to the application to decide what to do with such a registration. ModSecurity should concentrate on security and leave people without a surname alone.