Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to Enable WAF with Remote Desktop (RD) Web Access


Enable Web Application Firewall (WAF) with RD Web Access.

To enable WAF on RD Web Access Virtual Service. This is requires the use of Sub Virtual Services  due to the request methods Microsoft use (RDG_IN_DATA and RDG_OUT_DATA) when launching your Remote Desktop application.   


The LoadMaster can separate the RD Web Access portal traffic using content rules and forward it to a SubVS where WAF will be enabled. Subsequent RDP requests will then be routed to another SubVS that handles the RDP Connections. 

If your clients connect over UDP 3391 then you're not required to separate the traffic as these connections will hit your UDP Virtual Service. 


Create Two Content Rules

In the LoadMaster Web User Interface (WUI), go to Rules and Checking > Content Rules > Create New Rule.

  • Rule 1

Match String = RDG_IN_DATA


  • Rule 2

Match String = RDG_OUT_DATA


Set Add HTTP Headers to None

Navigate to your Top Level VS > Advanced Properties >  Add HTTP Headers = "none"


Create Two SubVSs

In the WUI, go to Virtual Services > View/Modify Services > Modify > Real Servers > Add SubVS and name them accordingly. 


Enable Content Switching on the Top Level VS

To enable Content Switching, follow the steps below:

    1. In the WUI, go to Virtual Services > View/Modify Services > Modify.
    2. Expand the Advanced Properties section.
    3. Enable Content Switching
    4. In the SubVSs section there will be a new column called Rules. SubVS_Apply_Rules_button.pngClick None and assign the Default rule to the First WAF SubVSYou will then assign your two RDG_IN_DATA & RDG_OUT_DATA Rules to your Second Sub VSSubvs_Rules_Applied.png

Configure SubVS's

  • Sub VS-1 (WAF) will be your RD Web Access VS. You will enable WAF here.Enable_WAF.png
  • Sub VS-2 will handle your RDP traffic. Within this Sub VS you will also be required to Set Add HTTP Headers to None"Found under Advanced Properties. Add_HTTP_Header_none_sub_VS.png




Was this article helpful?
0 out of 0 found this helpful