High Performance Web Application Firewall
No company is immune to the barrage of vulnerability scanners, automated bots, and intrusion attempts. Attackers target web applications with specific weaknesses, using techniques such as SQL Injection, Cross-Site Scripting, and Local File Inclusion. Fight back with smart Web Application Firewall technology. The HAProxy Enterprise Web Application Firewall (WAF) defends your organization from threats before they can
reach your servers.

High Performance Web Application Firewall
No company is immune to the barrage of vulnerability scanners, automated bots, and intrusion attempts. Attackers target web applications with specific weaknesses, using techniques such as SQL Injection, Cross-Site Scripting, and Local File Inclusion. Fight back with smart Web Application Firewall technology. The HAProxy Enterprise Web Application Firewall (WAF) defends your organization from threats before they can
reach your servers.
Learn how leading companies implement the HAProxy Enterprise WAF
Our customers use HAProxy to achieve the utmost performance, observability, and security. The Web Application Firewall is deployed to protect some of the most highly visited websites in the world.
A Powerful Countermeasure
The HAProxy Enterprise WAF inspects requests for malicious payloads allowing you to stop threats in their tracks before they reach your web application. It supports three modes of operation to fit your use case.



Simple SQLi / XSS
- Extremely fast detection of SQL injection (SQLi) and Cross-Site Scripting (XSS)
- Simple configuration in minutes
- Tight integration with HAProxy ACLs and logging
- Supports various responses including deny, silent drop and tarpit
- SQLi fingerprint list can be updated dynamically across a cluster of
HAProxy Enterprise instances

ModSecurity
- Blocks SQL Injection, Cross-Site Scripting, Remote Code Execution and more
- Utilize the OWASP ModSecurity Core Rule Set or define custom rules
- Directly integrated with HAProxy
Enterprise and the Kubernetes Enterprise Ingress Controller - Hardened version of ModSecurity
- Demonstrates a clear performance gain over other ModSecurity implementations

Zero-Trust Mode
- Highly restrictive ruleset for zero-trust security
- Fine-grained whitelisting allows expected client behavior only
- Blocks SQLi, XSS, Remote File Inclusion, Directory Traversal, Evasion Tricks and more
- Tight integration with HAProxy ACLs and logging
- Supports various responses including deny, silent drop and tarpit
- Zero-Trust rules can be based on
request path, variable, or
combination of both
The HAProxy Enterprise Web Application Firewall (WAF) comes included as part of your HAProxy Enterprise subscription.
Featured Resources
FREE EBOOK
The HAProxy Guide to Multi-Layer Security
HAProxy gives you the building blocks to create a strong, layered defense against DDoS, malicious bot traffic, vulnerability scanners and more. Using its flexible configuration language, you’ll learn to:
- Protect your services from application-layer DDoS attacks
- Identify and stop malicious bots
- Harness the power of the HAProxy Enterprise WAF to counter sophisticated, Layer 7 attacks like SQL injection and cross-site scripting
ON-DEMAND WEBINAR
DDoS Attack and Bot Protection with HAProxy Enterprise
We read about DDoS attacks and bot threats causing companies millions in lost revenues and battered reputations almost every day. By leveraging an extremely efficient and innovative design, including extensive ACL and Stick Table tracking systems, HAProxy Enterprise is able to perform the real time behavioral analysis that mitigating today’s threats demands. Rather than being caught off guard, join this webinar to see how you can use HAProxy Enterprise to create an effective, high performance threat protection solution.