HAProxy ALOHA

Release notes

On this page

Version 15.5 Jump to heading

Key changes in the HAProxy ALOHA 15.5 release include:

PacketShield QUIC support

  • PacketShield received an update that allows it to protect HTTP/3 traffic over the QUIC protocol. QUIC is a UDP-based protocol.

Email alerts as a Lua module

  • The mailers feature, which lets you send email alerts about the load balancer, has been ported to be a Lua module. The benefit to you is the ability to edit the Lua code to suit your needs, such as to customize the alert messages that the load balancer produces. To enable it, load the mailers Lua module using the lua-load directive in the global section.

Lua updates

  • A new event framework allows Lua modules to subscribe to some load balancer events and execute event handler functions. Events you can subscribe to include when servers are added, deleted, or go up or down. Use the function Server.event_sub to subscribe to events.
  • A new core.queue function lets you create a first-in first-out data structure in Lua.
  • The Server class gained new functions for accessing information about backend servers, including getting the server’s name (get_name), the number of active sessions (get_cur_sess), the number of pending connections (get_pend_conn), and other functions.
  • A new global directive named tune.lua.burst-timeout terminates the Lua process if it exceeds the timeout value without ever yielding execution back to the load balancer. A well-behaved Lua module will yield execution on the current thread back to the load balancer during long-running tasks, to be continued later.
  • The Lua’s HTTP client that ships with the load balancer is able to resolve DNS hostnames thanks to a default resolvers section invisibly added to the configuration. If you do not use the HTTP client in Lua, then you can disable this by setting the new global directive httpclient.resolvers.disabled to on.

HTTP compression

  • The HTTP compression directives have an updated syntax that allows you to compress both responses and requests. For example, you can now compress requests that contain JSON messages before relaying them to backend servers. See the compression direction, compression algo-req, compression algo-res, compression type-req, and compression type-res directives.

TLS signing algorithms and curves

  • The new global directives ssl-default-bind-client-sigalgs and ssl-default-bind-sigalgs, as well as the new bind arguments client-sigalgs and sigalgs let you list the TLS signing algorithms the load balancer will use or accept during a TLS handshake and during validating a client certificate.
  • The curves argument, which sets a list of elliptic curve algorithms negotiated during the TLS handshake, is now availble on the server and default-server lines.

Default ALPN values

  • You no longer need to specify alpn h2 on a bind line to enable HTTP/2. This is now the default value and will fall back to HTTP/1.1 if the client does not support HTTP/2. Also, bind lines that use the QUIC protocol will default to having an alpn argument set to h3 for HTTP/3.

HTTP Forwarded header

  • The new directive option forwarded will add a Forwarded header to HTTP requests, passing the client’s IP address to backend servers. This is the successor to the non-standard X-Forwarded-For header. New converters let you validate and read the header: rfc7239_is_valid, rfc7239_field, rfc7239_n2nn, and rfc7239_n2np.

Configurable sticky counters

  • The new global directive tune.stick-counters lets you increase the number of stick table sticky counters, which had previously been a built-in constant set to 3.

HTTP actions

  • The http-after-response directive gained an expanded set of actions, including set-map, sc-add-gpc, set-log-level, and others.
  • All action directives now support the sc-add-gpc action.

HTTP/2 tuning options

  • New global directives enable tuning the HTTP/2 protocol. They include tune.h2.be.initialize-window-size, tune.h2.be.max-concurrent-streams, tune.h2.fe.initial-window-size, tune.h2.fe.max-concurrent-streams, tune.h2.initial-window-size and tune.h2.max-concurrent-streams.

Listener shards

  • The new global directive tune.listener.default-shards simplifies setting shards. Sharding is a feature for servers with a high number of threads that makes it easier to replicate a bind line to create multiple listeners and assign worker threads to the listeners. The goal is to reduce thread contention. You can set the directive to a number of shards, to the value by-thread, or to the value by-group. Setting by-group is especially convenient since you can then group threads and assign them together to a listener, and so this is the default setting.

Other performance tuning options

  • The bind line’s cpu-map argument, which associates threads with CPUs, now accepts a list, delimited by commas.
  • The bind line’s thread argument can now be set to a comma-delimited list of thread ranges instead of just a single range.
  • The new global directive tune.listener.multi-queue controls how work is distributed to threads assigned to a listener. A value of on, which is the default, passes work to the least busy thread. A value of fair passes work in a round-robin rotation.
  • The new global directive tune.memory.hot-size allows you to set the amount of memory kept hot in the local cache, but the default value of 512 KB should be sufficient for most.

