Knowledge Base | Security
HAProxy and HTTP Strict Transport Security (HSTS)
HAProxy provides an easy and straightforward way to add HTTPS to your website. As a load balancer positioned in front of your web servers, it can handle all of the encryption and decryption duties, offloading those tasks from your upstream servers. That's good because...
Redirect HTTP to HTTPS with HAProxy
Use the HAProxy load balancer to redirect users from HTTP to HTTPS automatically. For decades, our lives have become increasingly dependent on sending and receiving data from across the Internet. Now, with more people working, studying, and hanging with friends...
CVE-2020-15598: HAProxy Enterprise Unaffected Due to ModSecurity Hardening Measures!
The OWASP ModSecurity Core Rule Set team has reported a Denial of Service vulnerability in ModSecurity version 3.x that allows an attacker to send a crafted payload that exploits a flaw in how regular expressions are matched within the software. A CVE (CVE-2020-15598)...
Is That Bot Really Googlebot? Detecting Fake Crawlers with HAProxy Enterprise
Detect and stop fake web crawlers using HAProxy Enterprise's Verify Crawler add-on. How your website ranks on Google can have a substantial impact on the number of visitors you receive, which can ultimately make or break the success of your online business. To...
Become FIPS Compliant with HAProxy Enterprise on Red Hat Enterprise Linux 8
Guarantee strong encryption by enabling 'FIPS mode' with RHEL and HAProxy Enterprise. SSL and its successor TLS are protocols that safeguard web traffic as it crosses the Internet, encrypting communication and protecting it from tampering. However, the...
HAProxy Enterprise Offers SAML-based Single Sign-on
HAProxy Enterprise handles SAML single sign-on for your applications and integrates with identity providers like Azure Active Directory. Single sign-on (SSO) is such a familiar convenience for companies that it's easy to forget how powerful it is. When employees...
Dynamic SSL Certificate Storage in HAProxy
Use the HAProxy Runtime API to update SSL certificates in HAProxy without a reload. When you route traffic through an HAProxy load balancer, you gain the ability to terminate SSL at the load balancer. HAProxy encrypts communication between the client and itself and...
Use HAProxy Response Policies to Stop Threats
HAProxy gives you an arsenal of sophisticated countermeasures including deny, tarpit, silent drop, reject, and shadowban to stop malicious users. There are two phases to stopping malicious users from abusing your website and online applications. Step one is detection,...
Enable TLS with Let’s Encrypt and the HAProxy Kubernetes Ingress Controller
The HAProxy Kubernetes Ingress Controller integrates with cert-manager to provide Let's Encrypt TLS certificates. When it comes to TLS in Kubernetes, the first thing to appreciate when you use the HAProxy Ingress Controller is that all traffic for all services...
PacketShield: A Tool for Superior DDoS Protection
PacketShield provides stateful packet filtering and protects your network against DDoS. Packet floods are DDoS attacks in which large numbers of packets are sent to a target with the goal of saturating the target's resources. They can heavily impact the system's...
