On 2019/12/05 00:17, Kihaguru Gathura wrote: > > > > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura <pqscr...@gmail.com> wrote: > > > > >> Which is a better way to implement a WAF on OpenBSD using the base > utilities? > > > > relayd configured in certain ways might be considered as a WAF. > > > All methods and all other security headers and path filters are coded in > the web > application which had always been detected as a custom WAF until two > weeks ago. > > I have now included relayd and a re-test passes all other requirements > but does not detect > a WAF (please find sample configurations and test report below). > > Any hint highly appreciated
I think you will need to talk to your assessors and ask what they're looking for.
