Overview

To keep resource usage fair, you can stop a client from making too many requests during a window of time.

HAProxy ALOHA monitors the health of web servers and backend servers to ensure they can handle requests. It removes unhealthy servers from the pool and puts them back in place once they're up and running.

You can filter and direct traffic in real time through conditional statements (ACLs).

• Route requests to the right server.

• Redirect requests to other pages.

• Block malicious requests.

The optional HAProxy ALOHA Web Application Firewall (WAF) stops attacks against web applications.

The comprehensive ModSecurity sets of rules can thwart, among other threats:

• SQL injection attacks (SQLi)

• Cross-site scripting (XSS)

• Remote file inclusion (RFI)

• Remote code execution (RCE)

HAProxy ALOHA mitigates today's threats through real-time behavioral analysis.

• Protect against application-based DDoS attacks such as HTTP request flooding

• Protect against bot threats such as web scraping, brute forcing, and vulnerability scanning

• Implement an advanced threat response policy with the Antibot module

• Enhance bot threat protection with add-ons such as the WAF and Fingerprint modules

• Dynamically maintain cluster-wide allowlists and denylists with the LB-Update module

• Implement SSO on a Microsoft Active Directory domain, or through Kerberos, Microsoft Active Directory, OpenLDAP, or SAML.

Maintaining SSL certificates across a pool of servers is tedious, error-prone and a waste of processing power on application or web servers.

With SSL termination, or SSL offloading, you perform all encryption and decryption at the edge of your network.

• Maintain certificates in fewer places.

• Don't expose your servers to the Internet for certificate renewal.

• Save processing power on backend servers.

Save network bandwidth and reduce latency by compressing the body of a response before it's relayed to the client.

You can leverage the optional Data Plane API to:

• populate HAProxy ALOHA configuration on the fly through the Consul service networking solution,

• manage files outside of HAProxy ALOHA, such as:

  • SSL certificates and keys,

  • Map files used to route traffic, apply rate limiting, and activate servers, and

  • SPOE configuration files to pass messages to external programs.

HAProxy ALOHA stands as a reverse proxy in front of your backend servers and integrates seamlessly with your network infrastructure.

A frontend exposes a website to the Internet, for instance, www.example.com.

You may add as many frontend sections as needed. A frontend contains one or more listeners.

A bind defines the IP addresses and ports that clients can connect to. You can, for example, associate multiple binds with a frontend, for example one for HTTP and another for HTTPS requests.

You can test various conditions through Access Control Lists (ACLs), and perform a given action based on those tests.

You can:

• search for strings or patterns within requests or responses,

• check origin IPs,

• check a client's request rate,

• check the server's response status,

• etc.

You can then:

• make routing decisions

• redirect requests

• returning static responses,

• and much more.

You can easily create complex conditions through logic operators (AND, OR, NOT).

A backend is a group of servers that handle requests in a load-balanced fashion. The default backend is the pool of servers to send traffic to if requests do not match any ACL.

A conditional backend is a pool of servers to send traffic to if requests match an ACL.

A given conditional backend will typically handle requests for either static or dynamic content.

A server defines the IP address and port of an actual server that will be load-balanced and process client requests.

A server may be any of the following:

• A physical server

• A virtual server

• Any type of container, for example, a Docker container