Knowledge Base | Security

February 2023 – CVE-2023-25725: Header Parser Fixed

February 2023 – CVE-2023-25725: Header Parser Fixed

HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you should upgrade to the latest version immediately or apply the...

4 Most Common Website Security Threats (2023) + Solutions

4 Most Common Website Security Threats (2023) + Solutions

For infrastructure administrators tasked with ensuring the reliable operation of their applications, the thought of a lurking cyberattack can be one to lose sleep over. An attack on your system and the services you provide could result in a security breach, loss of...

Secure Cookies Using HAProxy Enterprise

Secure Cookies Using HAProxy Enterprise

  My colleague Baptiste previously published an article on how to protect cookies while offloading SSL. I recently encountered a customer who wanted to achieve a very similar goal but using a more recent HAProxy Enterprise version. This post will explain the best...

Verify OAuth JWT Tokens with HAProxy

Verify OAuth JWT Tokens with HAProxy

With HTTP REST APIs serving as the backbone of modern web applications, securing those APIs presents a critical challenge for organizations. APIs are typically designed to be discoverable, self-documenting, and easily consumed by a range of programming languages, and...

Restrict API Access with Client Certificates (mTLS)

Restrict API Access with Client Certificates (mTLS)

An application programming interface (API) provides access to the features of a business application, but with the visual elements stripped away. By using APIs, devices like tablets, self-service kiosks, point-of-sale terminals, and robotic sensors can connect up to...

HAProxyConf 2022 Paris - Call for papers
Using CRDs in Kubernetes
HAProxy Webinar
The HAProxy Guide to Multilayered Security