A lot can change in three years. The world of 2022 was a quite different place. Queen Elizabeth II was the longest-serving living monarch, the world population hadn’t yet cracked eight billion, and many of us were still emerging from the strangeness of the Covid years. Meanwhile, at HAProxyConf 2022, we unveiled HAProxy Fusion Control Plane for the first time.
Three years later, we joined HAProxy’s global community in San Francisco for HAProxyConf 2025, and we couldn’t be more proud of what we have achieved together. We built upon the foundations laid in 2022, and have gone further, faster, than we ever imagined. HAProxy Fusion is playing a leading role in our customers’ success stories, and along with HAProxy Enterprise is driving real-world innovation in security, cloud-native orchestration, and performance optimization at scale.
Taking these success stories and the latest announcements from HAProxy Technologies all together, we see a concept we’ve pursued internally made real. We call it the modern security platform. There’s a lot to unpack, so let’s get into it.

What is HAProxyConf?
HAProxyConf is a unique event sponsored by HAProxy Technologies, bringing together HAProxy’s global community of open source users and developers, our customers and partners, and our enterprise engineers and leadership team. Presentations include real-world use cases from customers, announcements from our product teams, and technical deep-dives from HAProxy experts. The event also features workshops and plenty of networking opportunities.
HAProxyConf 2025 took place June 4-5 in the Mission Bay Conference Center in San Francisco, with pre-conference workshops at the nearby Luma Hotel. The event attracted hundreds of attendees, with the sold-out workshops proving a particular draw as HAProxy’s experts helped eager fans go from novice to expert.
People came from all over the world to learn, connect, share their stories, and cross lightsabers with our duelling Loady. The food, the custom T-shirt press, and the ever-popular Loady plushies kept the smiles and good times flowing throughout the two-day event.
We were thrilled to welcome well-known developer advocate and cloud computing expert Kelsey Hightower, whose keynote provided a timely reminder of the importance of understanding the fundamentals of networking and computing. “I think we've gotten to the point where people have forgotten the fundamentals,” said Hightower. “The ability to imagine is gone. You have no idea how to reshape a thing you don't understand. And I think that's a huge problem when it comes to the technology landscape.” Hightower also took part in a lively panel discussion on navigating rapid change in IT.

Kelsey Hightower presents a keynote on The Fundamentals
The state of HAProxy in 2025
HAProxy has always prioritized performance, reliability, and flexibility. HAProxy Enterprise adds advanced multi-layered security, administration, and unparalleled customer support. But we knew we wanted to give our customers even more.
When we launched HAProxy Fusion in 2022, we explained that our vision was to make HAProxy even more simple, scalable, and secure — leading to a unified application delivery and security platform that we call HAProxy One. HAProxy Fusion’s part in this vision is to provide centralized management, observability, and automation for multi-cluster, multi-cloud, and multi-team HAProxy Enterprise deployments. HAProxyConf 2025 was the perfect occasion to check in on our progress and reveal the next stage of our vision.
Some catching up
Before we get into what’s new in 2025, it’s important to note some developments in the intervening years.
First, in May 2024, we launched HAProxy Enterprise 2.9 that included the new HAProxy Enterprise WAF and HAProxy Enterprise Bot Management Module. This release brought next-gen security performance to the HAProxy One platform, with exceptional accuracy, ultra-low latency, and effective out-of-the-box protection.
Second, we saw the Kubernetes landscape evolve with the shift from the Ingress API to the newer Gateway API, alongside rapid customer adoption of service discovery in HAProxy Fusion to automate Kubernetes application routing. Both trends highlighted the need for modern, flexible approaches to Kubernetes networking, and the spread of user preferences across Kubernetes-native methods and HAProxy-native methods.
Third, OpenSSL 3.0+ significantly degraded the performance of multi-threaded applications (such as HAProxy) compared with previous versions. This prompted the HAProxy core development team to evaluate alternative SSL libraries for integration with HAProxy.
Our goals
So, we went into HAProxyConf 2025 with a few product goals:
Fulfil the promise of HAProxy Fusion with advanced security that just works — in the simplest way possible
Modernize our solution for Kubernetes application routing for both open source and enterprise users, providing Kubernetes-native and HAProxy-native methods.
Maintain and extend HAProxy’s legendary performance in HTTPS traffic management, using the most advanced SSL libraries available.
These goals coalesce in a singular concept we’ve been pursuing internally, that we call the modern security platform: capable of stopping complex, unpredictable, novel, and expensive attacks; adaptable to any context including multi-app, multi-environment, and multi-form-factor deployment; delivering cost-efficient performance and efficiency; and accessible to IT/DevOps generalists (not just the security experts!).
Did we deliver on these ambitions? Let’s recap the main announcements from our product and engineering teams at HAProxyConf 2025.
From next-gen security performance to next-gen security UX
In a keynote presentation by Andjelko Iharos, VP of Architecture, and Baptiste Assmann, Director of Product, HAProxy Technologies revealed the future of secure application delivery. This involves enhancements to both the data plane (HAProxy Enterprise) and the control plane (HAProxy Fusion), working together in harmony to make advanced security simple and accessible.

