HAProxy ALOHA 17.5 is now available. This release delivers powerful new capabilities that improve security and performance — while future-proofing HAProxy ALOHA to enable richer features and advanced functionality.
With this release, we’re introducing HTTPS health checks to Global Server Load Balancing (GSLB), new partitioning for larger firmware updates, enhanced web application firewall (WAF) functionality, and our new Threat Detection Engine (TDE). These features bring HAProxy ALOHA and HAProxy Enterprise closer together, expand scalability for future upgrades, and provide stronger protections for modern applications.
New to HAProxy ALOHA?
HAProxy ALOHA provides high-performance load balancing for TCP, UDP, QUIC, and HTTP-based applications; SSL/TLS processing; PacketShield DDoS protection; bot management; and a next-generation WAF.
HAProxy ALOHA combines the performance, reliability, and flexibility of our open-source core (HAProxy — the most widely used software load balancer) with a convenient hardware or virtual appliance, an intuitive GUI, and world-class support.
HAProxy ALOHA benefits from next-generation security layers powered by threat intelligence from HAProxy Edge and enhanced by machine learning.
What’s new
HAProxy ALOHA 17.5 includes exclusive new features — plus many core features from HAProxy 3.2 (community version) and HAProxy Enterprise 3.2. You can see what's new in our HAProxy 3.2 and HAProxy Enterprise 3.2 announcements.
Key highlights unique to HAProxy ALOHA 17.5 include:
Global Server Load Balancing (GSLB) enhanced with HTTPS health checks – Customers can now offload health checks, secured via SSL/TLS, to HAProxy ALOHA. Easily view and maintain server health across thousands of remote DNS zones by monitoring for health check responses, unexpected error codes, and server recovery updates.
New partitioning for firmware updates – HAProxy ALOHA users can now install much larger firmware files up to 1GB in size. This paves the way for future HAProxy ALOHA modules, database integrations, and general feature enhancements.
For a complete list of HAProxy ALOHA 17.5 feature updates and enhancements, see our release notes.
New features incorporated from HAProxy Enterprise
Additionally, HAProxy ALOHA 17.5 adds the following features and enhancements from HAProxy 3.2 and HAProxy Enterprise 3.2:
New Threat Detection Engine (TDE) – Integrated with the HAProxy Enterprise Bot Management Module, TDE provides sophisticated detection, classification, and industry-standard labeling of application DDoS, brute force, web scraper, and vulnerability scanner threats without compromising performance or customer privacy.
Custom WAF Profiles – Customers can now create, customize, and apply a unique WAF ruleset for each WAF Profile, applying them selectively across different applications or locations.
New AWS-LC integration – The AWS-LC library replaces OpenSSL and provides the best available performance at any scale, especially on modern multi-core systems, with robust QUIC support.
Ready to upgrade?
To start the upgrade process, visit the installation instructions for HAProxy ALOHA 17.5.
Secure GSLB health checks deliver deeper observability
GSLB functionality has been a cornerstone of HAProxy ALOHA, allowing customers to monitor server health across thousands of DNS zones over ICMP, TCP, and HTTP simultaneously. Previously, we've delivered this GSLB support via a specialized daemon — known for its monitoring speed and effectiveness — yet this daemon lacked reliable SSL/TLS support. It wasn't compiled using SSL/TLS libraries, thus ruling out HTTPS for health checks.
Two supplemental monitoring plugins offered some useful workarounds, but were less resilient than desired and required administrators to set up child processes across numerous DNS zones. These active processes could be resource intensive under certain conditions. We wanted to maximize GSLB reliability, scalability, performance, and simplicity for these complex deployments without needing workarounds. Our goal was to give GSLB users deeper observability everywhere on par with HAProxy Enterprise's functionality.
HAProxy ALOHA 17.5 introduces encrypted and performant GSLB health checks for distributed infrastructure. Customers can enable secure GSLB health checks over TCP/HTTP using the new ssl keyword parameter that users add to their existing http-check directive. This piece of the configuration is very simple and offers a seamless UX, provided HAProxy ALOHA also has GSLB configured across relevant DNS zones.
The GSLB code itself remains largely unchanged. Users just need to permit HAProxy to accept the clear health check from the GSLB server before triggering the HTTPS portion of the health check.
This upgrade directly mitigates risk associated with potentially unsecured connections between a GSLB server (often running in a public cloud) and private, on-premises data centers.
Additionally, the HTTPS health check encryption is offloaded to HAProxy. The client machine doesn't have to consume CPU cycles or memory to encrypt the connection — and administrators no longer need to configure numerous child processes for each DNS zone (each hosting multiple data centers). This system comes with the following benefits:
It's highly resilient
It's transparent from the client's perspective
Encryption is neither enforced nor skipped on the client side, itself
DNS zone names remain readable
Overall, the mechanisms driving this latest update to GSLB should feel familiar to existing HAProxy ALOHA users. HTTPS health checks offer greater control over your security posture without revealing too much of your monitoring logic to potential bad actors. Your GSLB server(s) will concurrently run HAProxy alongside the DNS daemon to support these functions. DNS queries are handled over UDP/TCP with the GSLB daemon to obtain the IP address of the closest reachable datacenter.
Improved firmware update partitioning
Firmware updates have long been a staple of HAProxy ALOHA, enabling new features and boosting lower-level optimization across hardware appliances. While useful, file management within HAProxy ALOHA has been somewhat limited — with individual file uploads capped at 32MB. We wanted more flexibility to enhance future versions of HAProxy ALOHA while empowering users to implement new infrastructure components.
HAProxy ALOHA 17.5 now allows users to install and run individual firmware files up to 1GB in size. This filesystem change also enables users to readily upload their data-hapee bot management rules and MaxMind integrations — delivering geolocation-supported fraud detection, traffic analysis, geo-targeting, improved compliance, and more. This opens the door for continual HAProxy Enterprise module integrations and helps bridge the gap between both products.
This native file support greatly simplifies firmware handling for HAProxy ALOHA users. The SCP protocol is no longer required to transfer files smaller than 64MB, and external tools are no longer needed to access /tmp or /app folders on the system. However, this file manager behavior depends on the size of its internal buffers, which we've increased for this release.
Users can manage everything with much less friction than in previous versions. This setup offers improved transparency by simplifying file management natively.
Upgrade to HAProxy ALOHA 17.5
When you are ready to upgrade to HAProxy ALOHA 17.5, follow the links below:
Product | Release notes | Installation instructions | Free trial |
Conclusion
HAProxy ALOHA 17.5 further enhances the performance and security of HAProxy ALOHA, while paving the way for additional improvements and features. This latest release is also an important step towards greater feature parity with HAProxy Enterprise — unlocking deeper support for HAProxy Enterprise modules both now and in the future.
Interested in learning more about HAProxy ALOHA and taking it for a test drive? Request a quote or free trial today.
Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.