HTTP request body and URL parameters

  • The req.body_param, url_param, and urlp_val fetch methods now accept an additional argument that enables case-insensitive matching of parameters, which makes it easier to configure the load balancer’s behavior to agree with the web server’s behavior. Also, a new converter named param extracts name-value parameters from a string while letting you set the delimiter used between parameters.

Round-trip time

  • The new fetch methods bc_rtt and bc_trrvar return the round-trip time between the load balancer and a backend server. You can configure them to return values in milliseconds or microseconds.

Preprocessor directives

  • This version introduces two new preprocessor functions. The strstr function returns true if the inspected string contains a given string. The enabled function returns true if the given option is enabled at runtime.

Proxy Protocol

  • Proxy Protocol v2 has been updated in this version to allow the load balancer to extract extra information from the Proxy Protocol header when a TCP connection is established on the frontend. The new fetch method fc_pp_tlv supports extracting a TLV (Type-Length-Value) from the protocol header.

Version 15.0 Jump to heading

Key changes in the HAProxy ALOHA 15.0 release include:

HTTP/3 over QUIC

  • This version adds support for the HTTP/3 protocol over QUIC.

TLS

  • The bind directive’s ca-ignore-err and crt-ignore-err arguments, which let you list TLS errors to ignore, now accept human-readable names in addition to numeric IDs. Refer to the OpenSSL list of error codes to see which values are available.

Lua

  • You can now pass optional arguments to your custom Lua scripts from within your L7 configuration file. The lua-load and lua-load-per-thread directives accept one or more arguments after the first argument, which is always the script’s filepath. Then, in your script use the built-in table.pack(...) function with an ellipsis as its argument to collect arguments into a variable of type table.

Multithreading

  • A new global directive named thread-group lets you place a range of threads into a group. Once in a group, you can assign those threads to a listening address by adding the thread argument to a bind line in a frontend or listen section. On servers with many CPU cores and thus many threads, allocating a subset of threads to handle connections like this can improve performance by reducing the number of threads competing for work. You can define up to 64 thread groups, each including up to 64 threads.
  • A new global directive named thread-groups lets you set the number of thread groups to create and HAProxy ALOHA will divide the threads available on your server into that number of groups. The maximum number is 64.

Converters

  • This version adds the following converters:

    Name Description
    table_expire(<table>[,<default_value>]) Returns the remaining time before a given key will expire in the stick table, as well as how long ago a given key was last seen.
    table_idle(<table>) Returns the time the given key has remained idle since the last time it was updated.
    host_only Converts a string that contains a Host header value and removes its port.
    port_only Converts a string that contains a Host header value and returns only its integer port.
    x509_v_err_str Converts a numerical value to its corresponding X509_V_ERR constant name, which is useful for setting ACL expressions based on different client certificate errors (expired certificate, revoked certificate, etc.).

Performance upgrades

  • Server health checks, which run at an interval, now fire on the same thread exclusively rather than allowing any available thread to perform the task. This has reduced latency by decreasing competition among threads.
  • Stick tables became more efficient by changing the type of lock used to restrict multiple threads from accessing a table simultaneously. By revising internal code to use a read-write lock, which allows multiple threads to read from the table simultaneously, but allows only one thread to write, performance improved.
  • The integrated HAProxy reduces latency by more aggressively using idle connections when sending HTTP requests to backend servers. If you leave the defaults, or if you manually set the http-reuse directive in a backend to safe, reusing idle connections is enabled and you are choosing the safest mode. That is, a client’s first HTTP request will be dispatched to a backend server on a new thread guaranteed to not be closed, and only subsequent requests will use idle connections, which have the risk of closing unexpectedly. In this release, as long as you have also set the retry-on directive in that backend to retry the connection in case of failure, HAProxy Enterprise will use an idle connection for a client’s first request too. Set retry-on to include conn-failure, empty-response, and response-timeout.

Deprecated keywords

  • The bind-process directive has been removed.
  • The process argument on a bind line has been removed.

