Knowledge Base | Security
Rate Limiting with the HAProxy Kubernetes Ingress Controller
Add IP-by-IP rate limiting to the HAProxy Kubernetes Ingress Controller. DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent...
September/2021 – CVE-2021-40346: Duplicate ‘Content-Length’ Header Fixed
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found that makes it possible for an attacker to bypass the check for a duplicate HTTP Content-Length header, permitting a request smuggling attack or a...
August/2021 – HAProxy 2.0+ HTTP/2 Vulnerabilities Fixed
A vulnerability was found that makes it possible to abuse the HTTP/2 parser, allowing an attacker to prepend hostnames to a request, append top-level domains to an existing domain, and inject invalid characters through the :method pseudo-header.
![[On-Demand Webinar] Multilayered Security with HAProxy Enterprise](https://cdn.haproxy.com/wp-content/uploads/2021/06/Webinar-Multilayered-Security-with-HAProxy-Enterprise-2-1000x500.png)
[On-Demand Webinar] Multilayered Security with HAProxy Enterprise
Did you know that an HAProxy Enterprise load balancer can protect your applications from common threats? In this webinar, we'll give you an overview of the multilayered security solution provided by HAProxy Enterprise. We will cover how to: use the HAProxy...
![[On-Demand Webinar] HAProxy and the Financial Information eXchange (FIX) Protocol](https://cdn.haproxy.com/wp-content/uploads/2021/04/Webinar-FIX-Protocol-1.png)
[On-Demand Webinar] HAProxy and the Financial Information eXchange (FIX) Protocol
If you prefer to join the French version of the webinar on May 25th, register here. HAProxy 2.4 and HAProxy Enterprise 2.3 add support for the Financial Information eXchange (FIX) protocol. Financial organizations around the world use FIX as a shared vocabulary for...
![Using HAProxy as an API Gateway, Part 6 [Security]](https://cdn.haproxy.com/wp-content/uploads/2021/03/API-Gateway-Security-1000x500.png)
Using HAProxy as an API Gateway, Part 6 [Security]
HAProxy acts as an API gateway in front of your application servers, providing cross-cutting security. Using HAProxy as an API Gateway, Part 1 [Introduction] Using HAProxy as an API Gateway, Part 2 [Authentication] Using HAProxy as an API Gateway, Part 3...
![Using HAProxy as an API Gateway, Part 5 [Monetization]](https://cdn.haproxy.com/wp-content/uploads/2021/03/API-Gateway-Monetization-1000x500.png)
Using HAProxy as an API Gateway, Part 5 [Monetization]
Use HAProxy as an API gateway to enable API monetization. Using HAProxy as an API Gateway, Part 1 [Introduction] Using HAProxy as an API Gateway, Part 2 [Authentication] Using HAProxy as an API Gateway, Part 3 [Health Checks] Using HAProxy as an API Gateway, Part 4...
The HAProxy Enterprise WAF
The HAProxy Enterprise WAF with support for ModSecurity rulesets protects your web applications from sophisticated, Layer 7 threats left unhandled by network firewalls. Data breaches. Loss of consumer confidence. An endless cycle of companies being compromised....
Announcing HAProxy Kubernetes Ingress Controller 1.5
We've released version 1.5 of the HAProxy Kubernetes Ingress Controller. This version unlocks access to the raw HAProxy configuration language for power users to gain more control. You can also enable mutual TLS authentication between the ingress controller and...
![HAProxy Enterprise Response Policies [Infographic]](https://cdn.haproxy.com/wp-content/uploads/2021/01/infogr2-1000x500.jpg)
HAProxy Enterprise Response Policies [Infographic]
With HAProxy Enterprise, you can defend the network with Response Policies. In this infographic, we demonstrated countermeasures you can use against malicious clients and their requests. Deny Tarpit Silent Drop Reject Shadowban reCAPTCHA Want to stay up to date on...
