Protecting against Next.js middleware vulnerability CVE-2025-29927 with HAProxy
A recently discovered security vulnerability requires attention from development teams using Next.js in production environments.
A recently discovered security vulnerability requires attention from development teams using Next.js in production environments.
HAProxy 3.1 brings improvements to observability, reliability, performance, and flexibility.
The wait is over! HAProxyConf is coming to San Francisco, California, from June 3 to 5, 2025.
The latest versions of our products fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system in HAProxy, HAProxy Enterprise...
Learn why flexibility is key in modern tech stacks, how a flexible load balancer can help, and how HAProxy's unique approach gives you more freedom.
The latest versions of our products fix a vulnerability related to OpenSSH’s server (sshd), which is used in the public/private cloud images of HAProxy Enterprise...
The latest versions of our products fix a vulnerability related to HTTP/1.1 response code mishandling in products written in golang.
We have received questions regarding CVE-2023-45539 issued in November 2023. The versions of our products released on Monday, 21 August 2023 to fix...
HAProxy 2.9 is faster, more flexible, and more observable than ever before. Ready to upgrade? Here’s how to get started.
HAProxy Fusion 1.2 brings new efficiencies, workflows, and form factors that enable you to be more productive, use more of your favorite tools, and explore powerful new use cases.
HAProxy Technologies released new versions of its products to fix the vulnerability CVE-2023-40225. Learn more here.
The Kubernetes Gateway API is a specification or standard managed by the SIG-NETWORK community that models service networking in Kubernetes.
Discover more about the new, more secure, and even easier to use version 1.1 of the HAProxy Fusion Control Plane in this blog post.
Spring marks a season of growth, and HAProxy was in full bloom in the Spring 2023 G2 reports. Our users continue to share their positive experiences .
HAProxy Enterprise 2.7 and HAProxy ALOHA 15 are now available. If you want to start the upgrade procedure straight away, go to the upgrade instructions.
HAProxy Fusion Control Plane gives the power to simplify, scale, and secure HAProxy application delivery infrastructure using a centralized control plane.
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you
Taking the new G2 reports, user reviews, and real-world benchmark results, HAProxy stands as a market leader in application delivery and customer experience.
Cookies have many usages, most notably user authentication and settings. This post will explain the best practices for how to secure your cookies.
If you are using OpenSSL version 3.0 or above with HAProxy, you should update to OpenSSL version 3.0.7.
HAProxy enables mTLS, supporting client certificate authentication for both clients and backend servers. Learn how to set it up in this blog post.
A reload clears away all of your stick table data.. The good news is that there is a way to preserve data during a reload, which we’ll cover in this blog post.
Do you want to talk for this year's HAProxyConf 2022? Submit your talk for this year's event which will be held on November 8 and 9 in Paris.
Learn how the HAProxy Kubernetes Ingress Controller provides a set of custom resources that includes Global, Defaults, and Backend.
In this blog post, you’ll learn how the Proxy Protocol preserves a client’s IP address when that client’s connection passes through a proxy.
Remote Code Execution vulnerability was discovered in the Java Spring Core library. This allows attackers to execute arbitrary code on affected systems.
In this blog post, you'll learn how load balancing is an indispensable technique for improving a website’s performance.
Vulnerability which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems.
In this interview, Willy describes his views on the success of the project, and how it grew over the years.
Version 2.4 improves e2e tests, revamps how logging in the HAProxy Data Plane API works, adds support for namespace filtering in Consul Service Discovery, and much more.
Learned how to fine tune your HAProxy Kubernetes Ingress Controller’s configuration to leverage powerful annotations to protect your services and APIs.
If you use HAProxy 2.0 or up, you must update to the latest version. A vulnerability was found that makes it possible for an attacker to...
In this blog post, you will learn more about HAProxy APIs and how you can manage your HAProxy configuration without editing its configuration file by hand.
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found, and here's what you should know.
In this blog post, you’ll learn why you might consider running HAProxy inside a Docker container and what the ramifications could be.
Do you have a topic you’d like to present? Submit your proposal! The call for papers is now open with the submission deadline set to July 5th, 2021.
With HAProxy you can switch between proxying traffic at layer 4 (TCP) or layer 7 (HTTP). This blog post describes the features available to you in each mode.
Find out how you can detect and stop fake web crawlers by using Verify Crawler add-on which comes included with the HAProxy Enterprise license.
Security researcher Felix Wilhelm has disclosed a critical vulnerability in HAProxy's HTTP/2 HPACK decoder in versions 1.8 and above which is now fixed.
This blog post covers how you can use HAProxy and the FastCGI protocol to ensure fast, secure, and observable load balancing of your PHP-FPM applications.
HAProxy Technologies is rolling out the Certified Integrations Partner Program to ensure its customers have access to integrations certified to work well.
Learn how the HAProxy Kubernetes Ingress Controller supports rolling updates and blue-green deployments for updating your Kubernetes applications.
In this blog post, you'll see examples of recent trends in the modern proxy industry and learn how HAProxy is being shaped to accommodate these changes.
