Protecting against SAP NetWeaver vulnerability (CVE-2025-31324) with HAProxy
Mitigate SAP NetWeaver CVE-2025-31324 with HAProxy. Learn how to block unauthenticated file uploads and protect your systems from severe risk.
Articles in category
Security
Lessons learned in LLM prompt security: securing AI with AI
We are experimenting with AI for prompt security in AI Gateways. Discover key lessons, performance issues, and how to optimize for practical use.
Protecting against Next.js middleware vulnerability CVE-2025-29927 with HAProxy
A recently discovered security vulnerability requires attention from development teams using Next.js in production environments.
Announcing HAProxy Enterprise 3.1
HAProxy Enterprise 3.1 delivers a brand new ADFSPIP Module and enhancements to the HAProxy Enterprise UDP Module, CAPTCHA Module, Global Profiling Engine, and more!
January 2025 – Multiple rsync CVEs impacting memory and file handling in Linux virtual images
The latest versions of HAProxy Fusion fix multiple rsync vulnerabilities related to memory handling and file management in HAProxy Fusion’s Linux-based virtual images. We will cover these CVEs here.
Lasting Impressions and Technical Tidbits From AWS re:Invent 2024
AWS re:Invent 2024 has officially wrapped up, but not everything that happens in Vegas stays in Vegas. Here are some key takeaways from our five days spent with AWS and app delivery enthusiasts.
Announcing HAProxy ALOHA 16.5
HAProxy ALOHA 16.5 is now available, bringing the new Bot Management Module, the new Network Management CLI, and more!
KubeCon NA 2024: service discovery, security, and AI — oh my!
AI Gateway
API Gateway
Event
Kubernetes
Load Balancing / Routing
Products
Security
Service Discovery
Bots
Though KubeCon North America 2024 has officially come to a close, the CNCF's flagship event has left us buzzing with residual excitement. Here's what we've learned throughout those four days.
Announcing HAProxy Enterprise 3.0
HAProxy Enterprise 3.0 extends HAProxy Enterprise’s legendary performance and flexibility and builds upon its cornerstone features.
Nearly 90% of our AI crawler traffic is from TikTok parent ByteDance – lessons learned
TikTok’s web scraper, Bytespider, is reportedly aggressively sucking up content to fuel generative AI models. We also noticed this while reviewing bot management analytics. Here's what we've learned.
Announcing HAProxy Fusion 1.3
Product Release
Application Monitoring
Kubernetes
Load Balancing / Routing
Observability
Performance
Security
Service Discovery
HAProxy Fusion 1.3 is now available! New custom dashboards, high-performance Kubernetes service discovery, and optimized workflows bolster HAProxy Fusion's observability and flexibility.
Easily Remove Existing HAProxy Connections Made via Client Authentication
HAProxy Enterprise lets you immediately drop connections and remove the client if their certificate is revoked. Here's how to strengthen security without disrupting other users and customers.
September 2024 – CVE-2024-45506: endless loop in HTTP/2 with zero-copy forwarding in HAProxy
The latest versions of our products fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system in HAProxy, HAProxy Enterprise...
How To Identify Requests as Part of an End-To-End Tracing Strategy
Learn how HAProxy Enterprise can help financial services uniquely identify requests as part of a greater end-to-end tracing strategy.
Zero-trust mTLS automation with HAProxy and SPIFFE/SPIRE
Securing traffic between systems is critical. Follow along as we explain how to use SPIFFE and SPIRE to automatically generate and renew identities that include mTLS certificates.
Load Balancing RADIUS With HAProxy Enterprise UDP Module
HAProxy Enterprise now supports RADIUS load balancing with the new HAProxy Enterprise UDP Module. We'll outline the challenges with implementing RADIUS load balancing and how to solve them.
How to Reliably Block AI Crawlers Using HAProxy Enterprise
AI crawlers from large language model (LLM) companies often ignore the contents of robots.txt and crawl your site. If blocking AI crawlers is your goal, HAProxy Enterprise is the answer. Here's how.
Create an HAProxy AI gateway to control LLM costs, security, and privacy
The introduction of ChatGPT caused sharply increased interest in large language models (LLMs). These AI apps also have unique deliverability concerns. Here's how an HAProxy AI gateway can help.
Scalable AWS Load Balancing and Security With HAProxy Fusion
Read highlights from Jakub Suchy's talk describing how HAProxy Fusion enhances both scalability and security for applications, including Kubernetes applications, on AWS.
July 2024 – CVE-2024-24791: HTTP/1.1 response code mishandling in golang products
The latest versions of our products fix a vulnerability related to HTTP/1.1 response code mishandling in products written in golang.
