High Performance Web Application Firewall

No company is immune to the barrage of vulnerability scanners, automated bots, and intrusion attempts. Attackers target web applications with specific weaknesses, using techniques such as SQL Injection, Cross-Site Scripting, and Local File Inclusion. Fight back with smart Web Application Firewall technology. The HAProxy Enterprise Web Application Firewall (WAF) defends your organization from threats before they can reach your servers.

HAProxy Web Application Firewall

High Performance Web Application Firewall

No company is immune to the barrage of vulnerability scanners, automated bots, and intrusion attempts. Attackers target web applications with specific weaknesses, using techniques such as SQL Injection, Cross-Site Scripting, and Local File Inclusion. Fight back with smart Web Application Firewall technology. The HAProxy Enterprise Web Application Firewall (WAF) defends your organization from threats before they can reach your servers.

HAProxy WAF

Learn how leading companies implement the HAProxy Enterprise WAF

Our customers use HAProxy to achieve the utmost performance, observability, and security. The Web Application Firewall is deployed to protect some of the most highly visited websites in the world.

A Powerful Countermeasure

The HAProxy Enterprise WAF inspects requests for malicious payloads allowing you to stop threats in their tracks before they reach your web application. It supports three modes of operation to fit your use case.

HAProxy ModSecurity
HAProxy ModSecurity

Simple SQLi / XSS

  • Extremely fast detection of SQL injection (SQLi) and Cross-Site Scripting (XSS)
  • Simple configuration in minutes
  • Tight integration with HAProxy ACLs and logging
  • Supports various responses including deny, silent drop and tarpit
  • SQLi fingerprint list can be updated dynamically across a cluster of
    HAProxy Enterprise instances

ModSecurity

  • Blocks SQL Injection, Cross-Site Scripting, Remote Code Execution and more
  • Utilize the OWASP ModSecurity Core Rule Set or define custom rules
  • Directly integrated with HAProxy
    Enterprise and the Kubernetes Enterprise Ingress Controller
  • Hardened version of ModSecurity
  • Demonstrates a clear performance gain over other ModSecurity implementations

Zero-Trust Mode

  • Highly restrictive ruleset for zero-trust security
  • Fine-grained whitelisting allows expected client behavior only
  • Blocks SQLi, XSS, Remote File Inclusion, Directory Traversal, Evasion Tricks and more
  • Tight integration with HAProxy ACLs and logging
  • Supports various responses including deny, silent drop and tarpit
  • Zero-Trust rules can be based on
    request path, variable, or
    combination of both

The HAProxy Enterprise Web Application Firewall (WAF) comes included as part of your HAProxy Enterprise subscription.

Featured Resources