HAProxy community

Client Authentication and WAF

Does HAP support WAF ( I think this is covered my modsec?? )
Does HAP support client certificate authentication with CRL?



I am not aware of HAProxy supporting ModSecurity if this is what you were referring at.

However HAProxy does have ACL’s which allows you to build quite extensive rules from matching anything into the request headers (and even payload) up to rate limiting. (Although you’ll have to write them by hand, or better yet I would suggest writing a configuration generator in case you have may of them.)

Yes it does seem to support them as per the following options: