BankSITE Services uses HAProxy Enterprise to assist in the mitigation of Web Attacks against our network of Bank websites. HAProxy has become a critical part of BankSITE's security posture and BankSITE continues to add/refine the rules being used to help secure both our sites and network infrastructure.
BankSITE currently utilizes several features from HAProxy Enterprise feature-set to help limit our attacks.
Prior to deploying HAProxy as our primary Load Balancer/WAF, BankSITE's websites were under constant attack from around the globe. The attacks became some prevalent that it became a daily task of trying to react to the incoming attacks. BankSITE started the hunt to find a product to help us combat the incoming attacks and to bring some sense of sanity to our Network.
One of the main critical aspects for us in the beginning was to block known attackers. It took me several months to figure out what block lists were even semi reliable and provided almost zero false positives. The talk will provide users how I found the block lists to trust, and how they can also use these lists to block traffic and sleep at night that they aren't blocking good traffic.
Additionally I can demonstrate how we digest HAProxy logs into Elastic Search for future analysis and to use to generate our own Blacklist of IP addresses not addressed by the bad actors.
Devin Acosta is a Linux Solutions Architect who has been doing Information Technology for over 20 years. Devin has more recently focused in the field of I.T. Security and Protecting Sites on the Internet.