Web Application Firewall
A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
You can also run the popular ModSecurity firewall from HAProxy Enterprise, removing the need to host the firewall on a separate web server. This version of ModSecurity has been enhanced to integrate with the load balancer environment, with performance gains and support for specialized options.
HAProxy Enterprise provides the following modules to protect web applications from attacks:
- Advanced WAF
-
Use the Advanced WAF for increased protection against web application attacks.
- ModSecurity
-
Configure the ModSecurity web application firewall in HAProxy Enterprise.
- SQL Injection/XSS
-
Use the HAProxy Enterprise WAF Offloader to block XSS and SQL Injection attacks.
The table below will help you decide which WAF implementation should better suit your needs.
WAF module | Request per second performance | Allowlist management |
---|---|---|
Advanced WAF with default core ruleset | Good | Manual |
Advanced WAF with custom core ruleset | Good | Automatic |
ModSecurity | Fair | Manual |
SQL Injection/XSS (WAF Offloader) | Good | Automatic |
Next up
Advanced WAF