subject:"WAF with HA Proxy."

Re: WAF with HA Proxy.

2018-08-13 Thread DHAVAL JAISWAL

Thanks Willy,

It's solved.

Now, checking further on configuring Rules.

On Mon, Aug 13, 2018 at 2:32 PM, Willy Tarreau  wrote:

> On Mon, Aug 13, 2018 at 02:24:00PM +0530, DHAVAL JAISWAL wrote:
> > /usr/local/src/modsecurity-2.9.1/hapmodeconfig/INSTALL/include/
>
> Well, I'm sorry, I don't know what type of help you expect by simply
> dumping a path like this.
>
> > ./modsecurity -h
> >
> > -bash: ./modsecurity: No such file or directory
>
> So this clearly shows that something went wrong. You will hardly get
> any help if you insist on remaining crypting and continue to refuse
> to read your error messages on your screen, I'm sorry.
>
> Willy
>



-- 
Thanks & Regards
Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-08-13 Thread Willy Tarreau

On Mon, Aug 13, 2018 at 02:24:00PM +0530, DHAVAL JAISWAL wrote:
> /usr/local/src/modsecurity-2.9.1/hapmodeconfig/INSTALL/include/

Well, I'm sorry, I don't know what type of help you expect by simply
dumping a path like this.

> ./modsecurity -h
> 
> -bash: ./modsecurity: No such file or directory

So this clearly shows that something went wrong. You will hardly get
any help if you insist on remaining crypting and continue to refuse
to read your error messages on your screen, I'm sorry.

Willy

Re: WAF with HA Proxy.

2018-08-13 Thread DHAVAL JAISWAL

/usr/local/src/modsecurity-2.9.1/hapmodeconfig/INSTALL/include/


./modsecurity -h

-bash: ./modsecurity: No such file or directory

On Mon, Aug 13, 2018 at 1:14 PM, Willy Tarreau  wrote:

> On Mon, Aug 13, 2018 at 01:09:58PM +0530, DHAVAL JAISWAL wrote:
> > Trying to configure mod security on HA Proxy server with the following
> way.
> > However,  it throws error.
> >
> > https://fossies.org/linux/haproxy/contrib/modsecurity/README
> >
> > ./modsecurity.h  -h
>
> You are sourcing a C include file. The README says "./modsecurity -h",
> not "./modsecurity.h -h". I suspect you got it by auto-completion
> because you skipped the compilation step.
>
> Willy
>



-- 
Thanks & Regards
Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-08-13 Thread Willy Tarreau

On Mon, Aug 13, 2018 at 01:09:58PM +0530, DHAVAL JAISWAL wrote:
> Trying to configure mod security on HA Proxy server with the following way.
> However,  it throws error.
> 
> https://fossies.org/linux/haproxy/contrib/modsecurity/README
> 
> ./modsecurity.h  -h

You are sourcing a C include file. The README says "./modsecurity -h",
not "./modsecurity.h -h". I suspect you got it by auto-completion
because you skipped the compilation step.

Willy

Re: WAF with HA Proxy.

2018-08-13 Thread DHAVAL JAISWAL

Trying to configure mod security on HA Proxy server with the following way.
However,  it throws error.

https://fossies.org/linux/haproxy/contrib/modsecurity/README

./modsecurity.h  -h

./modsecurity.h: line 1: /bin: Is a directory

./modsecurity.h: line 2: acmp.h: command not found

./modsecurity.h: line 3: syntax error near unexpected token `('

./modsecurity.h: line 3: `* Copyright (c) 2004-2013 Trustwave Holdings,
Inc. (http://www.trustwave.com/)'

On Thu, May 10, 2018 at 2:58 AM, Mark Lakes 
wrote:

