Nick Ramirez Nick Ramirez | Aug 12, 2022 | SECURITY, SSL
An application programming interface (API) provides access to the features of a business application, but with the visual elements stripped away. By using APIs, devices like tablets, self-service kiosks, point-of-sale terminals, and robotic sensors can connect up to...
HAProxy Technologies HAProxy Technologies | Apr 1, 2022 | NEWS, SECURITY
Recently, a Remote Code Execution vulnerability was discovered in the Java Spring Core library. This vulnerability allows attackers to execute arbitrary code on affected systems. You can find more information on that vulnerability in the announcement on the Spring...
HAProxy Technologies HAProxy Technologies | Dec 13, 2021 | NEWS, SECURITY, TECH
This post will be updated over the next several days. Recently, a Remote Code Execution vulnerability was discovered in the Apache Log4J library. This vulnerability, which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on...
Jim O'Connell Jim O'Connell | Sep 8, 2021 | KUBERNETES, LOAD BALANCING / ROUTING, SECURITY
Add IP-by-IP rate limiting to the HAProxy Kubernetes Ingress Controller. DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent...
Nick Ramirez Nick Ramirez | Sep 7, 2021 | NEWS, SECURITY, TECH
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found that makes it possible for an attacker to bypass the check for a duplicate HTTP Content-Length header, permitting a request smuggling attack or a...
Daniel Corbett Daniel Corbett | Aug 16, 2021 | NEWS, SECURITY, TECH
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found that makes it possible to abuse the HTTP/2 parser, allowing an attacker to prepend hostnames to a request, append top-level domains to an existing...