WAF - The role of Web Application Firewalls in secure application delivery
Handling large requests with a Web Application Firewall (WAF) while avoiding Denial of Service (DoS) attacks
How can we safely deal with very large HTTP requests when working with a WAF?
How to rate limit with HAProxy Stick Tables and the WAF
Rate limiting in HAProxy and the WAF, to prevent DOS-style attacks on customer servers.
ModSecurity DoS vulnerability (CVE-2021-42717)
The implications of the recent ModSecurity vulnerability on open-source Web Application Firewalls.
Simplifying web application security with the Core Rule Set v3
Here we outline our new, simplified WAF offering, for easier configuration and superior web application security, using the core rule set v3.
Extending ModSecurity: How to add completely custom WAF functionality
ModSecurity is a web application firewall that we use to power our product’s WAF functionality. Here I outline, step-by-step, how to customize this.
ModSecurity and the Case of the Never Decreasing Variables
Learn more about our method to implement a more robust solution for deprecating counters in ModSecurity WAF.
How to train your Web Application Firewall (WAF)
Training a WAF can be difficult - but not impossible. Find out how we recommend doing it, and how our tools make the whole process easier.
Secure connections: encrypt, inspect and decrypt traffic when using a WAF
Protect both web servers and users, with this combination of layers and tools.
Security through geography: blocking traffic by country, continent, or IP address using ModSecurity
Malicious-looking web traffic from the other side of the globe is hitting your site. One solution is to block traffic originating in the offending country, assuming you don’t have customers there. With our WAF it’s possible to block inbound traffic by location adding an extra layer of security...
Why use a WAF? Because what doesn't kill you makes you stronger
Find out how Web Application Firewalls, or WAFs, protect web-based applications from common vulnerabilities.
Brute force login: Simple protection techniques with the ModSecurity WAF
The web-based login to your application is a juicy target for hackers. And once they get past the login, they can cause you some serious pain. If you have a WAF (Web Application Firewall), though, the problem is pretty easy to mitigate — even when it's a distributed attack. Am I
Darktrace: When looks aren't everything
These are scary times when it comes to cybersecurity. Following on from high-profile breaches at Equifax, British Airways, Ticketmaster, Newegg and more, it’s not surprising that companies are prepared to pay top dollar for the very best in security software. What does the very best look like? Well, it
HAProxy critical security update — to avoid simple(ish) DoS attack (20 September 2018)
A critical security issue has been found in HAProxy, leaving certain systems vulnerable to remote attack. We want to keep you informed, and we understand that this news might cause you some anxiety. But be reassured - most of our customers won’t be affected.
Nutanix Ready, a great platform now comes with a certified load balancer.
We're pleased to announce that we are now certified as Nutanix Ready. The Enterprise VA range of software load balancers now deliver scalable, reliable and secure application delivery in Nutanix Acropolis. Building upon our existing strengths in virtualized environments, such as VMWare, Hyper-V, KVM and Xen, the addition of support
Load Balancing Web Servers with OWASP Top 10 WAF in Azure
This blog will provide a quick start guide on how to load balance Web Servers and configure a WAF using the Enterprise Azure Loadbalancer.org Azure cloud appliance. • The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy • SSL offload is handled by STunnel,
Load Balancing Apache Web Servers with OWASP Top 10 WAF in Azure
This blog will provide a quick start quide on how to load balance Apache Web Servers and configure a WAF using the Enterprise Azure Loadbalancer.org Azure cloud appliance. • The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy. • SSL offload is handled by
Security through obscurity - double login protection made easy...
Security through obscurity is not a great idea when it is your ONLY protection technique. For example moving your SSH port from 22 -> 23 won't fool any hackers for long! However, I've always liked putting a 'double login' in front of important web sites to frustrate simple automated hacking tools.
Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure
This blog will provide a quick start guide on how to load balance Nginx Web Servers and configure a WAF using the Enterprise Azure Loadbalancer.org Azure cloud appliance. • The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy. • SSL offload is handled by
How to stop web form spam — use a simple honey pot trap in ModSecurity...
How frustrating do you find it when hackers or robots fill in your website forms with "Buy Viagra Now!" type spam?
Blocking Japan with ModSecurity and Maxmind Lite
Accessibility is the magic word for todays blog. If you’re lucky enough to run a website, then the whole world has access to it by default! Now lets imagine that the website you’re running is targeted for a geographically specific customer base such as the USA. You get
Loadbalancer.org partner with Sucuri for cloud based WAF & DDOS protection
During the last year at Loadbalancer.org we have spent a lot of time and effort researching WAF (Web Application Firewall) solutions. The integrated WAF in version 8 of the Loadbalancer.org appliance has been designed for fast, low latency PCI compliance for our customers. We also have several customers
It's great to be v8
As the evolution of of Loadbalancer.org continues, we are proud to present our latest software release, v8.0. New features such as the Web Application Firewall (WAF) spearheading our increased focus on security and various updates including an enhanced process for high availability appliance pairing , improved LBCLI, advancement of
Why did my Loadbalancer just fail the PCI compliance test?
Let me first say that I'm not really a fan of PCI scanners. It's not so much that I'm anti security scanners but rather that scanning for vulnerabilities based on only the version number a package returns seems rather simplistic to me. However, what should I do if my PCI
For any poor sod who needs to deal with the PCI Data Security Standard (PCI DSS)
Any engineer dealing with PCI DSS compliance issues probably looses a little bit of the joy in life :-). Now don't get me wrong, The PCI DSS has a laudable aim and is written quite well and mostly sensibly but like the bible is open to a vast amount of