> Thank you for the feedback, although this is in fact a technical solution
> I never intended to offend anyone. I have submitted fixes to haproxy in the
> past but have not as you say responded to questions before this.
>
> thanks again for the feedback
>  -mark
>
>
>
>
>
> On Wed, May 9, 2018 at 2:03 PM, Willy Tarreau  wrote:
>
>> Mark,
>>
>> On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote:
>> > For commercial purposes, see Signal Sciences Next Gen WAF solution:
>> > https://www.signalsciences.com/waf-web-application-firewall/
>>
>> Advertising for commercial products on an open source list is never
>> welcome
>> especially when such a response looks like it's made only to try to place
>> a
>> product and nor really to propose a technical solution (and it's not as if
>> you had ever responded to a question here prior to this one).
>>
>> A large number of commercial product vendors are represented here, some of
>> whom invest a lot in R&D and support, some even competing in certain
>> areas,
>> and all of them respect this basic rule, focusing only on sharing
>> knowledge
>> and improvements to haproxy. A few times I've even rejected requests from
>> some of my coworkers who asked if it was OK to respond to someone with a
>> link to one of HapTech's commercial solutions and I'm pretty sure others
>> do the same in other companies.
>>
>> Given the complaints we used to have in the past with the spams on the
>> list,
>> I'm pretty sure that most of the list's participants would prefer that the
>> list remains free of any form of advertising so that we can continue to
>> work
>> all together without being polluted nor starting to suspect that each
>> proposal
>> or question would derive to another ad.
>>
>> Also, I'm normally not the one who'd comment on each other's signature,
>> but
>> this one occupies almost half of my 80x24 response e-mail window, full of
>> links and even trackers as if you were trying hard to make a bit of SEO,
>> and this is quite impolite to many users, so I think it would be
>> reasonable
>> to significantly trim it down :
>>
>> > *Mark Lakes*
>> > Sr Software Engineer
>> > (555) 555-
>> > 
>> > Winner: InfoWorld Technology of the Year 2018
>> > > opment/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>
>> > 
>> > 
>> > 
>>
>> You will simply not find this from most of the regular participants on
>> this
>> list and many would probably like to take the opportunity as well but
>> refrain
>> from doing so to respect others. So at least being the only one to post
>> like
>> this should give you a hint how to proceed in the future.
>>
>> Thanks,
>> Willy
>>
>
>


-- 
Thanks & Regards
Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-05-09 Thread Mark Lakes

Thank you for the feedback, although this is in fact a technical solution I
never intended to offend anyone. I have submitted fixes to haproxy in the
past but have not as you say responded to questions before this.

thanks again for the feedback
 -mark





On Wed, May 9, 2018 at 2:03 PM, Willy Tarreau  wrote:

> Mark,
>
> On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote:
> > For commercial purposes, see Signal Sciences Next Gen WAF solution:
> > https://www.signalsciences.com/waf-web-application-firewall/
>
> Advertising for commercial products on an open source list is never welcome
> especially when such a response looks like it's made only to try to place a
> product and nor really to propose a technical solution (and it's not as if
> you had ever responded to a question here prior to this one).
>
> A large number of commercial product vendors are represented here, some of
> whom invest a lot in R&D and support, some even competing in certain areas,
> and all of them respect this basic rule, focusing only on sharing knowledge
> and improvements to haproxy. A few times I've even rejected requests from
> some of my coworkers who asked if it was OK to respond to someone with a
> link to one of HapTech's commercial solutions and I'm pretty sure others
> do the same in other companies.
>
> Given the complaints we used to have in the past with the spams on the
> list,
> I'm pretty sure that most of the list's participants would prefer that the
> list remains free of any form of advertising so that we can continue to
> work
> all together without being polluted nor starting to suspect that each
> proposal
> or question would derive to another ad.
>
> Also, I'm normally not the one who'd comment on each other's signature, but
> this one occupies almost half of my 80x24 response e-mail window, full of
> links and even trackers as if you were trying hard to make a bit of SEO,
> and this is quite impolite to many users, so I think it would be reasonable
> to significantly trim it down :
>
> > *Mark Lakes*
> > Sr Software Engineer
> > (555) 555-
> > 
> > Winner: InfoWorld Technology of the Year 2018
> >  development/infoworlds-2018-technology-of-the-year-award-
> winners.html#slide24>
> > 
> > 
> > 
>
> You will simply not find this from most of the regular participants on this
> list and many would probably like to take the opportunity as well but
> refrain
> from doing so to respect others. So at least being the only one to post
> like
> this should give you a hint how to proceed in the future.
>
> Thanks,
> Willy
>

Re: WAF with HA Proxy.