Version 14.5 Jump to heading

Key changes in the HAProxy ALOHA 14.5 release include:

Advanced WAF

  • New match zones, $COOKIES_VAR and $COOKIES_VAR_X allow rules to match violations found in specific HTTP cookies, complementing the less specific $HEADERS_VAR and $HEADERS_VAR_X match zones.
  • A new variable, txn.<filter>.wlcnt returns the number of disabled rules that would have matched the current request.
  • The filter waf line now supports a parameter named log-wl that includes disabled WAF rule violations in extended logs.
  • The filter waf line now supports a parameter named log-ext-nonzero that enables extended logs only when the violated rule had a non-zero score or triggered an immediate action, cutting down on noise in the logs.
  • The filter waf line now supports a parameter named table-categorized that prefixes entries in the violated rules stick table with the category of the violated rule.
  • The filter waf line’s body-limit parameter defaults to the global option waf-body-limit, which now defaults to tune.bufsize rather than the compile-time value of BUFSIZE.

ModSecurity WAF

  • To associate WAF logs with load balancer logs, you could already use the unique identifier that ModSecurity creates by referencing the txn.<filter>.unique_id variable, appending it to your load balancer logs. Now, you can define a different unique ID format by setting the use-unique-id-format parameter on the filter modsecurity line and then defining a new format with the unique-id-format directive.
  • A new parameter use-vars on the filter modsecurity line disables ModSecurity from denying suspicious requests and delegates that to the load balancer. A variable named txn.<filter>.block returns true when the WAF would have denied the request. You can read this variable and then decide on a response policy to enforce. Other variables that support this include txn.<filter>.error, txn.<filter>.status, and txn.<filter>.url.

Traffic shaping

  • New directives, filter bwlim-in and filter bwlim-out, support limiting upload and download speeds for clients. Set bandwidth limits that apply per HTTP stream or to all streams associated with a stick table entry, such as to set a limit per client IP address or per backend application.

Load balancing

  • A generic load balancing algorithm named hash was introduced and serves as a replacement for the more specific source, uri, url_param, and rdp-cookie algorithms. It accepts a fetch method as a parameter, which indicates the data used to calculate the hash.

TLS and mTLS

  • When you enable client certificate authentication with the verify required parameter on a bind line, you must also specify the ca-file parameter, which indicates the CA certificate used to verify the client’s certificate. Now, ca-file accepts a path to a directory of CA certificates.
  • Similarly, in a backend, you can set the ca-file parameter on a server line to verify the backend server’s TLS certificate against a known CA. This ca-file parameter now accepts a path to a directory of certificates or you can set it to @system-ca to load your system’s list of trusted CAs.

Lua

  • The Lua programming language integration gained the CertCache class, which lets you update an SSL certificate in the load balancer’s runtime memory.
  • The Lua httpclient class, which lets you make non-blocking HTTP calls, now supports a dst parameter and a timeout parameter. The former sets the destination address and the latter sets a timeout server value. New global directives support this: httpclient.ssl.ca-file, httpclient.ssl.verify, httpclient.ssl.resolvers.id, and httpclient.resolvers.prefer <ipv4|ipv6>.

Fetches and converts

  • New fetches have been added: last_rule_file, which returns the name of the configuration file (e.g. HAProxy Enterprise-lb.cfg) that contains the last line processed during stream analysis, and last_rule_line, which returns the line number. Use this to locate the http-request deny line that stopped a request, for example.
  • A new converter has been added: add_item, which concatenates strings with a delimiter between them, such as a semicolon.

Other keyword changes

  • The set-var directives, such as http-request set-var, now accept a second parameter to only set the variable if a condition is true. Conditions include: ifexists, ifnotexists, ifempty, ifnotempty, ifset, ifnotset, ifgt, iflt. For example, to set the variable only if it has not already been set: http-request set-var(txn.myvariable,ifnotset) req.hdr(X-MyValue).

Performance upgrades

  • Performance optimizations were made to the task scheduler, connection dequeueing, and connection stream code.

Version 14.0 Jump to heading

The changes in this release focus on two major features: Global server load balancing (GSLB) and the Advanced Web Application Firewall.

You can now run ALOHA as a DNS server and enable GSLB to load balance traffic across multiple datacenters. DNS records will direct clients to the datacenter closest to them or to the one that is reporting as healthy.

The Advanced WAF is an alternative to the ModSecurity WAF and provides a stricter set of rules, which requires more tuning to allow valid traffic through, but has a better requests-per-second throughput.

  • Upgraded to HAProxy Enterprise 2.5r1.
  • Added the ability to run ALOHA as a DNS server for global server load balancing.
  • Added a new WAF mode called Advanced WAF that you can use instead of ModSecurity.

Version 13.5 Jump to heading

Key changes in the HAProxy ALOHA 13.5 release include:

  • Upgraded to HAProxy Enterprise 2.4r1.
  • Added a command-line interface that you can access from the web UI.
  • The virtual appliance images now have a bigger disk > 8GB.
  • Web UI warnings are now also printed when logging with SSH or the console.