Baptiste Assmann and Andjelko Iharos reveal next-gen security features at HAProxyConf 2025
HAProxy Enterprise’s new Threat Detection Engine uses novel and proprietary techniques to detect and label a broad spectrum of complex and high-impact threats, including application layer DDoS attacks, brute force attacks, web scrapers, and vulnerability scanners — with more in future updates.
Exceptional accuracy is achieved by leveraging the company’s deep expertise in security, data science, and machine learning, and our authority on the data plane.
Dynamic adaptability takes into account real-time traffic data to identify anomalies and adapt to each application automatically.
Performance efficiency minimizes memory and CPU usage while ensuring ultra-low latency.
HAProxy Fusion's new Security Control Plane enables orchestration of the multi-layered security capabilities in HAProxy Enterprise.
Centralized security policy provides consistent full-spectrum protection across a distributed edge.
Security Profiles make it simple to deploy security policies to clusters of HAProxy Enterprise nodes.
Threat-Response Matrix is an intuitive visual policy builder that enables administrators to combine signals and responses, leveraging all of HAProxy Enterprise’s multi-layered security capabilities.

Deploy “Security Profiles” from HAProxy Fusion to HAProxy Enterprise clusters
The result is a platform (HAProxy One) that is even better positioned to enable organizations to defend against common and emerging threats. The promise of HAProxy Fusion (simple, scalable, and secure) is extended fully to cover the advanced security capabilities of HAProxy Enterprise. Users like Roblox and Infobip with massive global deployments used their presentations at HAProxyConf 2025 to praise the next-gen security performance introduced in HAProxy Enterprise 2.9; now, this will be coupled with a next-gen security UX.

Create “Security Profiles” easily using the visual “Threat-Response Matrix” in HAProxy Fusion
This intuitive and highly visual approach to building and deploying security policies dramatically lowers the learning curve. Users can get started quickly and make changes easily. Potential issues with security configuration will be visible and fixable before they cause a problem with production traffic. All this serves to reduce risk and implementation costs.

See what proportion of traffic is allowed and what has threat-response actions applied
From Ingress to modern, flexible Kubernetes application routing
In a presentation covering our Kubernetes solution, HAProxy Technologies engineers Zlatko Bratkovic, Hélène Durand, and Dario Tranchitella unveiled the HAProxy Unified Kubernetes Gateway, which will unify Ingress and Gateway API-based traffic management in a single component.

Zlatko Bratkovic, Hélène Durand, and Dario Tranchitella present HAProxy Technologies’s Kubernetes solution at HAProxyConf 2025
The HAProxy Unified Kubernetes Gateway will be available as a standalone open source product, designed for single Kubernetes clusters and Gateway classes; it will also be incorporated directly into HAProxy Fusion (the centralized control plane of HAProxy One), which will enable use with multiple Kubernetes clusters and multiple Gateway classes, as well as providing all the benefits of HAProxy Fusion for scalable management, monitoring, and automation.

How HAProxy Fusion enhances HAProxy Unified Kubernetes Gateway for enterprise users
HAProxy Fusion already includes Kubernetes service discovery and automation of HAProxy Enterprise’s load balancing capabilities, which can enable external load balancing, multi-cluster routing, and direct-to-pod load balancing — either on-premises or in the cloud. With the HAProxy Unified Kubernetes Gateway incorporated into HAProxy Fusion, customers will have the flexibility to manage Kubernetes traffic using Kubernetes-native methods, HAProxy-native methods, or a combination of both — accommodating the widest possible range of deployment scenarios and platform user expertise.
From OpenSSL to aws-lc
In a presentation covering the evolution of SSL/TLS support in HAProxy, William Lallemand announced that HAProxy and HAProxy Enterprise will now include a modern SSL library from AWS (aws-lc), which provides the highest available SSL/TLS performance with HAProxy’s multi-threaded architecture, and important features for modern application delivery, such as full support for the QUIC transport layer. Lallemand also announced support for the ACME protocol (introduced in HAProxy 3.2), which enables SSL/TLS automation with certificate authorities such as Let's Encrypt and ZeroSSL.