2018-05-09 Thread Willy Tarreau

Mark,

On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote:
> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/

Advertising for commercial products on an open source list is never welcome
especially when such a response looks like it's made only to try to place a
product and nor really to propose a technical solution (and it's not as if
you had ever responded to a question here prior to this one).

A large number of commercial product vendors are represented here, some of
whom invest a lot in R&D and support, some even competing in certain areas,
and all of them respect this basic rule, focusing only on sharing knowledge
and improvements to haproxy. A few times I've even rejected requests from
some of my coworkers who asked if it was OK to respond to someone with a
link to one of HapTech's commercial solutions and I'm pretty sure others
do the same in other companies.

Given the complaints we used to have in the past with the spams on the list,
I'm pretty sure that most of the list's participants would prefer that the
list remains free of any form of advertising so that we can continue to work
all together without being polluted nor starting to suspect that each proposal
or question would derive to another ad.

Also, I'm normally not the one who'd comment on each other's signature, but
this one occupies almost half of my 80x24 response e-mail window, full of
links and even trackers as if you were trying hard to make a bit of SEO,
and this is quite impolite to many users, so I think it would be reasonable
to significantly trim it down :

> *Mark Lakes*
> Sr Software Engineer
> (555) 555-
> 
> Winner: InfoWorld Technology of the Year 2018
> 
> 
> 
> 

You will simply not find this from most of the regular participants on this
list and many would probably like to take the opportunity as well but refrain
from doing so to respect others. So at least being the only one to post like
this should give you a hint how to proceed in the future.

Thanks,
Willy

Re: WAF with HA Proxy.

2018-05-09 Thread thierry . fournier

On Thu, 10 May 2018 02:07:24 +0530
DHAVAL JAISWAL  wrote:

> I would prefer to keep this in front of HAProxy. So that any request comes
> first it will pass through he WAF standard rules and then it will come
> inside.


HAProxy is a very robust component. It block protocol attacks which doesn't
respect HTTP protocol and forward other attacks. In other way, it can block
basic attacks with simple ACL (attacks like http://../../../etc/passwd).

With HAProxy in front component, you can process loadbalancing on your WAFs.
This is useful because WAFs use more CPU than loadbalancers.

BR,
Thierry


> Could you please help me with some more documentation, configuration about
> this. How would I achieve it.
> 
> 
> 
> On Thu, May 10, 2018 at 12:14 AM, Malcolm Turnbull  > wrote:
> 
> > Dhaval,
> >
> > As far as I'm concerned almost everyone on the planet uses mod_security...
> > But most use it with apache & some use it with Nginx...
> > So you can either put it on all of your web servers...
> > Or Put it in-front of HAProxy...
> > Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])
> >
> > [1] https://www.haproxy.com/blog/scalable-waf-protection-with-
> > haproxy-and-apache-with-modsecurity/
> > [2] https://www.loadbalancer.org/blog/blocking-invalid-range-
> > headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/
> >
> >
> > Malcolm Turnbull
> >
> > Loadbalancer.org Ltd.
> >
> > www.loadbalancer.org
> >
> >  +44 (0)330 380 1064
> > malc...@loadbalancer.org
> >
> >
> >
> >
> > On 9 May 2018 at 19:21, DHAVAL JAISWAL  wrote:
> > > Looking for open source.
> > >
> > > On Wed, May 9, 2018 at 11:10 PM, Mark Lakes 
> > > wrote:
> > >>
> > >> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> > >> https://www.signalsciences.com/waf-web-application-firewall/
> > >>
> > >>
> > >>
> > >> Mark Lakes
> > >> Sr Software Engineer
> > >> (555) 555-
> > >> Winner: InfoWorld Technology of the Year 2018
> > >>
> > >>
> > >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL 
> > wrote:
> > >>>
> > >>> I am looking for WAF solution with HA Proxy.
> > >>>
> > >>> One which I come to know is with HA Proxy version 1.8.8 + mode
> > security.
> > >>> However, I feel its still on early stage.
> > >>>
> > >>> Any other recommendation for WAF with HA Proxy.
> > >>>
> > >>>
> > >>> --
> > >>> Thanks & Regards
> > >>> Dhaval Jaiswal
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > > Thanks & Regards
> > > Dhaval Jaiswal
> >
> 
> 
> 
> -- 
> Thanks & Regards
> Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-05-09 Thread thierry . fournier

On Wed, 9 May 2018 21:10:48 +0100
Andrew Smalley  wrote:

> Hello Thierry
> 
> Thank you for your response saying it is the SPOE engine that does
> mod_security integration and not the almost correct SPOA that I said.


