Using an OpenSource WAF infront of Discourse

Our goal with Cloud Forums is to treat our installation like an enterprise setup and use best practice security when we can.

Discourse is a web application, so it is wide open on two ports. That opens a possible attack surface, although necessary one to deliver web services. We can mitigate many common web attacks by using a Web Application Firewall (WAF). A WAF will block suspicous requests that include SQL injection, XSS, etc.

I think we will probably do a detailed guide in the future, but essentially if you read the forum posts on NGINX and WAF, and follow the steps on this NGINX proxy guide.