HAProxy's origin story is one that has not been told and you may be curious about its roots and what drove it to be what it is today.
In this blog post, you’ll see how to combine HAProxy and Docker Swarm to load balance traffic across your service replicas.
Learn more about the HAProxy ALOHA PacketShield product, which provides stateful packet filtering and protects your network against DDoS.
Learn more about the HAProxy Cross-Origin Resource Sharing (CORS) Lua module, which streamlines adding CORS to your APIs.
Learn how to use the HAProxy Traffic Shadowing agent to enable traffic mirroring and stream production requests to a test environment.
This blog post shows you how to use the HAProxy Data Plane API to manage your load balancer configuration dynamically using HTTP commands.
HAProxy Technologies is excited to announce the release of HAProxy 2.0, bringing features critical for cloud-native and containerized environments.
Learn how to use DNS service discovery in HAProxy to detect server changes and automatically apply them to your configuration.
This blog post demonstrates how you can use custom Lua code to extend HAProxy for creating your own fetches, converters, actions, services, and tasks.
In this blog post, learn to use HAProxy, Keepalived, Terraform, and Ansible to set up highly-available load balancing in AWS.
This blog post shows how to use HAProxy IP Masking in order to protect the privacy of your users, helping you to stay compliant with laws like the GDPR.
In this blog post, we show how to set up HAProxy logging, target a Syslog server, understand the log fields, and suggest helpful tools for parsing log files.
Learn how to set up an example project that uses gRPC and Protocol Buffers to stream messages between a client and a server with HAProxy in between.
Announcing the release of HAProxy 1.9, which brings end-to-end HTTP/2, buffer and connection management improvements, native HTTP representation, and more.
HAProxy has best-in-class bot protection capabilities for detecting and defending against many types of unwanted bot traffic. Read on to learn how.
The four essential sections of an HAProxy configuration file are global, defaults, frontend, and backend. These sections define performance, default settings, and request routing.
In this blog post, we'll demonstrate how to place HAProxy at the edge of your AWS infrastructure without involving Elastic Load Balancing (ELB).
Learn more about HAProxy's fast, in-memory storage called stick tables that let you track user activities, including malicious ones, across requests.
Learn about using HAProxy ACLs to define custom rules for blocking malicious requests, choosing backends, redirecting to HTTPS, and using cached objects.
HAProxy offers a patch set for enabling seamless reloads of HAProxy without dropping packets in the process. In this blog post, we show you how to enable this.
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE).
In this blog post, we'll demonstrate how to use HAProxy in combination with Amazon Elastic Load Balancing (ELB) and Amazon Application Load Balancer (ALB).
This blog post will provide an introduction to multithreading functionality in HAProxy, its configuration, and basic troubleshooting procedures.
In this blog post, we'll take you on a tour of the HAProxy Runtime API and its capability to dynamically configure ACLs, stick tables and TLS ticket keys.
Transport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network.
Microservices architectures require the ability to make frequent app delivery changes in an automated and reliable way. The HAProxy Runtime API enables this.
What users often call a “seamless” or “hitless” reload is a configuration update or a service upgrade performed with no impact on user experience.
This blog contains information and provides a technical guide for getting started with the ELK stack, configuring HAProxy, parsing the data and troubleshooting.
In a Slow POST attack, an attacker begins by sending a legitimate HTTP POST header to a Web server, exactly as they would under normal circumstances.
In this blog post, we will answer this question: how to follow up on a container IP change when restarting a container?
In this blog post, we will give a quick step-by-step guide on how to serve ECC and RSA certificates on the same IP with HAProxy.
In this blog post, we will show how to use HAProxy's hash based load balancing algorithm for static content delivery with Varnish.
Remote Desktop Services is a technology from Microsoft that allows users to remotely access a session-based desktop, virtual machine-based desktop, or...
Health checking is one of the most important features of a load balancer. Here we show how to match multiple conditions for HTTP health checking in HAProxy.
This blog post explains how to use HAProxy to simply prevent using SSLv3 or to prevent those users to reach your applications and print them a message.
Today’s article will explain how to use HAProxy to protect your application from Bash shellshock vulnerability if you’re in a case where you have to be protected.
In this blog post, we demonstrate how to enable binary health checks with HAProxy 1.5 by using a PHP-fpm/FastCGI probe example.
Some customers ask us to migrate the Apache mod_proxy configuration into HAProxy. This article explains how to translate ProxyPass-related rules.
In this blog post, we will demonstrate how to perform asymmetric routing and multiple default gateways on Linux with HAProxy.
You don’t want your clients to send their cookies (understand their identity) clearly through the Internet. This is today’s article's purpose.
In this blog post, we will show the different ways in which you can use the HAProxy load balancer to emulate an active/passive clustering mode.
In this blog post, we demonstrate how to build a simple Redis infrastructure thanks to the HAProxy advanced send/expect health checks feature.
HAProxy allows to redirect traffic based on events and internal status. In this blog post we show how to use HAProxy for failover and worst-case management.