No, you're right: SPOA is the Agent and the ModSec implemention is an
SPOA. SPOE is the Engine.


> Can I ask how haproxy does the SSO with the SPOE/SPOA Engine?


The SPOE/SPOA is designed for this kind of usage, but I don't heard
about any SPOA soft which implements this kind of functionnality.

I propose four ways:

 - Not easy, but reliable: copy/paste the C SPOA demo agent and modify
   it to perform SSO authentication according with your needs.

 - Easy, but with questionable reliability (because recent dev): I
   submit a few days ago a generic SPOA daemon whoch executes Python
   scripts. Unfortunately, I based my dev on a old HAProxy version
   (1.6 or 1.7), and the agent is not compatible with all SPOP
   (P=Protocol) feature, but i works with 1.8 and 1.9.
  https://www.mail-archive.com/haproxy@formilux.org/msg29093.html
   Once python is executed, you can done authentication with any backend.

 - Hard and not reliable (because new dev): Internal haproxy dev (based
   on the same way than SPOE and Lua socket) which communicates with
   SASL. SASL seems great for SSO authentication: it can process many
   authentication method (HTTP Basic, HTTP Digest) and use many backend:
   PAM, files, passwd, ldap, ...)

 - Easy with some protocols and reliable. Use Lua and socket to
   establish authentication protocol with another server. But some
   limitations prevent the usage of some libraries. The libldap is
   not usable. The usable libs are libs using luasocket, but which
   can be modificated for using haproxy sockets (its the same API
   than luasocket).

BR,
Thierry


> 
> 
> Andruw Smalley
> 
> Loadbalancer.org Ltd.
> 
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmal...@loadbalancer.org
> 
> Leave a Review | Deployment Guides | Blog
> 
> 
> On 9 May 2018 at 21:04, Thierry Fournier  
> wrote:
> > Hi,
> >
> > I confirm: the modsecurity i done throught SPOE.
> >
> > The limitation are:
> >
> > The limit of the body size analysed is the size of HAProxy buffer (default
> > 16kB, but for my own usage, I configure 1MB)
> >
> >
> > The response is not analysed.
> >
> >
> > BR,
> > Thierry
> >
> >
> > On 9 May 2018, at 21:40, Andrew Smalley  wrote:
> >
> > Hi Mark
> >
> > Actually as far as I understand the Haproxy implementation of
> > mod_security integration is not with Lua but with SPOA
> >
> > https://www.haproxy.org/download/1.7/doc/SPOE.txt
> > Andruw Smalley
> >
> > Loadbalancer.org Ltd.
> >
> > www.loadbalancer.org
> > +1 888 867 9504 / +44 (0)330 380 1064
> > asmal...@loadbalancer.org
> >
> > Leave a Review | Deployment Guides | Blog
> >
> >
> > On 9 May 2018 at 20:36, Mark Lakes  wrote:
> >
> > RIght, via lua module it integrates with haproxy.
> > -mark
> >
> >
> >
> >
> > Mark Lakes
> > Sr Software Engineer
> > (555) 555-
> > Winner: InfoWorld Technology of the Year 2018
> >
> >
> > On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews 
> > wrote:
> >
> >
> > On Wed, 9 May 2018 at 18:43, Mark Lakes  wrote:
> >
> >
> > For commercial purposes, see Signal Sciences Next Gen WAF solution:
> > https://www.signalsciences.com/waf-web-application-firewall/
> >
> >
> >
> > That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> > integrate with HAProxy? Via what mechanism?
> >
> > J
> >
> > --
> > Jonathan Matthews
> > London, UK
> > http://www.jpluscplusm.com/contact.html
> >
> >
> >
> >
> >
>

Re: WAF with HA Proxy.

2018-05-09 Thread DHAVAL JAISWAL

I would prefer to keep this in front of HAProxy. So that any request comes
first it will pass through he WAF standard rules and then it will come
inside.

Could you please help me with some more documentation, configuration about
this. How would I achieve it.



