Protecting against Next.js middleware vulnerability CVE-2025-29927 with HAProxy
A recently discovered security vulnerability requires attention from development teams using Next.js in production environments.
Articles in category
Tech
Announcing HAProxy 3.1
HAProxy 3.1 brings improvements to observability, reliability, performance, and flexibility.
HAProxyConf 2025 Call for Papers Now Open
The wait is over! HAProxyConf is coming to San Francisco, California, from June 3 to 5, 2025.
September 2024 – CVE-2024-45506: endless loop in HTTP/2 with zero-copy forwarding in HAProxy
The latest versions of our products fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system in HAProxy, HAProxy Enterprise...
How to Achieve Ultimate Freedom With Your Load Balancer
Learn why flexibility is key in modern tech stacks, how a flexible load balancer can help, and how HAProxy's unique approach gives you more freedom.
July 2024 – CVE-2024-6387: RCE in OpenSSH's server
The latest versions of our products fix a vulnerability related to OpenSSH’s server (sshd), which is used in the public/private cloud images of HAProxy Enterprise...
July 2024 – CVE-2024-24791: HTTP/1.1 response code mishandling in golang products
The latest versions of our products fix a vulnerability related to HTTP/1.1 response code mishandling in products written in golang.
December 2023 - CVE-2023-45539: HAProxy Accepts # as Part of the URI Component Fixed
We have received questions regarding CVE-2023-45539 issued in November 2023. The versions of our products released on Monday, 21 August 2023 to fix...
Announcing HAProxy 2.9
HAProxy 2.9 is faster, more flexible, and more observable than ever before. Ready to upgrade? Here’s how to get started.
Announcing HAProxy Fusion 1.2 LTS
HAProxy Fusion 1.2 brings new efficiencies, workflows, and form factors that enable you to be more productive, use more of your favorite tools, and explore powerful new use cases.
August 2023 - CVE-2023-40225: Empty content-length header vulnerability fixed
HAProxy Technologies released new versions of its products to fix the vulnerability CVE-2023-40225. Learn more here.
Kubernetes Gateway API (Everything You Should Know)
The Kubernetes Gateway API is a specification or standard managed by the SIG-NETWORK community that models service networking in Kubernetes.
HAProxy Fusion 1.1 Enables Application Delivery at Scale
Discover more about the new, more secure, and even easier to use version 1.1 of the HAProxy Fusion Control Plane in this blog post.
HAProxy Momentum: G2 Spring 2023 Edition
Spring marks a season of growth, and HAProxy was in full bloom in the Spring 2023 G2 reports. Our users continue to share their positive experiences .
Announcing HAProxy Enterprise 2.7 & HAProxy ALOHA 15
HAProxy Enterprise 2.7 and HAProxy ALOHA 15 are now available. If you want to start the upgrade procedure straight away, go to the upgrade instructions.
HAProxy Fusion Has Landed (Simple, Scalable & Secure)
HAProxy Fusion Control Plane gives the power to simplify, scale, and secure HAProxy application delivery infrastructure using a centralized control plane.
February 2023 – CVE-2023-25725: Header Parser Fixed
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you
HAProxy User Reviews Show Community Momentum
Taking the new G2 reports, user reviews, and real-world benchmark results, HAProxy stands as a market leader in application delivery and customer experience.
Secure Cookies Using HAProxy Enterprise
Cookies have many usages, most notably user authentication and settings. This post will explain the best practices for how to secure your cookies.
Upgrade OpenSSL 3.0 to Protect Against a Critical Vulnerability
If you are using OpenSSL version 3.0 or above with HAProxy, you should update to OpenSSL version 3.0.7.
Restrict API Access With Client Certificates (mTLS)
HAProxy enables mTLS, supporting client certificate authentication for both clients and backend servers. Learn how to set it up in this blog post.
Preserve Stick Table Data When Reloading HAProxy
A reload clears away all of your stick table data.. The good news is that there is a way to preserve data during a reload, which we’ll cover in this blog post.
HAProxyConf 2022 Call for Papers Now Open
Do you want to talk for this year's HAProxyConf 2022? Submit your talk for this year's event which will be held on November 8 and 9 in Paris.
Custom Resources With HAProxy Kubernetes Ingress Controller
Learn how the HAProxy Kubernetes Ingress Controller provides a set of custom resources that includes Global, Defaults, and Backend.
Use the Proxy Protocol to Preserve a Client’s IP Address
In this blog post, you’ll learn how the Proxy Protocol preserves a client’s IP address when that client’s connection passes through a proxy.
