HAProxy Enterprise provides the following security modules in your load balancing solution. Please refer to your Customer Portal for their installation and configuration information or click on the module name below for its documentation.


HAProxy Enterprise only: These modules require an active HAProxy Enterprise subscription. Please contact us if you would like to learn more or begin a free trial.

Antibot Module

The HAProxy Antibot module prevents non-legitimate HTTP clients (suspicious browsers or computers infected by malware) to have minimal negative impact on a web application.

Antibot sends JavaScript challenges to suspicious clients to help distinguish between a real user and an automated bot. It also provides efficient protection for web applications against DDoS (denial of service) attacks.


Fingerprint Module

The Fingerprinting module can identify client requests or bots even when they attempt to modify their user-agent string or through other methods.

It efficiently distinguishes real search engines from DDoS bots emulating search engines.


Sanitize Module

The Sanitize module filters and verifies HTTP methods and headers to ensure that the HTTP traffic follows a set of rules or guidelines. This can be useful to normalize HTTP traffic and secure Web applications.

With the Sanitize module configured, HAProxy checks HTTP requests against the defined rules and takes appropriate action (such as rejecting, accepting, logging, etc.).


WAF Offloader Module

The HAProxy WAF Offloader module can identify and block requests that attempt XSS or SQL injection attacks on applications running behind HAPEE. It comes with a customized list of fingerprints to detect false-positives while still providing effective protection for your applications.


Advanced WAF Module

The HAProxy Technologies Advanced WAF module is designed to provide a high level of security to websites. It is a whitelist-based WAF with an extensive and restrictive blacklist, on top of which it applies legitimate and application-specific whitelist patterns.



The ModSecurity WAF module is designed to provide support for the ModSecurity 3.0 rule set format. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a powerful rules language to implement advanced protection. It is a blacklist-based WAF and easily integrates with the OWASP ModSecurity Core Rule Set.


reCaptcha Module

For cases where a bot can execute JavaScript, HAProxy Enterprise offers a Lua module that requires the visitor to solve a reCaptcha challenge in order to proceed.