On Thu, May 10, 2018 at 12:14 AM, Malcolm Turnbull  wrote:

> Dhaval,
>
> As far as I'm concerned almost everyone on the planet uses mod_security...
> But most use it with apache & some use it with Nginx...
> So you can either put it on all of your web servers...
> Or Put it in-front of HAProxy...
> Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])
>
> [1] https://www.haproxy.com/blog/scalable-waf-protection-with-
> haproxy-and-apache-with-modsecurity/
> [2] https://www.loadbalancer.org/blog/blocking-invalid-range-
> headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/
>
>
> Malcolm Turnbull
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
>
>  +44 (0)330 380 1064
> malc...@loadbalancer.org
>
>
>
>
> On 9 May 2018 at 19:21, DHAVAL JAISWAL  wrote:
> > Looking for open source.
> >
> > On Wed, May 9, 2018 at 11:10 PM, Mark Lakes 
> > wrote:
> >>
> >> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> >> https://www.signalsciences.com/waf-web-application-firewall/
> >>
> >>
> >>
> >> Mark Lakes
> >> Sr Software Engineer
> >> (555) 555-
> >> Winner: InfoWorld Technology of the Year 2018
> >>
> >>
> >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL 
> wrote:
> >>>
> >>> I am looking for WAF solution with HA Proxy.
> >>>
> >>> One which I come to know is with HA Proxy version 1.8.8 + mode
> security.
> >>> However, I feel its still on early stage.
> >>>
> >>> Any other recommendation for WAF with HA Proxy.
> >>>
> >>>
> >>> --
> >>> Thanks & Regards
> >>> Dhaval Jaiswal
> >>
> >>
> >
> >
> >
> > --
> > Thanks & Regards
> > Dhaval Jaiswal
>



-- 
Thanks & Regards
Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-05-09 Thread Mark Lakes

Sure, note that it doesnt integrate with mod_security. It integrates with
haproxy via a lua script and haproxy config that uses it.



*Mark Lakes*
Sr Software Engineer
(555) 555-

Winner: InfoWorld Technology of the Year 2018





On Wed, May 9, 2018 at 12:40 PM, Andrew Smalley 
wrote:

> Hi Mark
>
> Actually as far as I understand the Haproxy implementation of
> mod_security integration is not with Lua but with SPOA
>
> https://www.haproxy.org/download/1.7/doc/SPOE.txt
> Andruw Smalley
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmal...@loadbalancer.org
>
> Leave a Review | Deployment Guides | Blog
>
>
> On 9 May 2018 at 20:36, Mark Lakes  wrote:
> > RIght, via lua module it integrates with haproxy.
> > -mark
> >
> >
> >
> >
> > Mark Lakes
> > Sr Software Engineer
> > (555) 555-
> > Winner: InfoWorld Technology of the Year 2018
> >
> >
> > On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <
> cont...@jpluscplusm.com>
> > wrote:
> >>
> >> On Wed, 9 May 2018 at 18:43, Mark Lakes 
> wrote:
> >>>
> >>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> >>> https://www.signalsciences.com/waf-web-application-firewall/
> >>
> >>
> >> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> >> integrate with HAProxy? Via what mechanism?
> >>
> >> J
> >>
> >> --
> >> Jonathan Matthews
> >> London, UK
> >> http://www.jpluscplusm.com/contact.html
> >
> >
>
>

Re: WAF with HA Proxy.

2018-05-09 Thread Andrew Smalley

Hello Thierry

Thank you for your response saying it is the SPOE engine that does
mod_security integration and not the almost correct SPOA that I said.

Can I ask how haproxy does the SSO with the SPOE/SPOA Engine?


