On Thu, 10 May 2018 02:07:24 +0530 DHAVAL JAISWAL <[email protected]> wrote:
> I would prefer to keep this in front of HAProxy. So that any request comes > first it will pass through he WAF standard rules and then it will come > inside. HAProxy is a very robust component. It block protocol attacks which doesn't respect HTTP protocol and forward other attacks. In other way, it can block basic attacks with simple ACL (attacks like http://../../../etc/passwd). With HAProxy in front component, you can process loadbalancing on your WAFs. This is useful because WAFs use more CPU than loadbalancers. BR, Thierry > Could you please help me with some more documentation, configuration about > this. How would I achieve it. > > > > On Thu, May 10, 2018 at 12:14 AM, Malcolm Turnbull <[email protected] > > wrote: > > > Dhaval, > > > > As far as I'm concerned almost everyone on the planet uses mod_security... > > But most use it with apache & some use it with Nginx... > > So you can either put it on all of your web servers... > > Or Put it in-front of HAProxy... > > Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2]) > > > > [1] https://www.haproxy.com/blog/scalable-waf-protection-with- > > haproxy-and-apache-with-modsecurity/ > > [2] https://www.loadbalancer.org/blog/blocking-invalid-range- > > headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/ > > > > > > Malcolm Turnbull > > > > Loadbalancer.org Ltd. > > > > www.loadbalancer.org > > > > +44 (0)330 380 1064 > > [email protected] > > > > > > > > > > On 9 May 2018 at 19:21, DHAVAL JAISWAL <[email protected]> wrote: > > > Looking for open source. > > > > > > On Wed, May 9, 2018 at 11:10 PM, Mark Lakes <[email protected]> > > > wrote: > > >> > > >> For commercial purposes, see Signal Sciences Next Gen WAF solution: > > >> https://www.signalsciences.com/waf-web-application-firewall/ > > >> > > >> > > >> > > >> Mark Lakes > > >> Sr Software Engineer > > >> (555) 555-5555 > > >> Winner: InfoWorld Technology of the Year 2018 > > >> > > >> > > >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]> > > wrote: > > >>> > > >>> I am looking for WAF solution with HA Proxy. > > >>> > > >>> One which I come to know is with HA Proxy version 1.8.8 + mode > > security. > > >>> However, I feel its still on early stage. > > >>> > > >>> Any other recommendation for WAF with HA Proxy. > > >>> > > >>> > > >>> -- > > >>> Thanks & Regards > > >>> Dhaval Jaiswal > > >> > > >> > > > > > > > > > > > > -- > > > Thanks & Regards > > > Dhaval Jaiswal > > > > > > -- > Thanks & Regards > Dhaval Jaiswal
