Web Application Firewall (WAF) services are natively integrated in the LoadMaster. This enables secure deployment of web applications, preventing layer 7 attacks while maintaining core load balancing services which ensures superior application delivery and security. WAF functionality directly augments the LoadMaster’s existing security features to create a layered defence for web applications - enabling a safe, compliant and productive use of published services.

If you have a WAF license and WAF Support, Progress Kemp provides the industry standard OWASP CRS rule set, which contains generic attack detection rules that provide a base level of protection for any web application. The Progress Kemp-provided and supported rules are available when signed up to a WAF subscription.

You can also write and upload your own custom rules, if required.

With the WAF-enabled LoadMaster, you can choose whether to use Progress Kemp-provided rules, custom rules which can be uploaded or a combination of both.

For a more detailed overview of the WAF feature, please refer to the WAF section in the LoadMaster, Product Overview.

For instructions on how to configure the various WAF options in the LoadMaster, refer to the Web Application Firewall, Feature Description.

Document Purpose

The purpose of this document is to provide some guidance on how to write your own custom WAF rules. These custom rules can be uploaded to the LoadMaster and assigned to Virtual Services as needed.