Basically, HAProxy uses the NPN (and later the ALPN) TLS extension to figure out whether the client can browse the website using SPDY.
Here comes the transparent proxy mode: HAProxy can be configured to spoof the client IP address when establishing the TCP connection to the server.
In this blog post, we show how you can enable inserting client certificate information in HTTP headers and reporting them in the log line with HAProxy.
In this blog post, we provide an HAProxy configuration that can help you detect the Apache Cdorked Backdoor attack in your systems and protect them against it.
A brute force attack in WordPress consists of massively sending requests to a URL with different parameters each time. Here's how to prevent it using HAProxy...
In this blog post, we show two ways of performing source IP affinity with HAProxy: through the hash load balancing algorithm and using HAProxy Stick Tables.
When setup by the application server, the HAProxy load balancer can be used to update cookies on-the-fly. In this blog post, we explain how.
Performing SSL at the Load-Balancer Layer is called SSL offloading because you offload this process from your application servers. Here's what you should know.
The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with ALOHA or HAProxy.
In this blog post, we show how to use HAProxy with MySQL at high request rates, and how to prevent the common TCP source port exhaustion error.
In this blog post, we will provide information on how to enable Exchange Outlook Web Access (OWA) Cross-Site Request Forgery (CSRF) protection with HAProxy.
HTTP protocol is connection-less and only the client can request information from a server. In any case, a server can contact a client. Furthermore...
Although HAProxy gives you detailed logging, sometimes you need a custom HAProxy log format. In this post, see how to define the template for logs.
Compression is used for reducing object size in order to reduce delivery delay for objects over the HTTP protocol. We show how to enable this in HAProxy.
In this blog post, we will demonstrate how to create a highly performant WAF platform using Naxsi and the HAProxy load balancer.
The below information is deprecated as HAProxy Enterprise now offers a fully functional native WAF module which supports whitelist-based rulesets, and more.
The main purpose of using client-side certificates is to increase the level of authentication. Since HAProxy is often in front of web platform, it is the right place to do this authentication.
In this blog, we share how to build a high-available RTMP platform for delivering video content with HAProxy and crtmpserver.
In this blog post, we will show how to use HAProxy's layer 7 features to improve eCommerce website performance and provide the best end-user experience.
HAProxy is a high-performance reverse proxy and load balancer commonly used on web platforms and even as a replacement for hardware load balancers like F5 appliances.
HAProxy can support SSL offloading. Today, I’ll focus on how to install and configure HAProxy to offload SSL processing from your servers.
In this blog post, we'll explain how to use both HAProxy and Varnish on a web application hosted on a single domain name.
Despite being “competitors”, each of them has its own very well performing: HAProxy is a Reverse-proxy Load-Balancer and Varnish is a Reverse-proxy cache.
In this blog post, we will provide a configuration that you can use to protect your applications against HTTP request flood attacks.
Geolocation is the process of linking a third party to a geographical location. In easier words: know the country of a client's IP address. On the Internet, such a base is called GeoIP.
In this blog post, we will explain how to configure the HAProxy load balancer to build an efficient SMTP relay infrastructure with Postfix.
In this blog post, we summarize the findings of a hypervisors virtual network performance comparison from a virtualized load balancer point of view.
In this blog post, we show how to enable enhanced SSL load balancing with the Server Name Indication (SNI) TLS Extension in HAProxy and HAProxy ALOHA.
This blog post shows why and how to use a load balancer, the differences between Affinity, Persistence, and Sticky Sessions, and how to enable them in HAProxy.
Microsoft Terminal Services or remoteapps both use the RDP protocol. One issue when using RDP is being able to stick a user to a server.
This blog post will show you how to use HAProxy ALOHA as a reverse proxy for accessing multiple websites or apps behind a single public IP address.
In this blog post, we explain how one can improve SSL/TLS performance by adding some functionality to SSL open-source software with HAProxy.
In this blog post, we explain what the Layer 4 Load Balancing Direct Server Return (DSR) Mode is, its pros and cons and when and how to use it.
In this blog post, we explain what the Layer 4 Load Balancing Tunnel Mode is, how it works, when to use it, as well as its pros and cons.
In this blog post, we explain what the Layer 4 Load Balancing NAT Mode is, its pros and cons and when to use this type of architecture.
In this blog post we will demonstrate how you can send users to the same server for imap and smtp by using HAProxy ALOHA.
Your application uses both HTTP and HTTPS, depending on the pages. SSL encryption is achieved by your backend server directly. Here's how.
HAProxy ALOHA allows you to maintain HTTPS sessions based on SSL connection ID. In this blog post, we show you how to configure HAProxy ALOHA for this.
In this blog post we demonstrate how to protect any application or web server against unexpected high load using HAProxy ALOHA.
Build a scalable architecture for a news website using these components: A load balancer with content switching capability, cache server and application server.
Layer 4 is related to the transport layer of the OSI model, and layer 7 is related to the application level. A layer 7 load balancer makes routing decisions based on...