July 2024 – CVE-2024-6387: RCE in OpenSSH server
The latest versions of our products fix a vulnerability related to OpenSSH’s server (sshd), which is used in the public/private cloud images of HAProxy Enterprise...
Reviewing every new feature in HAProxy 3.0
HAProxy 3.0 brings many improvements to simplicity, security, reliability, flexibility, and more. We'll dive into what’s new with detailed examples. It’s a long list, so get cozy and bring a snack!
Announcing HAProxy 3.0
HAProxy 3.0 maintains its edge over alternatives with best-in-class load balancing. Ready to upgrade? Here’s how to get started.
Announcing HAProxy ALOHA 16
With HAProxy ALOHA 16 comes our next-generation WAF, new load balancing algorithms, upgraded Linux kernel to 6.1, and better isolation of admin services.
Announcing HAProxy Enterprise 2.9
Introducing our next-generation HAProxy Enterprise WAF and HAProxy Enterprise Bot Management Module for unmatched security, performance, and reliability in a simple package.
HAProxy is Resilient to the HTTP/2 CONTINUATION Flood
Our implementation of the HTTP/2 protocol can effectively handle the CONTINUATION Flood.
Protect against NetScaler vulnerability CitrixBleed
In this post, we will show how you can use an HAProxy Enterprise load balancer to protect against CitrixBleed by placing it in front of your NetScaler instance(s).
December 2023 - CVE-2023-45539: HAProxy Accepts # as Part of the URI Component Fixed
We have received questions regarding CVE-2023-45539 issued in November 2023. The versions of our products released on Monday, 21 August 2023 to fix...
Web App Security vs. API Security: Unified Approaches Reign Supreme
While there are core differences between web apps and APIs, a unified security strategy is crucial. In this blog, we'll discuss why both types of security appear different yet are inherently linked.
Rate limiting based on AWS VPC ID
We show you how to implement rate limiting based on the ID of the Virtual Private Cloud in Amazon Web Services using HAProxy Enterprise.
Scalable Load Balancing & Security Made Simple at AWS re:Invent 2023
Watch our Lightning Talk at AWS re:Invent 2023 on how HAProxy Fusion and HAProxy Enterprise enable simple and scalable load balancing and security on AWS.
Why implementing app security can lead to spiraling costs
To avoid overspending, businesses should reevaluate their security vendors and prioritize a more cost-effective approach.
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
CVE-2023-44487 found in the HTTP/2 protocol could allow a DoS attack against web servers, reverse proxies, or other software. HAProxy products are unaffected, but we're monitoring the situation.
August 2023 - CVE-2023-40225: Empty content-length header vulnerability fixed
HAProxy Technologies released new versions of its products to fix the vulnerability CVE-2023-40225. Learn more here.
Black Hat USA: adaptable security from HAProxy
HAProxy Technologies showcased its deep, targeted, and scalable security at Black Hat USA 2023.
G2’s Most Recommended WAF & DDoS Protection
The G2 Summer 2023 Grid Reports recognize HAProxy as a leader in the Web Application Firewall (WAF) and DDoS Protection categories.
HAProxy and Let’s Encrypt: Improved Support in acme.sh
Improvements in acme.sh integration allows you to manage TLS certificates with Let’s Encrypt without restarting HAProxy.
February 2023 – CVE-2023-25725: Header Parser Fixed
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you
Most Common Website Security Threats (2024) + Solutions
This blog post will discuss web threats and how to protect yourself against DDoS attacks, web scraping, brute-force attacks, and vulnerability scanning.
Secure cookies using HAProxy Enterprise
Cookies have many usages, most notably user authentication and settings. This post will explain the best practices for how to secure your cookies.
Fundamentals: application acceleration & the benefits for your service delivery
In this blog post, you will learn that application acceleration is all about improving the responsiveness of a digital service.
Verify OAuth JWT Tokens With HAProxy
Learn how to secure your APIs against unauthorized access. The OAuth 2 protocol uses JSON Web Tokens to convey a client’s permissions and HAProxy can verify whether a token can be trusted.
Restrict API Access With Client Certificates (mTLS)
HAProxy enables mTLS, supporting client certificate authentication for both clients and backend servers. Learn how to set it up in this blog post.
Application-Layer DDoS Attack Protection With HAProxy
HAProxy's high-performance security capabilities are utilized as a key line of defense by many of the world's top enterprises. Application-layer DDoS attacks are aimed at overwhelming an application w
Scalable WAF Protection With HAProxy & Apache With ModSecurity
The below information is deprecated as HAProxy Enterprise now offers a fully functional native WAF module which supports whitelist-based rulesets, and more.
