Protecting Web APIs and Web Applications

A web application firewall is one of the critical layers of defense against threats that target web applications and vulnerable APIs. Attacks such as SQL injection, cross-site scripting, and remote code execution are stopped at the door to your system by analyzing HTTP traffic for signatures that are common to a range of similar attack patterns. Rather than installing a WAF at the web server layer, our solutions operate at the proxy layer, meaning the ability to weed out attacks early before they have the chance to reach your servers.

The HAProxy Enterprise WAF is built with the ModSecurity rule set at its core. Built upon a trusted open-source technology to protect against web application intrusions and other traditional DDoS attacks, HAProxy Technologies developers have customized its performance for high-throughput applications. Advantages of our version of ModSecurity include simple implementation, which is updated regularly by threat researchers, the ability to define custom rules, and the ability to trigger WAF inspections only on predetermined requests if needed.

A web application firewall is one of the critical layers of defense against threats that target web applications and vulnerable APIs. Attacks such as SQL injection, cross-site scripting, and remote code execution are stopped at the door to your system by analyzing HTTP traffic for signatures that are common to a range of similar attack patterns. Rather than installing a WAF at the web server layer, our solutions operate at the proxy layer, meaning the ability to weed out attacks early before they have the chance to reach your servers.

The HAProxy Enterprise WAF is built with the ModSecurity rule set at its core. Built upon a trusted open-source technology to protect against web application intrusions and other traditional DDoS attacks, HAProxy Technologies developers have customized its performance for high-throughput applications. Advantages of our version of ModSecurity include simple implementation, which is updated regularly by threat researchers, the ability to define custom rules, and the ability to trigger WAF inspections only on predetermined requests if needed.

Defend Against Emerging Threats

When software exploits are announced to the tech industry, it can be days or longer before the affected software such as web servers, CMS platforms, and depended upon libraries are patched. Users of the HAProxy WAF can customize their rulesets themselves, or download development-branch rules for ModSecurity to keep ahead of the attackers, giving companies time to patch vulnerabilities. For example, the Spring4Shell remote code execution vulnerability found in the Java Spring framework could be defended against by updating rules in the ModSecurity WAF, shielding vulnerable applications in the meantime.

In addition to our customized ModSecurity mode, HAProxy Enterprise customers can also choose to fight back against threats with our Advanced WAF mode, and its highly restrictive ruleset. Modeled after a ‚positive security‘ approach, the HAProxy Advanced WAF ensures desirable traffic is allowed in while restricting everything else, meaning even greater protection against unknown and emerging threats.

Advantages of Advanced WAF include better performance than ModSecurity, although a more complex tuning of rules, better protection against new exploits for which signatures have not been defined, and fewer undetected attacks. Systems engineers can in turn take advantage of the evolving nature of HAProxy Technologies Advanced WAF as its rule set is enhanced with machine learning and the large set of traffic data collected by HAProxy Edge.

When software exploits are announced to the tech industry, it can be days or longer before the affected software such as web servers, CMS platforms, and depended upon libraries are patched. Users of the HAProxy WAF can customize their rulesets themselves, or download development-branch rules for ModSecurity to keep ahead of the attackers, giving companies time to patch vulnerabilities. For example, the Spring4Shell remote code execution vulnerability found in the Java Spring framework could be defended against by updating rules in the ModSecurity WAF, shielding vulnerable applications in the meantime.

In addition to our customized ModSecurity mode, HAProxy Enterprise customers can also choose to fight back against threats with our Advanced WAF mode, and its highly restrictive ruleset. Modeled after a ‚positive security‘ approach, the HAProxy Advanced WAF ensures desirable traffic is allowed in while restricting everything else, meaning even greater protection against unknown and emerging threats.

Advantages of Advanced WAF include better performance than ModSecurity, although a more complex tuning of rules, better protection against new exploits for which signatures have not been defined, and fewer undetected attacks. Systems engineers can in turn take advantage of the evolving nature of HAProxy Technologies Advanced WAF as its rule set is enhanced with machine learning and the large set of traffic data collected by HAProxy Edge.

A Customizable Security Policy

An effective WAF is a customizable one, able to respond to the shifting nature of modern security threats, as well as the needs of your specific use case. While some SaaS firewalls are black boxes with few options for customization, our WAF solutions provide ways for users to customize rules to fit their needs, reducing false positives and implementing signatures that protect against emerging threats. 

 Verbose logging also provides information about blocked requests, allowing users to add exceptions to rules with adequate knowledge in hand, and make changes as requirements change. And with a support team always at the ready, HAProxy Technologies can field questions about the WAF and help customers secure their applications and get on with running their businesses.

An effective WAF is a customizable one, able to respond to the shifting nature of modern security threats, as well as the needs of your specific use case. While some SaaS firewalls are black boxes with few options for customization, our WAF solutions provide ways for users to customize rules to fit their needs, reducing false positives and implementing signatures that protect against emerging threats. 

Verbose logging also provides information about blocked requests, allowing users to add exceptions to rules with adequate knowledge in hand, and make changes as requirements change. And with a support team always at the ready, HAProxy Technologies can field questions about the WAF and help customers secure their applications and get on with running their businesses.