Version 13.0 Jump to heading

Key changes in the HAProxy ALOHA 13.0 release include:

  • Kernel updated to 4.19.189.
  • Upgrade to HAProxy Enterprise 2.3r1.
  • Additional management components, including the Dataplane API.
  • Additional security components, including ModSecurity WAF.
  • Graphical file manager in the WUI.
  • curl utility on the CLI.
  • Update to latest Update module
  • Upgrade to latest Antibot module.
  • Upgrade to latest Fingerprint module.
  • Custom routing table target on the flowmgr flow manager.
  • 8k maximum message length to on syslog.
  • OpenSSL 1.1.1k.
  • Better compliance with container environments (additional signals handled in sysvinit).

Version 12.5 Jump to heading

Key changes in the HAProxy ALOHA 12.5 release include:

  • Kernel updated to 4.19.155.
  • Upgrade to HAProxy Enterprise 2.2r1.
  • RADIUS authentication is now supported.
  • Prometheus exporter now available.
  • Licenses are now autosaved on upload.
  • Update to latest Update module.
  • Upgrade to latest Antibot module
  • Obsolete ALOHA image aloha-albevalonly-vmplayer.zip.
  • timeout command from coreutils is now available.
  • VRRP information has been added to the tech support output.
  • Tech support process output improved.

Version 12.0 Jump to heading

Key changes in the HAProxy ALOHA 12.0 release include:

  • Kernel updated to 4.19.123.
  • Upgrade to HAProxy Enterprise 2.1r1.
  • Removal of the deprecated lb-sanitize module.
  • Support for SSO SAML.
  • Support for USB3 (XHCI) on the ALB 5300.
  • Inotify kernel support.

Version 11.5 Jump to heading

Key changes in the HAProxy ALOHA 11.5 release include:

  • Support of SNMP v3.
  • Upgrade to HAProxy Enterprise 2.0r1.
  • All fixes and features from ALOHA v11.0.7.
  • Support of new hardware for model ALB5300.

Version 11.0 Jump to heading

Major features in ALOHA 11.0 include an upgrade to HAProxy Enterprise 1.9r1 which comprises the following new and improved functionalities:

  • End-to-end HTTP/2 support.
  • gRPC support.
  • Connection pooling to backends.
  • Connection multiplexing to backends.
  • Improved threading.
  • Automatic threading configuration.
  • Cache Improvements (supports objects of 2GB).
  • Server Queue Priority Control.
  • Random Load Balancing Algorithm, which supports configurable draw which can be used for Power of Two Random Choices Load Balancing.
  • Early Hints (HTTP 103) and Misdirected Request (HTTP 421) support.
  • Runtime API improvements.
  • New fetches.
  • New Converters.
  • System Components version upgrades.
  • Upgrade all components with an OpenSSL dependency to be compliant with v1.1.0b (OpenSSL 1.0.2 was removed).
  • Keepalived upgraded to 1.4.5.
  • Automatic network configuration using VMWare OVF properties (VA only).

Version 10.5 Jump to heading

New and/or improved features to ALOHA 10.5 include:

  • LDAP support which allows authentication of users against a remote LDAP server on CLI/WUI.

  • Configurable access type per user.

  • Use of PAM for authentication.

  • Upgrade to HAProxy Enterprise 1.8r2.

  • Security:

    • Update to OpenSSL 1.1.1a support for Layer7 SSL offloading.
    • Update to OpenSSL 1.0.2q to fix latest CVEs.

  • Kernel update to latest 4.9 mainline version.

  • PacketShield: Use of hardware acceleration to compute a secure hash for SYN cookies.

  • Rework of CPU mapping to support nbproc or nbthread equal to max CPU (setting to half of available CPU still offers the best balanced performances).

Version 10.0 Jump to heading

HAProxy ALOHA 10.0 brings the following improvements:

Latest version of HAProxy Enterprise

  • Upgrade to HAProxy Enterprise 1.8r1.

HTTP/2 Protocol Support

  • HAProxy Enterprise now supports HTTP/2 on the client side (i.e. the front-end sections) and can act as a gateway between HTTP/2 clients and your HTTP/1.1 and HTTP/1.0 applications.

Multi-threading Model

  • The multi-threading model is a feature that allows HAProxy to start multiple threads within a single process.

