Knowledge Base | Security
Enabling CORS in HAProxy
Nick RamirezThe HAProxy Cross-Origin Resource Sharing (CORS) Lua module streamlines adding CORS to your APIs. What is CORS? Read on to learn more. It doesn't matter whether you're using Angular, React, Vue or simple, vanilla JavaScript. You're guaranteed to need to fetch or...
HAProxy Rate Limiting: Four Examples
Nick RamirezUse rate limiting in HAProxy to stop clients from making too many requests and promote fair usage of your services. Rate limiting in HAProxy stops a client from making too many requests during a window of time. You might have a policy that stipulates how many requests...
HAProxy SSL Termination
Nick RamirezThe HAProxy load balancer provides high-performance SSL termination, allowing you to encrypt and decrypt traffic. You can quickly and easily enable SSL/TLS encryption for your applications by using HAProxy SSL termination. HAProxy is compiled with OpenSSL, which...
IP Masking in HAProxy
Nick RamirezAn HAProxy load balancer allows you to mask IP addresses in order to protect the privacy of your users. Read on to learn more. How do load balancers fit into the larger debate over data privacy and security? It helps to step back and consider how HAProxy adds a layer...
Bot Protection with HAProxy
Chad LavoieHAProxy is a high-performance load balancer that provides advanced defense capabilities for detecting and protecting against malicious bot traffic to your website. Combining its unique ACL, map, and stick table systems with its powerful configuration language allows...
Application-Layer DDoS Attack Protection with HAProxy
Chad LavoieHAProxy’s high-performance security capabilities are utilized as a key line of defense by many of the world’s top enterprises. Application-layer DDoS attacks are aimed at overwhelming an application with requests or connections, and in this post we will show you how...
Using HAProxy with the Proxy Protocol to Better Secure Your Database
Chad LavoieThe Proxy protocol is a widely used invention of our CTO at HAProxy Technologies, Willy Tarreau, to solve the problem of TCP connection parameters being lost when relaying TCP connections through proxies. Its primary purpose is to chain proxies and reverse-proxies...
What is a Slow POST Attack and How to Turn HAProxy into your First Line of Defense?
Baptiste AssmannOne of the biggest security challenges that companies face in today's modern climate is the POST attack. Unlike a more traditional "Denial-of-Service" attack, POST attacks target a servers logical resources - making them particularly powerful when executed. What is a...
HAProxy and HTTP Strict Transport Security (HSTS) Header in HTTP Redirects
Baptiste AssmannSSL/TLS and HSTS SSL everywhere is on its way. Unfortunately, many applications were written for HTTP only and switching to HTTPs is not an easy and straight forward path. Read more here about impact of TLS offloading (when a third party tool perform TLS in front of...
HAProxy and SSLv3 Poodle Vulnerability
Baptiste AssmannSSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol: SSLv3 (15 years old protocol). An attacker can force a browser to...
