I'd like to chime in on this as a user of the WebScurity firewall.
...
Per their recommendations, we had the web server listen on 127.0.0.1:8080, and put the firewall app on the network interface on port 80. The software installed quick, and its doing its job. It has been installed for a few months and we haven't had to touch it.
...
When I originally inquired on the list, I was told that what I was looking for wasn't possible (easy to install, easy to configure, set & forget, BWA HA HA HA!)... well, that's what I got, exactly what I wanted...
What you got then was a good professional response. Personally I don't believe a "set & forget" is a meaningful deployment strategy for a web application firewall. But I'd be interested to learn more about your experiences. For example, why do you believe that you are more secure now than before?
-- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall
---------------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/