WAF - The role of Web Application Firewalls in secure application delivery

How Denial of Service (DoS) attacks work, how to protect against them, and the arguments for and against using an ADC as your first line of defense.

OWASP gives us training wheels and teaches us how NOT to do app security. But WAF takes you one step further.

Our Technical Author/Architect, Andrew Howe, speaks at the 2023 OWASP Core Rule Set Community Summit and reflects on the WAF conundrum.

How can we safely deal with very large HTTP requests when working with a WAF?

Rate limiting in HAProxy and the WAF, to prevent DOS-style attacks on customer servers.

The implications of the recent ModSecurity vulnerability on open-source Web Application Firewalls.

Here we outline our new, simplified WAF offering, for easier configuration and superior web application security, using the core rule set v3.

ModSecurity is a web application firewall that we use to power our product’s WAF functionality. Here I outline, step-by-step, how to customize this.

Learn more about our method to implement a more robust solution for deprecating counters in ModSecurity WAF.

Training a WAF can be difficult - but not impossible. Find out how we recommend doing it, and how our tools make the whole process easier.

Protect both web servers and users, with this combination of layers and tools.

Malicious-looking web traffic from the other side of the globe is hitting your site. One solution is to block traffic originating in the offending country, assuming you don’t have customers there. With our WAF it’s possible to block inbound traffic by location adding an extra layer of security...

Find out how Web Application Firewalls, or WAFs, protect web-based applications from common vulnerabilities.

The web-based login to your application is a juicy target for hackers. And once they get past the login, they can cause you some serious pain. If you have a WAF (Web Application Firewall), though, the problem is pretty easy to mitigate — even when it's a distributed attack. Am I

These are scary times when it comes to cybersecurity. Following on from high-profile breaches at Equifax, British Airways, Ticketmaster, Newegg and more, it’s not surprising that companies are prepared to pay top dollar for the very best in security software. What does the very best look like? Well, it

A critical security issue has been found in HAProxy, leaving certain systems vulnerable to remote attack. We want to keep you informed, and we understand that this news might cause you some anxiety. But be reassured - most of our customers won’t be affected.

Our Enterprise VA range of load balancers deliver scalable, reliable and secure application delivery in Nutanix Acropolis. We have built upon our existing strengths in virtualized environments, such as VMWare, Hyper-V, KVM and Xen, to become Nutanix certified, with the addition of support for Nutanix AHV positions, meaning we are

This blog will provide a quick start guide on how to load balance Web Servers and configure a WAF using the Enterprise Azure Loadbalancer.org Azure cloud appliance. • The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy • SSL offload is handled by STunnel,

This blog will provide a quick start quide on how to load balance Apache Web Servers and configure a WAF using the Enterprise Azure Loadbalancer.org Azure cloud appliance. • The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy. • SSL offload is handled by

Security through obscurity is not a great idea when it is your ONLY protection technique. For example moving your SSH port from 22 -> 23 won't fool any hackers for long! However, I've always liked putting a 'double login' in front of important web sites to frustrate simple automated hacking tools.

This blog will provide a quick start guide on how to load balance Nginx Web Servers and configure a WAF using the Enterprise Azure Loadbalancer.org Azure cloud appliance. • The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy. • SSL offload is handled by

How frustrating do you find it when hackers or robots fill in your website forms with "Buy Viagra Now!" type spam?

Accessibility is the magic word for todays blog. If you’re lucky enough to run a website, then the whole world has access to it by default! Now lets imagine that the website you’re running is targeted for a geographically specific customer base such as the USA. You get

During the last year at Loadbalancer.org we have spent a lot of time and effort researching WAF (Web Application Firewall) solutions. The integrated WAF in version 8 of the Loadbalancer.org appliance has been designed for fast, low latency PCI compliance for our customers. We also have several customers

As the evolution of of Loadbalancer.org continues, we are proud to present our latest software release, v8.0. New features such as the Web Application Firewall (WAF) spearheading our increased focus on security and various updates including an enhanced process for high availability appliance pairing , improved LBCLI, advancement of