The average cost of a security breach reached nearly $4.4 million in 2025, according to the publication Cost of Data Breach Report. To proactively address this substantial financial and security risk, Infobip, a global cloud communications platform, used HAProxy Enterprise to implement a security and uptime framework that is both highly modular and highly performant.
Infobip has 62 data centers spread across the globe — and operates each data center with everything it needs to run independently of others. There are no reliability dependencies between data centers, and if one or more go down, the others automatically pick up the slack.
The company processes enormous volumes of traffic, peaking at over 80,000 transactions per second during events such as Black Friday. These transactions went through HAProxy Enterprise with the integrated HAProxy Enterprise WAF.
To protect its applications and meet strict customer compliance requirements, Infobip needed a Web Application Firewall (WAF). However, finding a solution that could meet their demanding technical and business needs was a significant challenge.
At HAProxyConf, engineers from Infobip shared the story of their search and how they ultimately found success with the next-gen HAProxy Enterprise WAF, powered by the Intelligent WAF Engine. Their journey highlights the critical need for a WAF that delivers security without compromising on performance, accuracy, or manageability.
The challenge: finding a scalable WAF for a global, high-performance infrastructure
Infobip’s requirements for a WAF were stringent. Their globally distributed infrastructure, with scores of independent data centers, meant that any solution had to be scalable and easy to manage centrally. Furthermore, due to demanding client SLAs, Infobip had to keep any new latency to an almost invisible level.
Additional security — with no added latency? This strict requirement immediately excluded many traditional WAFs, which are often slow and inefficient.
The team evaluated several options:
Cloud-based WAFs were not a good fit. Concerns included whether vendors had a presence in all of Infobip's regions and the need to classify the WAF provider as a data sub-processor, which they wanted to avoid.
Hardware appliances were also ruled out. Scalability was lacking, management was a challenge, and costs were high.
Virtual appliances didn’t meet Infobip’s operational approach, which runs everything possible in containers for consistency, security, and ease of management.
Since Infobip was already a happy user of HAProxy Enterprise for load balancing and SSL termination, they decided to put HAProxy Enterprise WAF to the test.
The evaluation: the Intelligent WAF Engine provides a breakthrough
Infobip’s initial tests involved two distinct WAF engines: one based on ModSecurity and the HAProxy Advanced WAF (which has since been succeeded by the HAProxy Enterprise WAF). The results were mixed, highlighting the "WAF trade-off" with either option:
The Advanced WAF was extremely fast but proved too aggressive for their web portal, leading to false positives.
The ModSecurity WAF handled the portal well but introduced unacceptable latency on high-throughput APIs.
Infobip needed one solution that could handle both use cases, without the trade-offs. Fortunately, during the evaluation period, HAProxy Technologies launched the next-generation HAProxy Enterprise WAF, powered by the Intelligent WAF Engine.
This new WAF is designed to address the complexities and demands of modern application environments and the advanced threats they face — and is distinguished by its exceptional balanced accuracy, simple management, and ultra-low latency and resource usage. The Intelligent WAF Engine represents a technical breakthrough by moving beyond static lists and regex-based attack signatures to a non-signature-based detection system.
By employing threat intelligence from HAProxy Edge’s 60+ billion daily requests, enhanced by machine learning, the Intelligent WAF Engine delivers:
Exceptional accuracy: A 98.5% balanced accuracy rate in an open source WAF benchmark, significantly outperforming the industry average of 90%.
Ultra-low latency: Under 1ms of added latency, even when handling complex traffic.
Simple management: Easy to set up and manage with out-of-the-box behavior suitable for most deployments.
100% privacy: No external connection, and no third-party data processing.
A notable feature of the HAProxy Enterprise WAF is the optional OWASP Core Rule Set (CRS) compatibility mode, for organizations that require OWASP CRS support for specific use cases or compliance. When enabled, this mode achieves on average 15X lower latency than the ModSecurity WAF using the OWASP CRS — even under mixed traffic conditions.
This next-generation WAF solved Infobip's core problem, providing the ultra-low latency needed for API traffic and the exceptional accuracy required for their web portal, with an efficient and privacy-first operating model.
The implementation: a phased, automated rollout
Infobip had a solution to their challenging security and performance requirements in hand. Now they "just" needed to deploy it — and keep it updated — safely and securely.
So, with their new, breakthrough solution in hand, Infobip devised a careful, automated rollout plan across all 62 of their data centers globally:
Deploy in learning mode: The team first deployed HAProxy Enterprise WAF in a non-blocking learning mode. This allowed them to learn traffic patterns and fine-tune rules without impacting production. To ensure rock-solid reliability, they configured a “circuit breaker” to automatically disable the WAF if CPU usage ever spiked, choosing availability over security during the initial learning phase. (NB: No spike occurred.)
Enable protection path-by-path: Due to Infobip's use of a microservices architecture, they had the ability to enable blocking mode on an application-by-application basis. The team would analyze the WAF traffic for a specific path (e.g., /sms), ensure there were no false positives, and then switch that path to protection mode. This gave them the opportunity to monitor again in production, then move to the next application.
Automate with dynamic updates: Infobip manages all configurations centrally and deploys updates globally within 15 minutes. When a new application comes online, they simply update a map file that is automatically downloaded by HAProxy Enterprise instances, avoiding a full reload or redeployment - and the latency hiccups that would cause. This highlights the simple yet powerful setup and management framework that HAProxy Enterprise provides.
During Infobip’s presentation, the audience asked, “After setting up an app, do you still need much fine-tuning of WAF rules?” to which Juraj Ban replied, “No. Not anymore.”
The result: security + performance, without compromise
By implementing HAProxy Enterprise WAF, Infobip achieved its goal of strengthening its security posture without sacrificing performance. After the initial fine-tuning, they have experienced virtually no false positives and have met or exceeded all customer compliance requirements.
The project was so successful that Infobip’s Chief Information Security Officer, Andro Galinović, provided a powerful endorsement:
Infobip's story is a testament to how a modern, intelligent WAF can solve the complex security challenges of a global, high-performance platform. By choosing HAProxy Enterprise, they gained a solution that is not only fast and accurate but also flexible enough to fit seamlessly into their highly automated, container-based environment.
