web application firewall

This article is a stub. You can help the IndieWeb wiki by expanding it.

Web application firewalls are software that inspects HTTP requests and tries to block malicious or suspect requests, often with a high risk of false positives due to broad defaults, and limited effectiveness against a motivated attacker.

An example is mod_security

If you are on shared hosting, your hoster might have one enabled by default, so be on the lookout for its reports in server logs when requests are failing without an obvious reason. It should log that it blocked a request and why it did so.

encountered issues

• the OWASP Core ModSecurity rule set has a rule allowing only some content-types for POST requests, forbidding JSON-based requests used e.g. by Micropub and IndieAuth. potential fix