InterDo 2.5 Web Application Firewall. Kavado, (800) 239-3203, (646) 274-7238. www.kavado.com
Teros Teros-100 APS
Teros' APS was the only appliance we tested. It is also the only product capable of acting as a network bridge instead of a proxy, which means it can be deployed transparently without your having to reconfigure your network. This eliminates the hassle of rearranging IP addresses of already deployed Web servers.
The APS uses an "adaptive learning" rule generator, which produces recommendations based on observed traffic. The recommendations fared well except for some of the trickier URL formats, which required manual intervention and regular-expression reworking. Rule configuration struck a decent balance between simplicity and granularity.
Administratively speaking, we have two complaints: The error and security logging messages are frustratingly vague, making it difficult to troubleshoot violations. Also, the APS' default form-field-character filter, like AppShield's, is inadequate at protecting against SQL attacks.
The APS also has a configuration nuance that concerns us: It treats form-field names as global across your site. This could be a problem on sites that use form-field names inconsistently. You'll need to use the least-restrictive filter for that field, which is less secure. The workaround is to recode your Web application to use unique form-field names--that is, if you are able to make code changes in your Web applications.