Introducing the Enhanced WAF in Progress LoadMaster 360

Posted on

Application delivery is complex and involves many teams. Organizations need to provide these teams with the tools and insights they need to maximize the availability, performance and security of the application delivery infrastructure. Teams require in-context insights into the status of delivery components and easy-to-use workflows to manage and remediate application issues.

Progress LoadMaster 360 provides a consolidated dashboard and SaaS experience that enables admins to do their jobs more efficiently and in sync with the other IT teams. Deploying a unified experience to gain insights into the entire estate, LoadMaster 360 helps customers realize value faster and maximize their application experience.

Throughout 2024 and beyond, we intend to regularly add valuable new features and enhancements to existing ones. Our latest version, LoadMaster 360 Release 1.1, delivers an impressive update to our Web Application Firewall (WAF) functionality along with several other new features.

Why a WAF Is Critical to Your Application Security

With cybercriminal attacks on the rise, organizations need to do more than ever to mitigate risks to their applications. Application security is a multifaceted and ever-changing task that must be applied at multiple levels of the application delivery chain. The network must be secured before requests reach the backend application servers. Deploying a WAF-enabled LoadMaster as part of your network infrastructure helps deliver in-depth security for your web servers and applications.

You may already be familiar with the LoadMaster WAF, which has been part of LoadMaster since October 2023. The WAF enables the secure deployment of web applications, preventing Layer 7 attacks while maintaining core load balancing services and maintaining consistent application delivery and security. Put more simply, the WAF inspects the traffic to your applications and confirms that it's legitimate traffic. This powerful tool for protecting your applications is distinctly different from a network firewall..

When the WAF is enabled, the WAF engine scans every incoming HTTP packet – running through each assigned rule individually and deciding what action to take if a rule is triggered. The rules can be run on requests and responses. WAF can protect against OWASP Top 10 attacks,, such as:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Unvalidated redirects and forwards
  • Missing function-level access control
  • Sensitive data exposure

The WAF is available with the LoadMaster Enterprise Plus subscription tier.. Users can deploy it alone or in addition to other security solutions, including the other LoadMaster layered protection capabilities (Single Sign-On, pre-authentication, two-factor authentication, etc.). WAF functionality directly augments the existing LoadMaster security features to create a layered defense for web applications – helping to enable the safe, compliant and productive use of published services.

The Challenges of Tuning a WAF

While not difficult to implement, the LoadMaster WAF does require custom tuning for your specific application and server traffic. This manual tuning can be time-intensive and challenging for non-experts.

For example, many customers enable all the OWASP-based filters on their WAF, which provides abundant protection and effectively blocks legitimate and safe traffic to their applications. That’s why careful tuning is so important. When non-expert users turn on untuned rules, this will have a high-performance impact—likely resulting in many unnecessary false-positive alerts and slowing down traffic. The more rules you use in a WAF, the more it can impact the application and user experience.

Many customers already adept at using a WAF still find it time-consuming to get right. We knew we could do better LoadMaster, a product known for its ease of use. The capabilities of LoadMaster 360 provided us with an ideal method to improve how you can tune the WAF and continuously view its impact on your application and server traffic.

If you’ve ever been asked to show the WAF’s impact, this new feature can visually prove the value over days, weeks and months at the application or LoadMaster level. We call it the “Enhanced WAF.”

So, What Is the Enhanced WAF?

The Enhanced WAF is an entirely new set of capabilities built into LoadMaster 360 for configuring, tuning and continuously monitoring the WAF. Enhanced WAF helps secure your web applications and provides additional application security information more quickly.

Enhanced WAF helps:

  • Address the challenges of configuring and tuning the WAF
  • Minimize the time required for WAF configuration and tuning through smart WAF capabilities and custom rule generation
  • Identify and reduce the occurrence of false positive alerts
  • Deliver improved security insights across your environments

Enhanced WAF strikes the right balance between enhancing your web application security and providing your legitimate users with an optimal application experience.

How You Tune the WAF in LoadMaster 360

First, you must be subscribed to the Enterprise Plus tier.. You then set up your WAF as you normally do in the LoadMaster interface. If you have a WAF license and WAF Support, LoadMaster provides several commercial rules, such as ip_reputation. These rules are targeted to protect against specific threats, primarily the OWASP Top 10. With the WAF-enabled LoadMaster, you can choose whether to use Kemp-provided rules, custom rules that can be uploaded or a combination of both.

Once you have set up the WAF, you can open LoadMaster 360 and view the setup. The Enhanced WAF feature elevates analytics to monitor and report on the WAF activities of applications and LoadMasters.

The WAF Tuning features let you view individual false positive events, view the activity from intelligently parsed logs and configure rule exclusions to properly tune your ruleset to only allow legitimate traffic. These smart capabilities will help you minimize false positive responses and quickly reach a more secure stance.

What You Can See with Enhanced WAF

The LoadMaster 360 Enhanced WAF provides detailed visibility into its value and performance. Users are notified when to pay attention to potential application security issues and can more easily configure and customize the LoadMaster WAF technology.

Information you can view includes:

  • Total requests and blocked requests
  • The percentage of the total requests blocked from your application
  • Who is getting blocked by the WAF (Top 10 Blocked Requests by IP and URL)
  • The types of attacks stopped by the WAF (Top 10 Executed Rules)
  • Where around the globe the events are originating
  • Details of the False Positive activity

With the Enhanced WAF, you can deliver improved security insights, minimize the time required for WAF configuration and tuning and reduce the occurrence of false positive alerts.

Application Security Is Serious. So Are We.

The Enhanced WAF can help your organization protect its web applications against increasingly sophisticated cyberattacks. Your users receive an improved application experience through the benefit of greater visibility, smart false positive identification and controlled false positive remediation.

We’re thrilled to have the Enhanced WAF as a critical capability within LoadMaster 360 release 1.1. We designed it to simplify your administrative work and provide new and actionable insights into the security of your web applications. Now, more than ever, you can continuously monitor and manage the security of your services, applications and LoadMaster fleet.

How to Learn More

We recently announced the availability of Loadmaster 360 release 1.1. You can visit the feature web page for additional details

The LoadMaster WAF is available with the Enterprise Plus subscription tier, and LoadMaster 360 is available to all customers. If you do not have a license, you can reach out to your account manager or contact our team for a live demo and trial.

Posted on

Related Posts

Larry Goldman

Larry Goldman

Larry is an accomplished marketing leader with 25+ years in enterprise software, SaaS and technical B2B marketing. He currently serves as the Director of Product Marketing for infrastructure management at Progress Software. Larry espescially enjoys communicating the beneffits of technical products to audiences of all depth of experience. You can follow him on LinkedIn.