WAF

Web application firewall

A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.


ModSecurity

ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx. It is a free software released under the Apache license 2.0.

The platform provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules.

Although not its only configuration, ModSecurity is most commonly deployed to provide protections against generic classes of vulnerabilities using the OWASP ModSecurity Core Rule Set (CRS). This is an open-source set of rules written in ModSecurity's SecRules language. The project is part of OWASP, the Open Web Application Security Project. Several other rule sets are also available.

To detect threats, the ModSecurity engine is deployed embedded within the webserver or as a proxy server in front of a web application. This allows the engine to scan incoming and outgoing HTTP communications to the endpoint. Dependent on the rule configuration the engine will decide how communications should be handled which includes the capability to pass, drop, redirect, return a given status code, execute a user script, and more.

How it works inside HAProxy-WI

HAProxy-WI provides for you ability to install, configure and manage WAF for HAProxy. It means that: you should press just a one button and you will have the WAF integration with your HAProxy service.

HAProxy-WI allows you to choose the operating mode of ModSecurity. You can start/stop/restart WAF service. Also HAProxy-WI can collect WAF connections metrics.

The ModSecurity works with default settings. HAProxy-WI pre-installs OWASP-CRS rules with default settings. If you want to change any parameters you should edit them in path: /etc/haproxy/waf/rules/

WAF overview

The default OWASP-CRS rules

HAProxy-WI pre-installs the next rules by default:

WAF rules

You can disable or enable rules via HAProxy-WI, but do not forget to restart WAF after changing