Knowledge Base | Security
IP Masking in HAProxy
Nick RamirezAn HAProxy load balancer allows you to mask IP addresses in order to protect the privacy of your users. Read on to learn more. How do load balancers fit into the larger debate over data privacy and security? It helps to step back and consider how HAProxy adds a layer...
Bot Protection with HAProxy
Chad LavoieHAProxy is a high-performance load balancer that provides advanced defense capabilities for detecting and protecting against malicious bot traffic to your website. Combining its unique ACL, map, and stick table systems with its powerful configuration language allows...
Application-Layer DDoS Attack Protection with HAProxy
Chad LavoieHAProxy’s high-performance security capabilities are utilized as a key line of defense by many of the world’s top enterprises. Application-layer DDoS attacks are aimed at overwhelming an application with requests or connections, and in this post we will show you how...
Using HAProxy with the Proxy Protocol to Better Secure Your Database
Chad LavoieThe Proxy protocol is a widely used invention of our CTO at HAProxy Technologies, Willy Tarreau, to solve the problem of TCP connection parameters being lost when relaying TCP connections through proxies. Its primary purpose is to chain proxies and reverse-proxies...
What is a Slow POST Attack and How to Turn HAProxy into your First Line of Defense?
Baptiste AssmannOne of the biggest security challenges that companies face in today's modern climate is the POST attack. Unlike a more traditional "Denial-of-Service" attack, POST attacks target a servers logical resources - making them particularly powerful when executed. What is a...
HAProxy and HTTP Strict Transport Security (HSTS) Header in HTTP Redirects
Baptiste AssmannSSL/TLS and HSTS SSL everywhere is on its way. Unfortunately, many applications were written for HTTP only and switching to HTTPs is not an easy and straight forward path. Read more here about impact of TLS offloading (when a third party tool perform TLS in front of...
HAProxy and SSLv3 Poodle Vulnerability
Baptiste AssmannSSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol: SSLv3 (15 years old protocol). An attacker can force a browser to...
Mitigating the Shellshock Vulnerability with HAProxy
Baptiste AssmannBash Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) Last week, a vulnerability in bash has been discovered. It is possible, under some circumstances, to inject code into a bash shell script. It could be very dangerous if bash is used to process request...
How to Protect Application Cookies While Offloading SSL
Baptiste AssmannSSL offloading SSL offloading or acceleration is often seen as a huge benefit for applications. People usually forget that it may have impacts on the application itself. Some times ago, I wrote a blog article which lists these impacts and propose some solutions, using...
Apache Cdorked Backdoor Detection
Baptiste AssmannApache Cdorked.A backdoor This is a pretty recent attack, using Cpanel to change the Apache httpd binary by a compromised one which embeds a backdoor. A few articles with more details are available here: *...