William Lallemand presents the evolution of SSL/TLS in HAProxy
The Modern Security Platform
Taken together, these announcements show how HAProxy Fusion is evolving to fulfil its initial promise of a simpler, more scalable, and more secure approach to HAProxy, and that the HAProxy One platform is increasingly well positioned to meet the needs of secure, cloud-native, and performance-critical use cases.
This progress takes the concept of the modern security platform from idea to tangible reality.
It just works
It adapts to you
It’s incredibly cost-efficient
Well done, team!
What were people talking about?
As always at HAProxyConf, our own product and engineering leaders are joined by speakers from the world’s leading platforms and cloud providers, who present their real-world use cases with HAProxy One or the community version of HAProxy.
This year, the standout themes were security, cloud-native orchestration, and performance optimization in complex, large-scale environments, with notable success stories enabled by HAProxy Fusion.
Next-gen security performance
Roblox and Infobip’s presentations showed the next-gen security performance that’s only possible with HAProxy Enterprise WAF.
Ben Meidell, Sr. Site Reliability Engineer at Roblox, showed how the immersive gaming and creation platform uses hundreds of HAProxy instances to manage and secure millions of requests per second. Commenting on the performance impact of HAProxy Enterprise WAF, Meidell said, “One of the big points about scaling up a web application firewall is the potential impact. We have been extremely impressed with the performance of HAProxy Enterprise WAF. When we first activated it, CPU increase was so negligible that I wondered if I’d made a mistake somewhere. But then I saw all the violations it was catching and realized just how effective it was.”

Roblox presents traffic security powered by HAProxy Enterprise WAF at HAProxyConf 2025
Juraj Ban, Principal Security Architect at Infobip, explained how HAProxy Enterprise WAF, powered by the Intelligent WAF Engine, solved the twin problems of latency and false positives: “The engine is powerful and fast. We don't have any latency issues any more. We don't have any false positives, and when we set up a new application we don’t need to fine-tune the WAF rules. We don't have complaints from our customers — that is the most important thing!”
Cloud-native orchestration
Several presentations showed how customers use HAProxy One to simplify management and observability in complex cloud-native scenarios such as a cloud mesh and service mesh, large-scale dynamic Kubernetes backends, and load balancing as a service (LBaaS).
From PayPal, Sidd Mukkamala, Sr. MTS, Network Engineering, and Kalai Manoharan, MTS 2 Network Engineering, introduced Project Meridian powered by HAProxy One, which established a cloud mesh for applications running in multiple public clouds — without requiring external Internet routing for inter-app communication. “We have a presence in GCP, Azure, and AWS,” said Mukkamala. “Our business units are spread across all three cloud providers. This hybrid multi-cloud infrastructure provides global reach and resiliency, but it introduces a layer of complexity. … Our hybrid multi-cloud connectivity fabric provides a simple and unified solution for the business units to talk between themselves.”
Manoharan added: “The Meridian Orchestrator uses HAProxy Fusion as a core component, which helps to manage all these [HAProxy Enterprise] clusters to onboard new frontends or onboard new services, and update Map files. All the operational observability is taken care of by HAProxy Fusion. A great advantage with the HAProxy Fusion Control Plane is all these logs can be looked at as a single plane of glass.” The result was a 24% latency reduction on application calls compared with the public CDN path.

PayPal presents Project Meridian powered by HAProxy One at HAProxyConf 2025
Later, PayPal’s Srivignessh Pacham, a Sr Software Engineer, showed how the company uses HAProxy One to manage traffic to tens of thousands of dynamic Kubernetes backends. “HAProxy Fusion provides two functionalities,” said Pacham. “One is the Map API, which helps us dynamically configure the front ends. And then for the backend, we have the dynamic service discovery, which basically discovers the Kubernetes service objects dynamically, which helps us discover the pods quickly.” This allows them to manage 60,000 services per HAProxy Fusion cluster and automate one thousand configuration updates per minute across their fleet of HAProxy Enterprise nodes.
Dartmouth College, an Ivy League research university established in 1769, uses HAProxy One to enable load balancing as a service (LBaaS), which provides the various schools and departments the means to create and deploy their own load balancers on-demand. Curt Barthel, Infrastructure Engineer, said in his presentation: “One of the highlights is the separation of the control plane and data plane with an API-first model. Kubernetes service discovery is important for us as well.”
Clover uses HAProxy One to go beyond blue-green deployment and embrace “rainbow deployment” with service mesh for more flexibility and control. HAProxy provides weight-based routing, enabling developers to gradually shift traffic from older to newer application releases. Anirudh Ramesh, Senior SRE, and Dilpreet Singh, Senior Cloud Engineer, commented: “So why did we choose HAProxy Fusion Control Plane for this? It supports multi-cluster management for not just north-to-south traffic, but also for east-to-west. It gives us real-time configuration updates. It has a REST API interface. It also provides console integration for dynamic backend server pools. And Kubernetes integration, because we use Kubernetes for our microservices.”