Server-template Configuration Directive

  • The server-template configuration directive allows you to instantiate a number of placeholder backend servers in a single configuration line, instead of having to add tens or hundreds of configuration lines explicitly.

Dynamic Cookies

  • A new keyword dynamic for the directive cookie now exists to enable cookie-based application persistence.

SSL/TLS Mode Async

  • The OpenSSL library version 1.1.0 and above supports asynchronous I/O operations. This means that the key computation phase (the heaviest part of the TLS protocol) can be run in a non-blocking way in HAProxy.

New Sample Fetches

  • HAProxy Enterprise can extract data from traffic passing through it. We call these functions “sample fetches”. More information about sample fetches can be found under “Fetching Data Samples” in the HAProxy Enterprise documentation.

Version 9.5 Jump to heading

HAProxy ALOHA 9.5 brings the following improvements:

Major Features

  • Upgrade to HAProxy Enterprise 1.7r2.
  • Single-Sign-On (SSO) Module.
  • DNS for Service Discovery.
  • Small Object Caching.

Monitoring

  • Support of collectd’s statistics export protocol.

SSL/TLS

  • Upgrade to openssl-1.1.1 with tls1.3 pending support.
  • Enhanced asymmetric performances using multi-CPU engine.

Version 9.0 Jump to heading

HAProxy ALOHA 9.0 is now powered by HAProxy Enterprise 1.7r1, and brings the following improvements:

Major Features

  • Upgraded to HAProxy Enterprise 1.7r1.
  • PCRE JIT support.
  • Namespace support.
  • DNS improvements.
  • Server: init-addr indicates the order to resolve the server’s adress upon startup. The method none indicates specifically that the server should start without any valid IP address in a down state.
  • New srv_admin flag: SRV_ADMF_RMAINT.
  • Listener: accept-netscaler-cip option added to the bind keyword.
  • Added tcp-request connection expect-netscaler-cip layer4.
  • Log format: error management improvements.

SSL/TLS

  • Upgrade to openssl-1.1.0 for LB Layer7 SSL offloading.
  • lb-update support for TLS session ticket keys.

Route Health Injection

  • Upgraded route injection daemon to support newest features.

VRRP

  • Upgraded VRRP daemon.

Miscellaneous

  • Upgrade to Linux kernel 4.9.
  • Automatic flash’s partitions resizing during upgrade.
  • New models support: ALB5200 and ALB3200.

New fetches

  • fe_name
  • be_name
  • fc_rcvd_proxy
  • xx-hash converters

Command Line Interface

  • show cli sockets lists the CLI sockets.
  • show stat now supports a proxy name.
  • show errors now supports a proxy name; now also capable of dumping only request or response.
  • RMAINT state remains when setting an IP address on the CLI.

LUA Scripting

  • CLI handler for LUA.
  • Allow argument for actions.
  • HAProxy now has variable access to the applets.
  • Function that returns true if the channel is full.
  • IP addresses and network manipulation.
  • Utility to check for a boolean argumentA tokenize function.

Version 8.5 Jump to heading

HAProxy ALOHA 8.5 brings the following improvements:

New Features

  • Powered by HAProxy 1.6r2.
  • TCP layer statistics are available in the form of new sample fetches (rtt, rtt variance etc, retransmits, losses, etc.).
  • New dst_is_local, src_is_local sample fetches make it easier to handle locally initiated connections in contrast to remote connections.
  • The peers protocol was updated to version 2.1 with support for synchronization of expiration dates.
  • CLI keyword registration to allow modules to plug-in on the command line and receive actions (example: refresh now).
  • Ability to disable SO_REUSEPORT with a new bind directive: noreuseport.
  • New possibilities for accessing load balancer internals with LUA.
  • Idle time in logs is now ignored by default for time measurements, so that HTTP request time corresponds to the time elapsed between the first character and the full request. The handshake time is also available to measure the time spent in SSL/PROXY handshakes.
  • Stick-tables now use native types to guarantee better accuracy of tracked information, especially binary keys.
  • Mailers now support a configurable connection timeout.
  • Changing server address, port and checkport is now possible from the CLI
  • New tcp-request session rule-sets makes it possible to track some L5-only information; for instance, anything negotiated in the handshake such as SSL DN or the client’s IP address as passed by the PROXY protocol. Previously, it was needed to do it in tcp-request content rules, which would count one new connection event per request.
  • New stats field for denied connections and denied sessions.
  • New hash-balance-factor directive for consis.
  • New tent hashing method.
  • New http-response rule track-sc.

