I’ve read a couple threads on discourse web application security but haven’t come across a topic the delves into if a WAF would help in the case of Discourse or not. I think it could be it really all depends on the developers I guess, I mean my firewall rules already have the fw_snort rules and is managed by a script that gets ran everyday, with the automatic management of IP bans I only see the practical use of a WAF in very few cases. But I am no expert on this topic and any input would be much appreciated so that fellow users of frameworks and rules such as mod_security will understand the implications with Discourse.
TL;TC: Is mod_security, or another WAF, required or beneficial to Discourse? @codinghorror