Collaborate Disseminate
I’m building a DDoS mitigation tool, and understanding how these attacks work and bypass each mitigation technique is crucial. I ran performance tests on Gunicorn, along with NGINX and HAProxy in front of it.
Question: Can anyone explain h… Continue reading Understanding How NGINX and HAProxy Improve Response Times (DDoS Testing) [closed]
It seems that some HackerOne reports such as https://hackerone.com/reports/1884372 claim that having HAProxy statistics page visible to the world is a security vulnerability.
Since HAProxy default stats enable configuration is always read-… Continue reading Why would publishing read-only HAProxy statistics page be considered a security vulnerability?
I want to limit access from the Internet to my Web server but the clients will have a dynamic IP address so the best I can do is to whitelist all addresses belonging to that specific mobile carrier which still leaves the system open to too… Continue reading Can a Reverse Proxy be used instead of port filtering?
We use ADFS within our organisation, and it is available via HTTP externally.
All of the applications we protect with ADFS are SP-initiated, so I want to disallow requests to ADFS other than SP-initiated SSOs. (e.g. https://adfs.mydomain.c… Continue reading Secure ADFS behind HAProxy
I am using HAProxy to perform Mutual TLS termination for my API.
HAProxy has Mutual TLS enabled with "verify required" and a cert-auth file to restrict access to the Apache service that proxies to my API.
I only want to allow two… Continue reading HAProxy Trust only specific client certs for mutual
There’s a web application on a server which I have full access to which accepts POST requests on a REST endpoint. The request payload is expected to be an XML document. For request routing and load balancing the server makes use of HAProxy… Continue reading How does my HTTPS POST get blocked based on XML content?
I added the client cert into ca.pem as in
bind 0.0.0.0:443 ssl crt /etc/ssl/private/asdf.hdavid.io.pem verify optional ca-file /etc/ssl/certs/ca.pem
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
And then calling with … Continue reading Adding a self-signed client certificate to HAProxy for mutual-tls?
Recently I have installed RKhunter (v1.4.2) on a couple of loadbalancers ( Haproxy 2.0.14 ) running on Debian 9. Stretch. While performing a full system check I’m getting a lot or warnings about tcp ports being used by Haproxy. They look l… Continue reading rkhunter reports numerous warnings on haproxy open ports
I have successfully built OpenSSL-FIPS according to specifications and am wondering if I configure the OpenSSL path in HAProxy (or any other reverse proxy for that matter) to use the OpenSSL-FIPS install, wouldn’t the reverse proxy also be… Continue reading HAProxy FIPS Compliance
HAProxy Technologies, in collaboration with the open source community, announced the general availability of HAProxy 2.2, the latest version of the world’s fastest and most widely used software load balancer. This major LTS release of HAProxy adds new … Continue reading HAProxy 2.2: Improved flexibility, observability, and security capabilities