Andruw Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmal...@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 9 May 2018 at 21:04, Thierry Fournier  wrote:
> Hi,
>
> I confirm: the modsecurity i done throught SPOE.
>
> The limitation are:
>
> The limit of the body size analysed is the size of HAProxy buffer (default
> 16kB, but for my own usage, I configure 1MB)
>
>
> The response is not analysed.
>
>
> BR,
> Thierry
>
>
> On 9 May 2018, at 21:40, Andrew Smalley  wrote:
>
> Hi Mark
>
> Actually as far as I understand the Haproxy implementation of
> mod_security integration is not with Lua but with SPOA
>
> https://www.haproxy.org/download/1.7/doc/SPOE.txt
> Andruw Smalley
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmal...@loadbalancer.org
>
> Leave a Review | Deployment Guides | Blog
>
>
> On 9 May 2018 at 20:36, Mark Lakes  wrote:
>
> RIght, via lua module it integrates with haproxy.
> -mark
>
>
>
>
> Mark Lakes
> Sr Software Engineer
> (555) 555-
> Winner: InfoWorld Technology of the Year 2018
>
>
> On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews 
> wrote:
>
>
> On Wed, 9 May 2018 at 18:43, Mark Lakes  wrote:
>
>
> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/
>
>
>
> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> integrate with HAProxy? Via what mechanism?
>
> J
>
> --
> Jonathan Matthews
> London, UK
> http://www.jpluscplusm.com/contact.html
>
>
>
>
>

Re: WAF with HA Proxy.

2018-05-09 Thread Thierry Fournier

Hi,

I confirm: the modsecurity i done throught SPOE.

The limitation are:

The limit of the body size analysed is the size of HAProxy buffer (default 
16kB, but for my own usage, I configure 1MB)

The response is not analysed.

BR,
Thierry

> On 9 May 2018, at 21:40, Andrew Smalley  wrote:
> 
> Hi Mark
> 
> Actually as far as I understand the Haproxy implementation of
> mod_security integration is not with Lua but with SPOA
> 
> https://www.haproxy.org/download/1.7/doc/SPOE.txt
> Andruw Smalley
> 
> Loadbalancer.org Ltd.
> 
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmal...@loadbalancer.org
> 
> Leave a Review | Deployment Guides | Blog
> 
> 
> On 9 May 2018 at 20:36, Mark Lakes  wrote:
>> RIght, via lua module it integrates with haproxy.
>> -mark
>> 
>> 
>> 
>> 
>> Mark Lakes
>> Sr Software Engineer
>> (555) 555-
>> Winner: InfoWorld Technology of the Year 2018
>> 
>> 
>> On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews 
>> wrote:
>>> 
>>> On Wed, 9 May 2018 at 18:43, Mark Lakes  wrote:
 
 For commercial purposes, see Signal Sciences Next Gen WAF solution:
 https://www.signalsciences.com/waf-web-application-firewall/
>>> 
>>> 
>>> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
>>> integrate with HAProxy? Via what mechanism?
>>> 
>>> J
>>> 
>>> --
>>> Jonathan Matthews
>>> London, UK
>>> http://www.jpluscplusm.com/contact.html
>> 
>> 
>

Re: WAF with HA Proxy.

2018-05-09 Thread Andrew Smalley

Hi Mark

Actually as far as I understand the Haproxy implementation of
mod_security integration is not with Lua but with SPOA

https://www.haproxy.org/download/1.7/doc/SPOE.txt
Andruw Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmal...@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 9 May 2018 at 20:36, Mark Lakes  wrote:
> RIght, via lua module it integrates with haproxy.
> -mark
>
>
>
>
> Mark Lakes
> Sr Software Engineer
> (555) 555-
> Winner: InfoWorld Technology of the Year 2018
>
>
> On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews 
> wrote:
>>
>> On Wed, 9 May 2018 at 18:43, Mark Lakes  wrote:
>>>
>>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>>> https://www.signalsciences.com/waf-web-application-firewall/
>>
>>
>> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
>> integrate with HAProxy? Via what mechanism?
>>
>> J
>>
>> --
>> Jonathan Matthews
>> London, UK
>> http://www.jpluscplusm.com/contact.html
>
>

Re: WAF with HA Proxy.

2018-05-09 Thread Mark Lakes

RIght, via lua module it integrates with haproxy.
-mark




*Mark Lakes*
Sr Software Engineer
(555) 555-

Winner: InfoWorld Technology of the Year 2018





On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews 
wrote:

> On Wed, 9 May 2018 at 18:43, Mark Lakes  wrote:
>
>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>> https://www.signalsciences.com/waf-web-application-firewall/
>>
>
> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> integrate with HAProxy? Via what mechanism?
>
> J
>
>> 
>>
> 
>>
> --
> Jonathan Matthews
> London, UK
> http://www.jpluscplusm.com/contact.html
>

Re: WAF with HA Proxy.

