HAProxy Enterprise Documentation 1.6r1

Advanced WAF

The Advanced WAF starts with a very broad and restrictive block list, on top of which application-specific lists of allowed patterns (i.e. ignoring certain URLs) must be applied to fix false positives.

The deployment begins in learning mode, which is a log-only mode. Learning here meaning you have time to inspect your logs and learn which false positives need to be fixed. In learning mode, the Advanced WAF:

permits all traffic and blocks no requests.
inspects incoming requests and logs those that match a violation pattern; If there is a false positive, you can add it to the allowlist.

When you switch to blocking mode, requests not in the allowlist that violate the current ruleset will be blocked. Logs remain available for further monitoring and identification of cases that should be marked as allowed.

Choose from the following topics:

Installation: Install the Advanced WAF
Rule Customization: Customize the Advanced WAF rules
Server Synchronization: Share updates to rule files across HAProxy Enterprise instances
WAF Logs: Understand the WAF log format
Track Triggered Rules: Track triggered rules
Custom Core Rules: Load a built-in custom rule set
WAF Filter Parameters: WAF filter parameters Reference

Next up

Advanced WAF Installation

More Versions

HAProxy Products Documentation

Advanced WAF

Your feedback is important to us!