HAproxy is a high-performance and highly-robust TCP and HTTP load balancer which provides cookie-based persistence, content-based switching, SSL off-loading, advanced traffic regulation with surge protection, automatic failover, run-time regex-based header control, Web-based reporting and management interface, advanced logging to help trouble-shooting buggy applications and/or networks, and a few other features. Its own event-driven state machine achieves 100,000 connections per second and surpasses GigaEthernet on modern hardware, even with tens of thousands of simultaneous connections.
|Tags||Networking Internet Web|
|Operating Systems||POSIX Linux BSD OpenBSD Solaris|
Release Notes: This version fixes a security flaw in the TCP content inspection code when combined with HTTP information. All 1.4 users must upgrade or patch. 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI. Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.
Release Notes: This version fixes a security flaw in TCP content inspection when combined with HTTP. 1.5-dev users must upgrade or patch. Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308. No fewer than 43 bugs were fixed in various areas.
Release Notes: The last known bugs since 1.5-dev15 have been fixed (frozen POSTs, aborted SSL sessions, and occasionally truncated early responses from servers to POST requests). Additionally, a few long-awaited features have been implemented: support for logging anything coming from a sample fetch function using % in the log format, as well as passing this to servers in HTTP headers (all SSL information can now be passed this way). The HTML stats page was improved with more detailed information in tips (this was broken in dev16). Users of 1.5-dev12 to 16 are strongly encouraged to upgrade.
Release Notes: The high CPU usage a few users have been experiencing in dev14 is now fixed. A file descriptor leak when logging SSL information was fixed. Some SSL issues with client certs were fixed. SSL handshake errors are now logged. Some incorrect logs of "SD" flags in case of client errors were resolved. The conditions to enable Gzip compression were tightened. Layer 7 information such as the IP address taken from a header can now be tracked. Users of 1.5-dev12..dev14 are encouraged to upgrade.
Release Notes: The SSL stack received many fixes and improvements. It now supports mutual cert authentication, client cert-based ACLs, and a multi-process session cache. Some facilities were offered to support multi-process mode with SSL. Health checks support SSL and the PROXY protocol. HTTP forwarding now supports gzip compression. Recent Linux platforms support TCP FastOpen and accept4(). The "bind" statement now supports "v4v6" and "v6only" keywords to decide on the IPv6 binding policy. Many bugs have been fixed, so those using dev12 and dev13 in production are strongly encouraged to upgrade.