I installed the latest mod security crs rules, however they stop normal websites from working properly, so its a bit of a nightmare.
If i was to purchase ASL yearly subscription would it be better configured for a regular day-to-day webserver? The standard CRS rules are a bit of a nightmare to get your head around.
Absolutely. We've been writing modsecurity rules longer than anyone else, long before the CRS rules even existed. We pioneered modsecurity rules, so we don't use the CRS rules - we don't have to, we had this all covered years ago. Its a fact we've been doing this longer than anyone else, and because of all that experience and attention to detail, our rules work - period. You don't have to mess around with the rules and tear your hair our trying to get them to work. Our motto is "Security for everyone". We focus our energy on not just protecting you, but also on making sure we dont have false positives. So unlike other security projects that expect you to figure it, we have figured it out. So you get a solution that works.
And if by some chance one of our rules did stop something it shouldnt, we will fix that issue the same day, no questions asked. Its all part of the service. Think of us as your Tier 4 security help desk. Just ask us and we'll get it right for you.
So don't waste your time with other rules, no one has been writing modsecurity rules longer than us, not even the current people writing the CRS rules, not Breach, no one. Our rules not only protect you from attacks, but they also protect you from upset customers! No False Positives no grief!
Plus with ASL, you are also protected from lots of other attack methods that a WAF alone can't protect you from, such as upload attacks, kernel attacks, vulnerabilities in other software and so on. ASL is a full spectrum security suite, run it and sleep well at night. Let us worry about the bad guys. So don't waste your time with the CRS rules, use ASL and your system will be secure and reliable.