Security - Enhancing application security with customizable Web Application Firewalls and user protection

How maintaining close control of your ADC estate can provide greater visibility and security.

How to get your load balancer to make time and date decisions for content switching.

How Denial of Service (DoS) attacks work, how to protect against them, and the arguments for and against using an ADC as your first line of defense.

OWASP gives us training wheels and teaches us how NOT to do app security. But WAF takes you one step further.

How do you apply zero trust principles to your architecture? And what role does the ADC play in security?

Our Technical Author/Architect, Andrew Howe, speaks at the 2023 OWASP Core Rule Set Community Summit and reflects on the WAF conundrum.

How resilient is your network?

How can we safely deal with very large HTTP requests when working with a WAF?

Rate limiting in HAProxy and the WAF, to prevent DOS-style attacks on customer servers.

If exploited, the F5 CVE-2022-1388 vulnerability can lead to a full system takeover.

Detail on Spring Framework vulnerabilities CVE-2022-22963 and CVE-2022-22965.

The vulnerability affects OpenSSL’s BN_mod_sqrt() function which can get stuck in an infinite loop.

Details of the PwnKit vulnerability.

The implications of the recent ModSecurity vulnerability on open-source Web Application Firewalls.

This powerful piece of hardware can aggregate multiple web filters together to meet huge throughput demands.

Here we outline our new, simplified WAF offering, for easier configuration and superior web application security, using the core rule set v3.

This critical vulnerability (that does not impact our products) could be a major headache, so it is crucial to check all of your applications to see if they are affected.

On the 4th October 2021, the social media giant Facebook experienced a global outage, affecting not only Facebook, but Instagram and WhatsApp.

ModSecurity is a web application firewall that we use to power our product’s WAF functionality. Here I outline, step-by-step, how to customize this.

How Loadbalancer.org identified the CVE-2021-35368 vulnerability, and what it means for users.

No IT system is ever designed to fail. But they can - and they do. So how can you protect your critical IT systems and servers, to ensure high availability and guarantee zero downtime? Why do systems fail? In a world where tech is constantly evolving, it’s impossible to

Learn more about our method to implement a more robust solution for deprecating counters in ModSecurity WAF.

Training a WAF can be difficult - but not impossible. Find out how we recommend doing it, and how our tools make the whole process easier.

Protect both web servers and users, with this combination of layers and tools.

Dealing with bugs and vulnerabilities is quite common in the tech space. Aaron West, the head of Solutions at Loadbalancer.org shares some insights about our approach of tackling such issues, and more.