Why you shouldn't lose sleep over the commercial end-of-life of ModSecurity
The ModSecurity web application firewall (WAF) engine is set to go end-of-life (EOL) on 1 July 2024...
Andrew is a key authority in load balancing, particularly in Web Application Firewall (WAF) technology and Layer 4/Layer 7 optimization. His expertise is demonstrated by his work identifying and disclosing WAF vulnerabilities, and deep technical experience with open-source software like ModSecurity and Direct Server Return (DSR). His contributions to core application security and performance optimization establish him as a highly authoritative voice in the industry. He also loves board games!
The ModSecurity web application firewall (WAF) engine is set to go end-of-life (EOL) on 1 July 2024...
It can sometimes be useful to make load balancing decisions based on the time and date. This allows you to conditionally refuse or redirect connections based on the time they're received...
I had the privilege of speaking in Dublin at this year's OWASP Core Rule Set Community Summit before then attending OWASP Global AppSec immediately afterwards...
Sometimes, we need to pass unusually large HTTP requests through our WAF stack...
For the uninitiated, layer 4 DR mode is a high performance load balancing method available on our appliances. It works by having all response traffic flow from the servers straight back to the clients...
All WAF vendors and services using ModSecurity are affected by this vulnerability (unless they have the vulnerable piece of code disabled, by chance)...
A WAF isn't a magic bullet, but, as part of a defense in depth strategy, a properly configured WAF should catch and stop common, everyday attacks...
A recent visit to Southampton Solent University...
In this example, I’m going to add a new transformation function to ModSecurity to calculate the Scrabble score of a variable. This will allow us to block HTTP requests containing query string parameters with a Scrabble score above a chosen threshold...
In early June 2021, I identified a request body bypass vulnerability in the OWASP ModSecurity Core Rule Set (CRS). Loadbalancer.org appliances themselves are unaffected...
In the world of web application security, it can be invaluable to consider a user's behaviour across the entire duration of their web app session...
Direct server return, direct routing - no matter what you call it, using DSR maximises the throughput of return traffic and allows for near endless scalability. Here's why we still love it...