April/2022 – CVE-2022-22965: Spring4Shell Remote Code Execution Mitigation
Remote Code Execution vulnerability was discovered in the Java Spring Core library. This allows attackers to execute arbitrary code on affected systems.
How Load Balancing Improves the Performance of Your Applications
In this blog post, you'll learn how load balancing is an indispensable technique for improving a website’s performance.
December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
Vulnerability which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems.
Willy Tarreau on HAProxy at Its 20 Year Anniversary (Interview)
In this interview, Willy describes his views on the success of the project, and how it grew over the years.
Announcing HAProxy Data Plane API 2.4
Version 2.4 improves e2e tests, revamps how logging in the HAProxy Data Plane API works, adds support for namespace filtering in Consul Service Discovery, and much more.
Rate Limiting with the HAProxy Kubernetes Ingress Controller
Learned how to fine tune your HAProxy Kubernetes Ingress Controller’s configuration to leverage powerful annotations to protect your services and APIs.
September/2021–CVE-2021-40346: Duplicate ‘Content-Length’ Header Fixed
If you use HAProxy 2.0 or up, you must update to the latest version. A vulnerability was found that makes it possible for an attacker to...
The HAProxy APIs (What You Should Know)
In this blog post, you will learn more about HAProxy APIs and how you can manage your HAProxy configuration without editing its configuration file by hand.
August/2021 – HAProxy 2.0+ HTTP/2 Vulnerabilities Fixed
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found, and here's what you should know.
How to Run HAProxy With Docker (In-Depth Guide)
In this blog post, you’ll learn why you might consider running HAProxy inside a Docker container and what the ramifications could be.
HAProxyConf 2021 Call for Papers
Do you have a topic you’d like to present? Submit your proposal! The call for papers is now open with the submission deadline set to July 5th, 2021.
Layer 4 vs Layer 7 Proxy Mode (Understanding the Difference)
With HAProxy you can switch between proxying traffic at layer 4 (TCP) or layer 7 (HTTP). This blog post describes the features available to you in each mode.
Is That Bot Really Googlebot? Detecting Fake Crawlers With HAProxy Enterprise
Find out how you can detect and stop fake web crawlers by using Verify Crawler add-on which comes included with the HAProxy Enterprise license.
HAProxy 1.8+ HTTP/2 HPACK Decoder Vulnerability Fixed
Security researcher Felix Wilhelm has disclosed a critical vulnerability in HAProxy's HTTP/2 HPACK decoder in versions 1.8 and above which is now fixed.
Load Balancing PHP-FPM With HAProxy & FastCGI
This blog post covers how you can use HAProxy and the FastCGI protocol to ensure fast, secure, and observable load balancing of your PHP-FPM applications.
We’re Building a Rich Ecosystem of Certified HAProxy Integrations
HAProxy Technologies is rolling out the Certified Integrations Partner Program to ensure its customers have access to integrations certified to work well.
Rolling Updates & Blue-Green Deployments With Kubernetes & HAProxy
Learn how the HAProxy Kubernetes Ingress Controller supports rolling updates and blue-green deployments for updating your Kubernetes applications.
Building Blocks of a Modern Proxy (9 Key Features)
In this blog post, you'll see examples of recent trends in the modern proxy industry and learn how HAProxy is being shaped to accommodate these changes.
The History of HAProxy
HAProxy's origin story is one that has not been told and you may be curious about its roots and what drove it to be what it is today.
HAProxy on Docker Swarm: Load Balancing & DNS Service Discovery
In this blog post, you’ll see how to combine HAProxy and Docker Swarm to load balance traffic across your service replicas.
PacketShield: A Tool for Superior DDoS Protection
Learn more about the HAProxy ALOHA PacketShield product, which provides stateful packet filtering and protects your network against DDoS.
How to Enable CORS (Cross-Origin Resource Sharing) in HAProxy?
Learn more about the HAProxy Cross-Origin Resource Sharing (CORS) Lua module, which streamlines adding CORS to your APIs.
HAProxy Traffic Mirroring for Real-World Testing
Learn how to use the HAProxy Traffic Shadowing agent to enable traffic mirroring and stream production requests to a test environment.
The New HAProxy Data Plane API: Two Examples of Programmatic Configuration
This blog post shows you how to use the HAProxy Data Plane API to manage your load balancer configuration dynamically using HTTP commands.
HAProxy 2.0 & Beyond
HAProxy Technologies is excited to announce the release of HAProxy 2.0, bringing features critical for cloud-native and containerized environments.
