HAProxy Enterprise Documentation 2.4r1

Web Application Firewall

A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

You can also run the popular ModSecurity firewall from HAProxy Enterprise, removing the need to host the firewall on a separate web server. This version of ModSecurity has been enhanced to integrate with the load balancer environment, with performance gains and support for specialized options.

HAProxy Enterprise provides the following modules to protect web applications from attacks:

Advanced WAF

Use the Advanced WAF for increased protection against web application attacks.

ModSecurity

Configure the ModSecurity web application firewall in HAProxy Enterprise.

SQL Injection/XSS

Use the HAProxy Enterprise WAF Offloader to block XSS and SQL Injection attacks.

The table below will help you decide which WAF implementation should better suit your needs.

WAF module

Request per second performance

Allowlist management

Advanced WAF with default core ruleset

Good

Manual

Advanced WAF with custom core ruleset

Good

Automatic

ModSecurity

Fair

Manual

SQL Injection/XSS (WAF Offloader)

Good

Automatic


Next up

Advanced WAF