8.5 release notesΒΆ

The ALOHA 8.5 brings the following improvements:

  • powered by HAProxy Enterprise 1.6r2
  • SSL/TLS:
    • SNI filters supported in multi-type certificates
    • lb-update support for TLS session ticket keys
  • Packetshield, DDOS protection:
    • half-stateful mode for direct server return
    • ICMP rate limiting
    • geolocalization filtering support
  • API REST/JSON
    • support for tcp-check rules
  • Misc
    • kernel version linux 4.4
    • review partition sizes on flash
    • LUA support added to the load-balancer
    • support for the LVS sync daemon in the init script
  • New features:
    • TCP layer statistics are available in the form of new sample fetches (rtt, rtt variance etc, retransmits, losses, etc.)
    • New dst_is_local, src_is_local sample fetches make it easier to take care of locally initiated connections in contrast with remote connections
    • The peers protocol was updated to version 2.1 with support for synchronization of expiration dates
    • CLI keyword registration to allow modules to plug-in on the command line and receive actions (for example: refresh now)
    • SO_REUSEPORT can now be disabled with a new bind directive: noreuseport
    • New possibilities for accessing load balancer internals with Lua
    • Idle time in logs is now ignored by default for time measurements so that HTTP request time corresponds to the time elapsed between the first character and the full request. The handshake time is also available to measure the time spent in SSL/PROXY handshakes.
    • stick-tables now use native types to guarantee better accuracy of tracked information, especially binary keys
    • Mailers now support a configurable connection timeout
    • Changing server address, port and checkport is now possible from the CLI
    • New tcp-request session rule-sets makes it possible to track some L5-only information, for example anything negotiated in the handshake such as SSL DN or the client’s IP address as passed by the PROXY protocol. Previously it was needed to do it in tcp-request content rules, which would count one new connection event per request.
    • New stats field for denied connections and denied sessions
    • New hash-balance-factor directive for consistent hashing method
    • New http-response rule track-sc