読むのが面倒なので、id:ockeghemがはてブでコメントするのを待つ。

Hacking WAFs is an old art form, which I'm glad to see is picking up again. WAFs are extremely delicate pieces of software, which require thorough and precise configuration in order to provide the security they promise. Since the WAF market is finally picking up, I expect to see more security advisories related to vulnerabilities in such products in the near future.

http://blog.watchfire.com/wfblog/2009/05/waf-wars.html