Latest How to configure HAProxy's Proxy Protocol with Squid A customer asked me the other day how to set up Squid Proxy Protocol on their Loadbalancer appliance.
HAProxy New year, new vulnerability: HAProxy critical security update An incorrect frame length check could result in a read-past-bound which can cause a crash...
Open source Does the new multi-threaded support in HAProxy finally solve the 10G problem? It’s no big secret that a single processor can only handle so much processing in a given time. So what happens when you reach the limits of what a single processor can handle? Simple, you add more processors...
AWS / Azure / GCP How to add Cloudflare in front of HAProxy Cloudflare provides a content delivery network (CDN). A CDN is a worldwide network of servers that delivers web content to clients based on the geographic location of the client...
Open source Highly Available NFS based Kerberos KDC aka. Ganesha + GlusterFS + HAProxy. Load balancing NFS is a real pain — especially when it comes to the locked mounts issue. In this blog I'll explain how to create a highly available NFS server for Kerberos...
HAProxy Breaking HAProxy with the help of a Spirent Avalanche and lots of very small packets... HAProxy is awesome. So awesome in fact, that here at Loadbalancer.org HQ - I find it very difficult to generate enough load to break it...so let's try harder!..
How-tos Client Certificate Authentication with HAProxy Using client certificates for security is a pretty cool idea! You can protect an entire application or even just a specific Uniform Resource Identifier (URI) to only those that provide a valid client certificate...
Security How to stop web form spam — use a simple honey pot trap in ModSecurity... How frustrating do you find it when hackers or robots fill in your website forms with "Buy Viagra Now!" type spam?..
GSLB GSLB — Why Global Server Load Balancers don’t always suck? (Polaris-GSLB) Part 2 In part one we were introduced to Polaris-GSLB which is a cool little open source GSLB solution. In part two of this Blog I’m going to show you how to build Polaris-GSLB on CentOS 7...
GSLB GSLB – Why Global Server Load Balancers don't always suck? (Polaris-GSLB) Here at Loadbalancer.org we’re not known for being huge fans of GSLB solutions as some of our customers may already know...
Security Blocking Japan with ModSecurity and Maxmind Lite The Web Application Firewall is based on ModSecurity which is an open source WAF for Apache, IIS, and Nginx for protecting against a many variety of attacks and allows for HTTP traffic monitoring and logging...
Open source Transparent HAProxy in Azure using TProxy HAProxy is an excellent choice if you need layer 7 functionality, but its a full reverse-proxy, so the application thinks that all of the traffic is coming from HAProxys IP - rather than the clients...
Open source How to stop TPROXY when used with HAProxy breaking clients in the real server subnet Once HAProxy is running transparently, it will allow the real server to see the client IP so the real server will reply directly back to the client bypassing the load balancer...
Security Blocking invalid range headers using ModSecurity and/or HAProxy (MS15-034 - CVE-2015-1635) Anomaly score based blocking is more flexible and effective than simple first error blocking...
Open source Transparent Load balancing with HAProxy on Amazon EC2 One of our favorite methods of load balancing is using Layer 4 DR because it is transparent and fast. Unfortunately, because of Amazon's infrastructure, this is not possible in EC2 so we need to use another method which means we are left with layer 4 NAT and transparent HAproxy using TProxy...
Security Simple Denial of Service DOS attack mitigation using HAProxy Denial of Service (DOS) attacks can be used to degrade or cripple the functionality of a site...
Open source Stunnel X-Forward-For (XFF) with HAProxy and the PROXY Protocol By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client...
Open source SSL offload testing with HAProxy and Stunnel There are a lot of SSL offload throughput statistics available for appliances across the internet but rarely do they detail the way they were tested...
HAProxy 3 Ways To Send HAProxy Health Check Email Alerts The ideal way to monitor the health of the real servers is to to have a dedicated monitoring system in place such as Nagios. However this isn’t always an option, so for some they require the loadbalancer to send an alert...
HAProxy HAProxy email alerts guide As of haproxy-1.6-dev1 it is now possible to send email alerts directly from HAProxy thanks to the excellent work done for us by Simon Horman...
HAProxy Setting up HAProxy with Transparent Mode on Centos 6.x Transparent mode with HAProxy allows you to see the IP Address of the clients computer while still having a high availability service using HAProxy...
HAProxy Load Balancer performance: Benchmarking HAProxy on EC2 (Quick and Dirty Style) I get quite frustrated with benchmarks because they are very hard to perform properly, and even when you do them properly its very hard to get any useful data from them...
Open source Load balancing Windows Terminal Server — HAProxy and RDP Cookies or Microsoft Connection Broker When you have users depending on Windows Terminal Services for their main desktop, it's a good idea to have more than one Terminal Server. RDP, however, is not an easy protocol to load balance...
HAProxy Transparent proxy of SSL traffic using Pound to HAProxy backend patch and how-to I've previously blogged about how to get TPROXY and HAProxy working nicely together, but what if you want to terminate SSL traffic on the load balancer to use HAProxy to insert cookies in the standard HTTP stream to the backend servers?..
HAProxy Configure HAProxy with TPROXY kernel for full transparent proxy If you use HAProxy as the load balancer then all of the backend servers see the traffic coming from the IP address of the load balancer...