DNS for Service Discovery in HAProxy
Learn how to use DNS service discovery in HAProxy to detect server changes and automatically apply them to your configuration.
5 Ways to Extend HAProxy With Lua
This blog post demonstrates how you can use custom Lua code to extend HAProxy for creating your own fetches, converters, actions, services, and tasks.
HAProxy on AWS: Best Practices Part 3
In this blog post, learn to use HAProxy, Keepalived, Terraform, and Ansible to set up highly-available load balancing in AWS.
IP Masking in HAProxy
This blog post shows how to use HAProxy IP Masking in order to protect the privacy of your users, helping you to stay compliant with laws like the GDPR.
Introduction to HAProxy Logging
In this blog post, we show how to set up HAProxy logging, target a Syslog server, understand the log fields, and suggest helpful tools for parsing log files.
HAProxy 1.9.2 Adds gRPC Support
Learn how to set up an example project that uses gRPC and Protocol Buffers to stream messages between a client and a server with HAProxy in between.
HAProxy 1.9 Has Arrived
Announcing the release of HAProxy 1.9, which brings end-to-end HTTP/2, buffer and connection management improvements, native HTTP representation, and more.
Bot Protection With HAProxy
HAProxy has best-in-class bot protection capabilities for detecting and defending against many types of unwanted bot traffic. Read on to learn how.
The Four Essential Sections of an HAProxy Configuration
The four essential sections of an HAProxy configuration file are global, defaults, frontend, and backend. These sections define performance, default settings, and request routing.
HAProxy on AWS: Best Practices Part 2
In this blog post, we'll demonstrate how to place HAProxy at the edge of your AWS infrastructure without involving Elastic Load Balancing (ELB).
Introduction to HAProxy Stick Tables
Learn more about HAProxy's fast, in-memory storage called stick tables that let you track user activities, including malicious ones, across requests.
Introduction to HAProxy ACLs
Learn about using HAProxy ACLs to define custom rules for blocking malicious requests, choosing backends, redirecting to HTTPS, and using cached objects.
Hitless Reloads With HAProxy (How-To Configuration Guide)
HAProxy offers a patch set for enabling seamless reloads of HAProxy without dropping packets in the process. In this blog post, we show you how to enable this.
Let’s Encrypt (ACMEv2) for HAProxy
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE).
HAProxy on AWS: Best Practices Part 1
In this blog post, we'll demonstrate how to use HAProxy in combination with Amazon Elastic Load Balancing (ELB) and Amazon Application Load Balancer (ALB).
Multithreading in HAProxy
This blog post will provide an introduction to multithreading functionality in HAProxy, its configuration, and basic troubleshooting procedures.
Dynamic Configuration With the HAProxy Runtime API
In this blog post, we'll take you on a tour of the HAProxy Runtime API and its capability to dynamically configure ACLs, stick tables and TLS ticket keys.
TLS 1.3 & 0-RTT in HAProxy
Transport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network.
Dynamic Scaling for Microservices With the HAProxy Runtime API
Microservices architectures require the ability to make frequent app delivery changes in an automated and reliable way. The HAProxy Runtime API enables this.
Truly Seamless Reloads With HAProxy – No More Hacks!
What users often call a “seamless” or “hitless” reload is a configuration update or a service upgrade performed with no impact on user experience.
HAProxy and ELK (Elasticsearch, Logstash and Kibana) Stack
This blog contains information and provides a technical guide for getting started with the ELK stack, configuring HAProxy, parsing the data and troubleshooting.
What is a Slow POST Attack & How to Prevent One? (Guide)
In a Slow POST attack, an attacker begins by sending a legitimate HTTP POST header to a Web server, exactly as they would under normal circumstances.
HAProxy & Container IP Changes in Docker
In this blog post, we will answer this question: how to follow up on a container IP change when restarting a container?
Serving ECC & RSA Certificates on Same IP With HAProxy
In this blog post, we will give a quick step-by-step guide on how to serve ECC and RSA certificates on the same IP with HAProxy.
HAProxy’s Load Balancing Algorithm for Static Content Delivery With Varnish
In this blog post, we will show how to use HAProxy's hash based load balancing algorithm for static content delivery with Varnish.
Microsoft Remote Desktop Services (RDS) Load Balancing
Remote Desktop Services is a technology from Microsoft that allows users to remotely access a session-based desktop, virtual machine-based desktop, or...
A HTTP Monitor Which Matches Multiple Conditions in HAProxy
Health checking is one of the most important features of a load balancer. Here we show how to match multiple conditions for HTTP health checking in HAProxy.
