No-compromise security on AWS with HAProxy’s app delivery platform (SEC102)
Securing Traffic on AWS with Multi-Layered Security using HAProxy
Introduction
HAProxy is a well-known open-source software load balancer, known for its high performance and security features.
The presenter is from AJ Proxy Technologies, the company behind the reputation of HAProxy.
The topic of the presentation is about securing traffic using a multi-layered security approach with HAProxy.
Multi-Layered Security Approach
The presenter discusses the concept of multi-layered security, where multiple security layers are used to protect against various threats.
Customers often start with basic load balancing and gradually build up their security layers to protect against different types of attacks, such as application layer DDoS, web scraping, brute-forcing, and targeted exploitation.
The presenter mentions that they see around 30% of the traffic on their own Edge Network being anomalous, indicating the need for a robust security approach.
Security Layers
Access Control: Allowing or denying traffic based on IP addresses, Ja3 fingerprints, or other criteria.
Rate Calculation: Calculating the rate of requests based on various keys (IP address, path, bot label) and setting dynamic limits based on statistical analysis.
Bot Detection: Identifying bots and classifying them with a score from 0 to 100, allowing the decision to be made on whether to allow or block the traffic.
Web Application Firewall (WAF): Deploying a high-performance WAF that can process up to 300,000 requests per second, as compared to the typical 300 requests per second.
Decision-Making Process
After detecting the various threats, the system makes a decision on whether to deny, allow, or take other actions (such as serving a JavaScript challenge or CAPTCHA) based on the collected information.
The presenter introduces a "Maximum Protection Security Recipe" that provides pre-configured decisions, allowing customers to adjust the security levels as needed.
Live Demo
The presenter demonstrates a live dashboard showing the results of running the security recipe, highlighting the actions taken against detected bots and other anomalous traffic.
The presenter investigates a specific attack, analyzing the details of the blocked request and the triggered WAF rules, and then adds the offending IP address to the deny list to prevent further waste of CPU resources.
Performance and Consistency
The presenter emphasizes the importance of maintaining high performance and low latency, even with the additional security layers.
Benchmarks are provided, showing that the security processing does not add statistically significant latency to the first-time-to-bite (TTFB) metric.
The consistent security approach across on-premises and AWS workloads is highlighted as a key benefit.
Invitation to AJ Proxy Conference
The presenter invites the audience to the AJ Proxy conference in San Francisco in June, where there will be a call for papers from open-source users and customers.
Attendees are also invited to visit the AJ Proxy booth at the conference to ask further questions.
These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.
If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.