Knowledge Base | Security

Route SSH Connections with HAProxy
Route SSH connections through HAProxy using the SSH ProxyCommand feature and SNI. Did you know that you can proxy SSH connections through HAProxy and route based on hostname? The advantage is that you can relay all SSH traffic through one public-facing server instead...
![[On-demand Webinar] Achieving FIPS 140-2 Encryption Compliance with HAProxy Enterprise on Red Hat Enterprise Linux](https://cdn.haproxy.com/wp-content/uploads/2020/10/HAProxy-FIPS-webinar-1000x500.png)
[On-demand Webinar] Achieving FIPS 140-2 Encryption Compliance with HAProxy Enterprise on Red Hat Enterprise Linux
Encryption is an important facet of cybersecurity. It involves scrambling messages so that they can not be read by unauthorized parties in order to protect private information, which is particularly important when sending data across an untrusted network or the...

HAProxy and HTTP Strict Transport Security (HSTS)
HAProxy provides an easy and straightforward way to add HTTPS to your website. As a load balancer positioned in front of your web servers, it can handle all of the encryption and decryption duties, offloading those tasks from your upstream servers. That's good because...

Redirect HTTP to HTTPS with HAProxy
Use the HAProxy load balancer to redirect users from HTTP to HTTPS automatically. For decades, our lives have become increasingly dependent on sending and receiving data from across the Internet. Now, with more people working, studying, and hanging with friends...

CVE-2020-15598: HAProxy Enterprise Unaffected Due to ModSecurity Hardening Measures!
The OWASP ModSecurity Core Rule Set team has reported a Denial of Service vulnerability in ModSecurity version 3.x that allows an attacker to send a crafted payload that exploits a flaw in how regular expressions are matched within the software. A CVE (CVE-2020-15598)...

Is That Bot Really Googlebot? Detecting Fake Crawlers with HAProxy Enterprise
Detect and stop fake web crawlers using HAProxy Enterprise's Verify Crawler add-on. How your website ranks on Google can have a substantial impact on the number of visitors you receive, which can ultimately make or break the success of your online business. To...

Become FIPS Compliant with HAProxy Enterprise on Red Hat Enterprise Linux 8
Guarantee strong encryption by enabling 'FIPS mode' with RHEL and HAProxy Enterprise. You can watch our on-demand webinar "Achieving FIPS 140-2 Encryption Compliance with HAProxy Enterprise on Red Hat Enterprise Linux" here. SSL and its successor TLS are protocols...

HAProxy Enterprise Offers SAML-based Single Sign-on
HAProxy Enterprise handles SAML single sign-on for your applications and integrates with identity providers like Azure Active Directory. Single sign-on (SSO) is such a familiar convenience for companies that it's easy to forget how powerful it is. When employees...

Dynamic SSL Certificate Storage in HAProxy
Use the HAProxy Runtime API to update SSL certificates in HAProxy without a reload. When you route traffic through an HAProxy load balancer, you gain the ability to terminate SSL at the load balancer. HAProxy encrypts communication between the client and itself and...

Use HAProxy Response Policies to Stop Threats
HAProxy gives you an arsenal of sophisticated countermeasures including deny, tarpit, silent drop, reject, and shadowban to stop malicious users. There are two phases to stopping malicious users from abusing your website and online applications. Step one is detection,...