
Ask HN: What WAF to Protect Against SQL Injection (SQLi), XSS, etc. Attacks - jinnko
Assuming good coding practices are followed for a defence-in-depth approach, how do people protect at the request level - i.e. with a WAF?  For example solutions with the commercial Nginx WAF and&#x2F;or naxsi with managaged rule sets, or a CDN provider with a managed WAF rule set.  What is the minimum maintenance overhead one can expect?
======
totaldude87
if you are using a cloud provider, you can use Fortinet's top 10 WAF rules..

its plug and play but comes with its own disadvantages..

