WAF on KEMP Loadmaster

When customers or persons out there, use KEMP for other stuff than Reverse Proxy or HLB for Skype for Business. We as a KEMP  Center Partner see often that they use it for IIS.

Other will protect their IIS solutions and here is a tip about this.
If you have a IIS that us HLB and use WAF (Web application firewall) and has a subscription from KEMP for it, well then use the following settings running only IIS on the Realserver.

Under Settings for the VS, WAF settings and then choose the IIS rule and not the generic rule. This is why:
If there is information passing through the website such as user details or going to a database it would be recommended to us the Application Generic rules such as SQLI and XSS. However if Application Generic rules are applied it is not possible to apply Application Specific.

And please turn on Audit Mode to Audit Relevanse. If this is not turned on, then you might get no loggs on the WAF.

One other thing about WAF is that when you turn it on, well then you get a message 1 out of 8 VS are enabled. What does this mean?
Well, this say that you have 4 GBRam for your WAF, and each VS running WAF takes out 512 MB Ram. If you find out that you need to have eg. 16 VS running WAF, well then you have to double your memory for your Loadmaster.

Hope this explains a lot about this subject.

No comments:

Post a Comment