Although Enhance servers are quite secure right out of the box, it’s still a good idea to test your WAF solution using unbiased third-party tools. Thanks to the GoTestWAF tool, this can be done in just a few minutes.
Simply use the following commands:
git clone https://github.com/wallarm/gotestwaf
cd gotestwaf
make gotestwaf
docker run --rm -it -v "$(pwd)/reports:/app/reports" gotestwaf --url=http://the-waf-you-want-to-test/
Make sure the tool is executed from a test VPS that isn’t whitelisted or blacklisted in your security solution.
Don’t be surprised if your testing results show low scores (even with cPFence). It’s quite challenging to achieve a high score while maintaining a shared hosting environment like ours, free from issues and avoiding tens of support tickets from clients complaining about their apps not working.
So, why bother testing in the first place?
It’s important to understand how effective your security solution is, including those marketed as "Commercial WAFs!" compared to other low-cost or even "free" solutions.
You might be surprised at how many security products that claim to offer real-time virus protection fail to detect even the most basic test malware files. You can test this yourself by uploading a malware script to your server or even using the most basic test file like:
curl -O https://secure.eicar.org/eicar.com
Happy testing!