HAProxy and SSLv3 Poodle Vulnerability
This blog post explains how to use HAProxy to simply prevent using SSLv3 or to prevent those users to reach your applications and print them a message.
Mitigating the Shellshock Vulnerability With HAProxy
Today’s article will explain how to use HAProxy to protect your application from Bash shellshock vulnerability if you’re in a case where you have to be protected.
PHP-fpm/FastCGI Probe Example (Binary Health Check With HAProxy 1.5)
In this blog post, we demonstrate how to enable binary health checks with HAProxy 1.5 by using a PHP-fpm/FastCGI probe example.
How to Write Apache ProxyPass* Rules in HAProxy?
Some customers ask us to migrate the Apache mod_proxy configuration into HAProxy. This article explains how to translate ProxyPass-related rules.
Linux Asymmetric Routing Using Multiple Default Gateways
In this blog post, we will demonstrate how to perform asymmetric routing and multiple default gateways on Linux with HAProxy.
How to Protect Application Cookies While Offloading SSL
You don’t want your clients to send their cookies (understand their identity) clearly through the Internet. This is today’s article's purpose.
Emulating Active/Passive Application Clustering With HAProxy
In this blog post, we will show the different ways in which you can use the HAProxy load balancer to emulate an active/passive clustering mode.
HAProxy Advanced Redis Health Check
In this blog post, we demonstrate how to build a simple Redis infrastructure thanks to the HAProxy advanced send/expect health checks feature.
Failover & Worst Case Management With HAProxy
HAProxy allows to redirect traffic based on events and internal status. In this blog post we show how to use HAProxy for failover and worst-case management.
Configuring HAProxy & Nginx for SPDY
Basically, HAProxy uses the NPN (and later the ALPN) TLS extension to figure out whether the client can browse the website using SPDY.
Transparent Proxying & Binding With HAProxy & ALOHA Load Balancer
Here comes the transparent proxy mode: HAProxy can be configured to spoof the client IP address when establishing the TCP connection to the server.
SSL Client Certificate Information in HTTP Headers & Logs
In this blog post, we show how you can enable inserting client certificate information in HTTP headers and reporting them in the log line with HAProxy.
Apache Cdorked Backdoor Detection
In this blog post, we provide an HAProxy configuration that can help you detect the Apache Cdorked Backdoor attack in your systems and protect them against it.
Brute Force Attacks in WordPress (HAProxy Prevention Guide)
A brute force attack in WordPress consists of massively sending requests to a URL with different parameters each time. Here's how to prevent it using HAProxy...
Client IP Persistence or Source IP Hash Load Balancing
In this blog post, we show two ways of performing source IP affinity with HAProxy: through the hash load balancing algorithm and using HAProxy Stick Tables.
IIS 6.0 Appsession Cookie and PCI Compliance
When setup by the application server, the HAProxy load balancer can be used to update cookies on-the-fly. In this blog post, we explain how.
SSL Offloading Impact on Web Applications
Performing SSL at the Load-Balancer Layer is called SSL offloading because you offload this process from your application servers. Here's what you should know.
Mitigating the SSL Beast Attack Using the ALOHA Load Balancer
The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with ALOHA or HAProxy.
HAProxy, High MySQL Request Rate and TCP Source Port Exhaustion
In this blog post, we show how to use HAProxy with MySQL at high request rates, and how to prevent the common TCP source port exhaustion error.
Exchange Outlook Web Access (OWA) Cross-Site Request Forgery (CSRF) Protection
In this blog post, we will provide information on how to enable Exchange Outlook Web Access (OWA) Cross-Site Request Forgery (CSRF) protection with HAProxy.
Websockets Load Balancing With HAProxy
HTTP protocol is connection-less and only the client can request information from a server. In any case, a server can contact a client. Furthermore...
HAProxy Log Customization
Although HAProxy gives you detailed logging, sometimes you need a custom HAProxy log format. In this post, see how to define the template for logs.
HAProxy and Gzip Compression
Compression is used for reducing object size in order to reduce delivery delay for objects over the HTTP protocol. We show how to enable this in HAProxy.
High Performance WAF Platform With Naxsi and HAProxy
In this blog post, we will demonstrate how to create a highly performant WAF platform using Naxsi and the HAProxy load balancer.
Scalable WAF Protection With HAProxy & Apache With ModSecurity
The below information is deprecated as HAProxy Enterprise now offers a fully functional native WAF module which supports whitelist-based rulesets, and more.
