New and/or improved features to HAProxy Enterprise 1.8r2 include:

Modules

  • New netacuity module which allows the loading of DigitalElement/NetAcuity geolocation database into HAProxy. This module also allows for live updating from a central URL at a defined interval.

  • New maxmind module which allows the loading of MaxMind GeoIP databases into HAProxy. This module also allows for live updating from a central URL at a defined interval.

  • New send-metrics module allows HAProxy to send statistics at a defined interval to an external HTTP/HTTPS based API. This is useful for integrating with services such as NS1, which can collect HAProxy statistics and make DNS decisions. This also allows for integration with graphing and monitoring solutions.

  • New htmldom module which allows HTML or Javascript to be injected into the response data.

  • New modsecurity module which allows the loading of modsecurity rulesets into HAProxy Enterprise, such as the OWASP CRS.

Backports

Version 1.8r2 includes the following backports:

Feature enhancements

  • HTTP Status code 103 (Early Hints)

  • Support for HTTP Status code 421 (Misdirected Request)

  • Cloud Native Logging (Log to stdout / fd)

  • CLI / Runtime API supports payloads (ocsp, map)

  • Master/Worker CLI (the master has its own socket and communicates with all workers, even those exiting)

  • Server queues now have a set-priority option: Delivers JS/CSS before images; boosts premium level users compared to regular users, or gives lower priority to bots

  • Random based load balancing algorithm

  • localpeer as an environment variable

  • stick-tables extended with gpc1/gpc1_rate counters

Cache optimization

  • Age headers

  • Chunked Transfer Encoding support

  • max-object-size = 2GB, total-max-size = 4GB

  • Updated list of cacheable status codes ( 204, 404, 405, 414, 501 )

New fetches

  • ssl_fc_session_key / ssl_bc_session_key: Returns the SSL master key of the front/back connection

  • set SSL_OP_PRIORITIZE_CHACHA: Uses the client's preference when selecting the cipher suite

  • fe_defbe: Fetches frontend default backend name

New converters

  • strcmp

  • field/word converter extended

  • ipv6 added to ipmask converter

Stick Table Aggregator

Now supports:

  • SIGHUP to reload

  • Environment variables

  • source keyword for outbound connections

  • Syslog debug logging