Akamai WAF configuration and false positive

Posting here to get advice on self-hosted instance, if someone uses Akamai WAF that blocks any code snippet from posting in a topic? For example, in composer following code is identified as malicious or XSS code.

/home/abyss/anaconda3/lib/
export LD_LIBRARY_PATH=/usr/lib:/usr/local/lib

Can I remove Akamai WAF layer, trust and rely on Discourse security protection capability?

Yes, we recommending running Discourse without a WAF in front. Those were created to front legacy applications that had to be exposed to the web.

1 Like

Thanks, @Falco. I don’t quite understand if there’s a clear border between legacy application and modern (Discourse like single page application?) when it comes to security. I need to learn more such as Defend Your SPA from Security Woes | Okta Developer to feel more solid.