SSL Client Certificate Management at Application Level
The main purpose of using client-side certificates is to increase the level of authentication. Since HAProxy is often in front of web platform, it is the right place to do this authentication.
Highly Available RTMP Platform With HAProxy & crtmpserver
In this blog, we share how to build a high-available RTMP platform for delivering video content with HAProxy and crtmpserver.
eCommerce Application Delivery Controller (Configuration Guide)
In this blog post, we will show how to use HAProxy's layer 7 features to improve eCommerce website performance and provide the best end-user experience.
How to Get SSL With HAProxy Getting Rid of Stunnel, Stud, NGINX or Pound
HAProxy is a high-performance reverse proxy and load balancer commonly used on web platforms and even as a replacement for hardware load balancers like F5 appliances.
How to: SSL Native in HAProxy
HAProxy can support SSL offloading. Today, I’ll focus on how to install and configure HAProxy to offload SSL processing from your servers.
How to Use HAProxy & Varnish Together on a Single Domain Name
In this blog post, we'll explain how to use both HAProxy and Varnish on a web application hosted on a single domain name.
HAProxy vs Varnish (Complete Comparison)
Despite being “competitors”, each of them has its own very well performing: HAProxy is a Reverse-proxy Load-Balancer and Varnish is a Reverse-proxy cache.
HTTP Request Flood Mitigation
In this blog post, we will provide a configuration that you can use to protect your applications against HTTP request flood attacks.
Use the GeoIP Database With HAProxy (Easy to Follow Guide)
Geolocation is the process of linking a third party to a geographical location. In easier words: know the country of a client's IP address. On the Internet, such a base is called GeoIP.
Efficient SMTP Relay Infrastructure With Postfix & Load Balancers
In this blog post, we will explain how to configure the HAProxy load balancer to build an efficient SMTP relay infrastructure with Postfix.
Hypervisors Performance Comparison & Benchmarking (Unbiased)
In this blog post, we summarize the findings of a hypervisors virtual network performance comparison from a virtualized load balancer point of view.
Enhanced SSL Load Balancing With Server Name Indication (SNI) TLS Extension
In this blog post, we show how to enable enhanced SSL load balancing with the Server Name Indication (SNI) TLS Extension in HAProxy and HAProxy ALOHA.
Load Balancing, Affinity, Persistence & Sticky Sessions
This blog post shows why and how to use a load balancer, the differences between Affinity, Persistence, and Sticky Sessions, and how to enable them in HAProxy.
Microsoft Terminal Server / RemoteApp Load Balancing
Microsoft Terminal Services or remoteapps both use the RDP protocol. One issue when using RDP is being able to stick a user to a server.
Using ALOHA Load Balancer as a Reverse Proxy (Guide)
This blog post will show you how to use HAProxy ALOHA as a reverse proxy for accessing multiple websites or apps behind a single public IP address.
Benchmarking SSL Performance
In this blog post, we explain how one can improve SSL/TLS performance by adding some functionality to SSL open-source software with HAProxy.
Layer 4 Load Balancing Direct Server Return Mode
In this blog post, we explain what the Layer 4 Load Balancing Direct Server Return (DSR) Mode is, its pros and cons and when and how to use it.
Layer 4 Load Balancing Tunnel Mode
In this blog post, we explain what the Layer 4 Load Balancing Tunnel Mode is, how it works, when to use it, as well as its pros and cons.
Layer 4 Load Balancing NAT Mode
In this blog post, we explain what the Layer 4 Load Balancing NAT Mode is, its pros and cons and when to use this type of architecture.
Send Users to the Same Server for IMAP & SMTP
In this blog post we will demonstrate how you can send users to the same server for imap and smtp by using HAProxy ALOHA.
Send User to the Same Backend for both HTTP & HTTPS
Your application uses both HTTP and HTTPS, depending on the pages. SSL encryption is achieved by your backend server directly. Here's how.
Maintain Affinity Based on SSL Session ID
HAProxy ALOHA allows you to maintain HTTPS sessions based on SSL connection ID. In this blog post, we show you how to configure HAProxy ALOHA for this.
How to Play With Maxconn to Avoid Server Slowness or Crash
In this blog post we demonstrate how to protect any application or web server against unexpected high load using HAProxy ALOHA.
Smart Content Switching for a News Website
Build a scalable architecture for a news website using these components: A load balancer with content switching capability, cache server and application server.
Layer 4 vs Layer 7 Load Balancing (Differences Explained)
Layer 4 is related to the transport layer of the OSI model, and layer 7 is related to the application level. A layer 7 load balancer makes routing decisions based on...