SSL/TLS

  • SNI filters supported in multi-type certificates.
  • Support of lb-update for TLS session ticket keys.

PacketShield and DDOS protection

  • Half-stateful mode for direct server return.
  • ICMP rate limiting.
  • Geolocalization filtering support.

API REST/JSON

  • Support for tcp-check rules.

Miscellaneous

  • Kernel version Linux 4.4.
  • Review partition sizes on flash.
  • LUA support added to the load balancer.
  • Support for the LVS sync daemon in the init script.

Version 8.0 Jump to heading

HAProxy ALOHA 8.0 brings the following improvements:

New Features

  • Powered by HAProxy 1.6r1.

SSL/TLS

  • Multi-certificate key type support.

PacketShield and DDOS protection

  • IPv6 support.
  • Stateful protection for all UDP protocols (SNMP, UPnP, etc.).
  • Notification by traps or mail.
  • New global counters.
  • Ability to manually enable countermeasure.
  • Counters available through SNMP.

WUI

  • Graphs for PacketShield.

VRRP

  • Support of VRRPv3.
  • Support of Virtual MAC addresses.

LB Layer7

  • New http-reuse to share unused server-side connections for multiple clients.
  • export of HAProxy’s show info through SNMP.
  • Support of double quotes in the configuration.
  • DNS resolution of server name at run time.
  • GZIP stateless compression.
  • Support of variables at run time.
  • Stick tables statistics synchronization.
  • New hash-type load-balancing algorithm crc32.
  • Redispatch interval.
  • Dynamic generation of SSL certificates.
  • New map type: map_regm to allow matching zones in the regex.
  • Mathematical converters can use a variable generated at runtime.

New http-request rules

  • sc-inc-gpc0(<sc-id>)
  • sc-set-gpt0(<sc-id>) <int>
  • silent-drop
  • set-src <expr>

New http-response rules

  • set-status
  • set-var(<var-name>) <expr>
  • sc-inc-gpc0(<sc-id>)
  • sc-set-gpt0(<sc-id>) <int>
  • silent-drop

New tcp-request connection rules

  • sc-inc-gpc0(<sc-id>)
  • sc-set-gpt0(<sc-id>) <int>
  • silent-drop

New tcp-response content rules

  • set-var(<var-name>) <expr>
  • sc-inc-gpc0(<sc-id>)
  • sc-set-gpt0(<sc-id>) <int>
  • silent-drop

New tcp-request content rules

  • sc-inc-gpc0(<sc-id>)
  • sc-set-gpt0(<sc-id>) <int>
  • set-var(<var-name>) <expr>
  • silent-drop

New converters

  • capture-req(<id>)
  • capture-res(<id>)
  • set-var(<var name>)
  • table_gpt0(<table>)

New fetches for internal states

  • bin(<hexa>)
  • bool(<bool>)
  • int(<integer>)
  • ipv4(<ipv4>)
  • ipv6(<ipv6>)
  • meth(<method>)
  • str(<string>)
  • var(<var-name>)

Layer 4

  • sc_get_gpt0(<ctr>[,<table>])
  • sc0_get_gpt0([<table>])
  • src_get_gpt0([<table>])

Layer 6

  • req.ssl_st_ext
  • res.ssl_hello_type

Layer 7

  • unique-id

Version 7.5 Jump to heading

HAProxy ALOHA 7.5 brings the following improvements:

Major features

  • Configuration deployment using templates in the GUI.
  • PacketShield, our packet flood protection solution, now also available on Hardware appliances 1G interfaces.
  • SYNPROXY module, to use in conjunction with PacketShield to enable protection for LVS and traffic routed through the appliance.

HAProxy Enterprise Improvements

  • Faster processing of ACLs by using a match result cache.
  • Ability to analyze HTTP requests body (frontend option option http-buffer-request).
  • Faster HTTP gzip compression.
  • Traffic capture.
  • Comments in tcp-check rules.
  • Server side TLS SNI.
  • Server side tcp-ut timeout.

New sample fetches

  • ssl_fc_is_resumed
  • req.ssl_ec_ext
  • req.body_param
  • req.body_len
  • req.body_size

Additional Diagnostic Tools in GUI tab

  • Layer 7 errors
  • Layer 7 info
  • Tech support

HAProxy Enterprise features through the API

  • stick-table, stickreq, stickrsp
  • tcp-check
  • adv-check-http-version
  • http-request log-level
  • listener tcp-ut

Do you have any suggestions on how we can improve the content of this page?

Previous page Changelog Next page End-of-life dates
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences