FAQ: How does the MageStack WAF compare to commercial products?

Does MageStack's WAF contain reports and information about threats and attacks blocked in a similar manner to Incapsula?

Whilst we offer a very comprehensive firewall policy, I’ll be honest, we’re not here to rival Incapsula (or any other commercial WAF) – they specialise in web security and it would be arrogant of me to suggest our WAF is remotely comparable to theirs – it isn’t.

The question is more whether it is suitable or sufficient enough for the use case. We have tailored rules specific to Magento, updated daily, that are a direct result of observation of traffic destined to the thousands of stores we host. We have impressive visibility to be able to quickly identify and mitigate bad traffic on a huge scale; all specific to Magento – something very few companies can offer.

We don’t (currently) have the fancy metrics, dashboards etc. like Incapsula/CloudFlare have – and if that’s what you want; then its best opting for that. What we provide just works – it doesn’t have the bells and whistles, it’s a utilitarian tool that just chugs away protecting the stack.

Block metrics from the WAF aren’t logged with this level of granularity, so we can certainly observe blocks – but we don’t present the specific nature of them. It is a feature enhancement that we could certainly look to deploy though; then from that, it could be made visible by a dashboard that presents the block information.

We support many commercial WAFs in addition to our own

A proxy, behind a proxy is never a nice thing - but if you really want to use a commercial WAF, MageStack natively supports many different vendors; including (and not limited to),

  • CloudFlare
  • Incapsula
  • InstartLogic
  • Fastly
  • CloudFront
  • Reblaze