OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: dragon2611 on October 30, 2017, 02:34:06 pm

Title: WAF/IDS haproxy?
Post by: dragon2611 on October 30, 2017, 02:34:06 pm

Given Suricata tends not to play nice with virtIO nics and tends to be CPU heavy is there a way to use the HTTP/HTTPs threat rules with HAproxy instead?

Would be nice if possible as it's already acting as the front-end load balancer/proxy and decoding any incoming https  ;)

Title: Re: WAF/IDS haproxy?
Post by: franco on October 30, 2017, 02:40:55 pm

Hi dragon,

I think somebody wanted to work on an Nginx/NAXSI plugin in the upcoming months:

https://github.com/nbs-system/naxsi


Cheers,
Franco