Enable WAF with Remote Desktop (RD) Web Access

Scope

Enable Web Application Firewall (WAF) with RD Web Access.

Currently the Load Master does not officially support WAF for Microsoft's RD Web Access. This is due to the request methods Microsoft use (RDG_IN_DATA and RDG_OUT_DATA) when launching your Remote Desktop application.   

Solution

To overcome this incompatibility, the Load Master can separate the RD Web Access portal traffic using content rules and forward it to a SubVS where WAF will be enabled. Subsequent RDP requests will then be routed to another SubVS that handles the RDP Connections

 

Configuration

Create Two Content Rules

In the LoadMaster Web User Interface (WUI), go to Rules and Checking > Content Rules > Create New Rule.

  • Rule 1

Match String = RDG_IN_DATA

 

  • Rule 2

Match String = RDG_OUT_DATA

 

Set Add HTTP Headers to None

Navigate to your Top Level VS > Advanced Properties >  Add HTTP Headers = "none"

 

 

Create Two SubVSs

In the WUI, go to Virtual Services > View/Modify Services > Modify > Real Servers > Add SubVS and name them accordingly. 

 

Enable Content Switching

To enable content switching, follow the steps below:

    1. In the WUI, go to Virtual Services > View/Modify Services > Modify.
    2. Expand the Advanced Properties section.
    3. Enable Content Switching

    4. In the SubVSs section there will be a new column called Rules. Click None and assign the Default rule to the First WAF SubVS. You will then assign your two RDG_IN_DATA & RDG_OUT_DATA Rules to your Second Sub VS

 

 

Configure SubVS's

  • Sub VS-1 (WAF) will be your RD Web Access VS. You will enable WAF here.
  • Sub VS-2 will handle your RDP traffic. Within this Sub VS you will also be required to Set Add HTTP Headers to None"Found under Advanced Properties. 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Comments