2018-05-09 Thread Malcolm Turnbull

Dhaval,

As far as I'm concerned almost everyone on the planet uses mod_security...
But most use it with apache & some use it with Nginx...
So you can either put it on all of your web servers...
Or Put it in-front of HAProxy...
Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])

[1] 
https://www.haproxy.com/blog/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/
[2] 
https://www.loadbalancer.org/blog/blocking-invalid-range-headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/


Malcolm Turnbull

Loadbalancer.org Ltd.

www.loadbalancer.org

 +44 (0)330 380 1064
malc...@loadbalancer.org




On 9 May 2018 at 19:21, DHAVAL JAISWAL  wrote:
> Looking for open source.
>
> On Wed, May 9, 2018 at 11:10 PM, Mark Lakes 
> wrote:
>>
>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>> https://www.signalsciences.com/waf-web-application-firewall/
>>
>>
>>
>> Mark Lakes
>> Sr Software Engineer
>> (555) 555-
>> Winner: InfoWorld Technology of the Year 2018
>>
>>
>> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL  wrote:
>>>
>>> I am looking for WAF solution with HA Proxy.
>>>
>>> One which I come to know is with HA Proxy version 1.8.8 + mode security.
>>> However, I feel its still on early stage.
>>>
>>> Any other recommendation for WAF with HA Proxy.
>>>
>>>
>>> --
>>> Thanks & Regards
>>> Dhaval Jaiswal
>>
>>
>
>
>
> --
> Thanks & Regards
> Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-05-09 Thread Jonathan Matthews

On Wed, 9 May 2018 at 18:43, Mark Lakes  wrote:

> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/
>

That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
integrate with HAProxy? Via what mechanism?

J

> 
>

>
-- 
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html

Re: WAF with HA Proxy.

2018-05-09 Thread DHAVAL JAISWAL

Looking for open source.

On Wed, May 9, 2018 at 11:10 PM, Mark Lakes 
wrote:

> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/
>
>
>
> *Mark Lakes*
> Sr Software Engineer
> (555) 555-
> <https://www.signalsciences.com/?utm_source=emailsig>
> Winner: InfoWorld Technology of the Year 2018
> <https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>
> <https://www.facebook.com/SignalSciences/>
> <https://twitter.com/signalsciences>
> <https://www.linkedin.com/company/signal-sciences/>
>
> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL  wrote:
>
>> I am looking for WAF solution with HA Proxy.
>>
>> One which I come to know is with HA Proxy version 1.8.8 + mode security.
>> However, I feel its still on early stage.
>>
>> Any other recommendation for WAF with HA Proxy.
>>
>>
>> --
>> Thanks & Regards
>> Dhaval Jaiswal
>>
>
>


-- 
Thanks & Regards
Dhaval Jaiswal

Re: WAF with HA Proxy.

2018-05-09 Thread Mark Lakes

For commercial purposes, see Signal Sciences Next Gen WAF solution:
https://www.signalsciences.com/waf-web-application-firewall/



*Mark Lakes*
Sr Software Engineer
(555) 555-
<https://www.signalsciences.com/?utm_source=emailsig>
Winner: InfoWorld Technology of the Year 2018
<https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>
<https://www.facebook.com/SignalSciences/>
<https://twitter.com/signalsciences>
<https://www.linkedin.com/company/signal-sciences/>

On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL  wrote:

> I am looking for WAF solution with HA Proxy.
>
> One which I come to know is with HA Proxy version 1.8.8 + mode security.
> However, I feel its still on early stage.
>
> Any other recommendation for WAF with HA Proxy.
>
>
> --
> Thanks & Regards
> Dhaval Jaiswal
>

WAF with HA Proxy.

2018-05-09 Thread DHAVAL JAISWAL

I am looking for WAF solution with HA Proxy.

One which I come to know is with HA Proxy version 1.8.8 + mode security.
However, I feel its still on early stage.

Any other recommendation for WAF with HA Proxy.


-- 
Thanks & Regards
Dhaval Jaiswal

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

Re: WAF with HA Proxy.

WAF with HA Proxy.

20 matches

Site Navigation

Mail list logo

Footer information