Skip to main content
Back to all posts

Andrew Howe

Andrew is a key authority in load balancing, particularly in Web Application Firewall (WAF) technology and Layer 4/Layer 7 optimization. His expertise is demonstrated by his work identifying and disclosing WAF vulnerabilities, and deep technical experience with open-source software like ModSecurity and Direct Server Return (DSR). His contributions to core application security and performance optimization establish him as a highly authoritative voice in the industry. He also loves board games!

Posts
15 posts
Role
Former Technical Author/Architect

ModSecurity DoS vulnerability (CVE-2021-42717)

All WAF vendors and services using ModSecurity are affected by this vulnerability (unless they have the vulnerable piece of code disabled, by chance)...

Open source Security WAF

Extending ModSecurity: How to add completely custom WAF functionality

In this example, I’m going to add a new transformation function to ModSecurity to calculate the Scrabble score of a variable. This will allow us to block HTTP requests containing query string parameters with a Scrabble score above a chosen threshold...

WAF Open source Security

Layer 4 vs Layer 7 load balancing - we still love DSR, but…

Direct server return, direct routing - no matter what you call it, using DSR maximises the throughput of return traffic and allows for near endless scalability. Here's why we still love it...

Performance HAProxy Storage