Clover presents rainbow deployments powered by HAProxy Fusion at HAProxyConf 2025
Performance optimization
Criteo’s Basha Mougamadou, Site Reliability Engineer, showed how to use one of HAProxy’s newest features — automatic CPU binding — to optimize performance in large multi-core systems. “Our aim is to always get the best of the system resources,” said Mougamadou. “Therefore, we started to test a recent feature introduced in HAProxy 3.2 to control CPU policy in an automatic way. If we look at the context switching, we observed a 20% gain!”

Criteo presents performance gains provided by automatic CPU binding in HAProxy 3.2
What are people saying beyond HAProxyConf?
But wait, isn’t all this just “conference vibes”? Do people really love HAProxy that much?
A few years ago (back in 2022, coincidentally) we started tracking what people say about HAProxy in user reviews on G2. It’s a great way to identify our strengths and the areas where we can improve. Back in 2022, HAProxy featured in only nine G2 Grid® Reports; but that was then, and this is now.
Last month, in the G2 Summer 2025 Grid® Reports, HAProxy featured in 68 reports and was named a Leader in seven categories: Load Balancing, DDoS Protection, Web Application Firewall (WAF), Web Security, API Management, Container Networking, and DevOps. Many recent user reviews mention HAProxy Fusion and the incredible value it adds — which makes our product team (quietly) happy. Read the summary here.
It’s an astonishing display of growth and momentum for our products and community — one that sums up the journey HAProxy Technologies has taken in the previous three years, since that last HAProxyConf in Paris in 2022.
Takeaways
So what are our takeaways (apart from some wonderful Loady toys for the kids)? What can we learn about the current state of HAProxy and how you can benefit?

Loady the load balancing elephant at HAProxyConf 2025
HAProxy Enterprise’s next-gen security layers have solved the problems of latency and false positives in application security, as proven in large-scale, high-traffic scenarios. This is a game-changer for organizations that need WAF and bot management capabilities, but cannot compromise accessibility and responsiveness for legitimate users. The addition of HAProxy Enterprise’s new Threat Detection Engine, and HAProxy Fusion’s new Security Control Plane, will probably change the game all over again by the time we hold our next conference! Let’s see what the modern security platform can do.
HAProxy Fusion has unlocked entirely new use cases for customers, including cloud mesh, Kubernetes automation, and load balancing as a service (LBaaS). This shows that the original vision — to simplify, scale, and secure — has practical application beyond optimizing existing HAProxy workflows; it has the potential to enable new architectures that add significant business value.
HAProxy’s commitment to the fundamentals of performance and reliability is the foundation for the incredible ideas and achievements shared by our customers. As Kelsey Hightower remarked in his keynote presentation at HAProxyConf, “The people who understand the fundamentals tend to be the most creative because they can see the low-level details; so they can rearrange things to match whatever they need in that given moment.”
HAProxy Technologies’s customer support continues to be world-class and a true differentiator. The presenters consistently praised our support but Curt Barthel from Dartmouth College put it best: “We interviewed many vendors and HAProxy came out on top, particularly with the top-notch support model. It’s beyond remarkable — it’s unparalleled. Having that wealth of expertise is absolutely invaluable.”
What’s next?
We barely had time to catch our breath before jumping into API Days Munich, July 2-3, and then we’re off to BlackHat USA, August 2-5. Be sure to visit our booth if you’ll be in Las Vegas.
We will publish the recorded sessions from HAProxyConf 2025 on our website soon. If you couldn’t make it to this event, the session recordings are the next-best thing.
If you want to get your hands on the new Threat Detection Engine and Security Control Plane, look out for HAProxy Enterprise 3.2 and HAProxy Fusion 1.4 coming later this year. We can’t wait for your feedback and impressions.
And after that? Well, we’ll continue working on bringing our vision to life — which means:
Providing a unified application delivery and security platform consisting of a flexible data plane, scalable control plane, and secure edge network
Helping you to simplify, scale, and secure modern applications, APIs, and AI services in any environment
Never compromising on the fundamentals:
engineering excellence that prioritizes performance and reliability
“unparalleled” support — to use our customer’s words
open-source community and culture
If you want to keep up with what’s happening, subscribe to our blog, join our regular webinars, or ask us for a demo of what HAProxy can do for you.
