WAF — Powerful but painful Web Application Firewalls

There seems to be a lot of confusion about the role of a Web Application Firewall (WAF) in application security, and what types of threat a WAF can help mitigate in your deployment.

Some network engineers think that Web Application Firewalls (WAFs) are so complicated, they've been known to run away and hide for days when they've encountered one.

The ModSecurity web application firewall (WAF) engine is set to go end-of-life (EOL) on 1 July 2024.

There are two schools of thought on this: ‘yes, it should’ and ‘no, it shouldn't’. Let's look at the arguments both for and against.

Here's what we learned from crAPI about API security, and how a Web Application Firewall (WAF) can help you take things one step further.

I had the privilege of speaking in Dublin at this year's OWASP Core Rule Set Community Summit before then attending OWASP Global AppSec immediately afterwards.

Sometimes, we need to pass unusually large HTTP requests through our WAF stack.

A while ago I was asked if it would be possible to apply some general rate limiting in HAProxy and the WAF, in order to help prevent DOS-style attacks on a customer's servers.

All WAF vendors and services using ModSecurity are affected by this vulnerability (unless they have the vulnerable piece of code disabled, by chance).

A WAF isn't a magic bullet, but, as part of a defense in depth strategy, a properly configured WAF should catch and stop common, everyday attacks.

In this example, I’m going to add a new transformation function to ModSecurity to calculate the Scrabble score of a variable. This will allow us to block HTTP requests containing query string parameters with a Scrabble score above a chosen threshold.

In the world of web application security, it can be invaluable to consider a user's behaviour across the entire duration of their web app session.

Let's look at the best way to use the WAF with as little pain as possible!

We’re often asked how to configure our load balancer to protect both web servers and users.

Imagine you’re running a business and you often see malicious-looking web traffic from the other side of the globe hitting your website.

Our helpdesk often encounters confusion about Web Application Firewalls, or WAFs - what they are, how to use them, and what issues they can potentially cause.

The web-based login to your application is a juicy target for hackers. And once they get past the login, they can cause you some serious pain.

An engineer at a business using Darktrace, confessed that many IT staff ignored the pricey security software because it sent so many false alerts.

A critical security issue has been found in HAProxy, leaving certain systems vulnerable to remote attack. We want to keep you informed, and we understand that this news might cause you some anxiety. But be reassured - most of our customers won’t be affected.

We have built upon our existing strengths in virtualized environments to become Nutanix certified, with the addition of support for Nutanix AHV positions.

In the Azure Management Portal, select the Virtual Machines option, click on the newly deployed Load Balancer VM, click on Network interfaces and then select the network interface attached to the load balancer, then click IP configurations and ensure that IP forwarding is Enabled.

The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy.

Security through obscurity is not a great idea when it is your ONLY protection technique. For example moving your SSH port from 22 -> 23 won't fool any hackers for long! However, I've always liked putting a 'double login' in front of important web sites to frustrate simple automated hacking tools.

SSL offload is handled by STunnel, while HAProxy handles back-end server re-encryption.

How frustrating do you find it when hackers or robots fill in your website forms with "Buy Viagra Now!" type spam?