Dhaval, As far as I'm concerned almost everyone on the planet uses mod_security... But most use it with apache & some use it with Nginx... So you can either put it on all of your web servers... Or Put it in-front of HAProxy... Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])
[1] https://www.haproxy.com/blog/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/ [2] https://www.loadbalancer.org/blog/blocking-invalid-range-headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/ Malcolm Turnbull Loadbalancer.org Ltd. www.loadbalancer.org +44 (0)330 380 1064 [email protected] On 9 May 2018 at 19:21, DHAVAL JAISWAL <[email protected]> wrote: > Looking for open source. > > On Wed, May 9, 2018 at 11:10 PM, Mark Lakes <[email protected]> > wrote: >> >> For commercial purposes, see Signal Sciences Next Gen WAF solution: >> https://www.signalsciences.com/waf-web-application-firewall/ >> >> >> >> Mark Lakes >> Sr Software Engineer >> (555) 555-5555 >> Winner: InfoWorld Technology of the Year 2018 >> >> >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]> wrote: >>> >>> I am looking for WAF solution with HA Proxy. >>> >>> One which I come to know is with HA Proxy version 1.8.8 + mode security. >>> However, I feel its still on early stage. >>> >>> Any other recommendation for WAF with HA Proxy. >>> >>> >>> -- >>> Thanks & Regards >>> Dhaval Jaiswal >> >> > > > > -- > Thanks & Regards > Dhaval Jaiswal
