WAF or IDS or both - confused




I'm a little confused on this area and after some clarification. So KEMP has WAF which can be enabled via the VS and it appears to accept custom rules from OWASP ModSecurity Core Rule Set (CRS). Thats great and when you go to the WAF settings for the VS you can enable / disable rules.

Also.... in the AFE configuration you can import SNORT rules, other than date of when the last import you can't do much else with it.


Right so what is the preferred option, use WAF or IDS or both? Which one takes precedence in the rule filtering?

Just after advice of what is the good practice here?