How does HAProxy


definition: HAProxy is an open source software that can be connected upstream of one or more web servers in order to take over certain, previously configured processes.

HAProxy can be thought of as a “reception” in front of the web server. If you imagine a website like a large company with several departments, this reception has important tasks:

  • Differentiate employees from customers or strangers and only grant access to authorized persons
  • Show customers the right way
  • Receive notifications
  • Etc.

A website is structured in a similar way: It has different ones Directories, there are areas for registered users as public areas and it will be Requests to the web server posed. The web server is the main actor and takes care of the provision of the content. But it is also the point of attack for, for example, harmful inquiries. HAProxy is available as software in front of the web server switched and can take on various tasks.

Application examples of HAProxy

One of the greatest advantages of HAProxy is its Stability and speed. This means that various tasks that the web server would otherwise have to take over can be placed upstream.

Harmful requests

HAProxy can avoid harmful requests. This means inquiries about non-existent login pages, inquiries from spam bots or a massive number of simultaneous inquiries.

If attackers want a Hack website, they sometimes try to use known login URLs from the common content management systems. WordPress e.g. B. has “/ wp-login” as the standard login URL. On a Drupal site, the default url is “/ user / login”. There will most likely not be a URL like “/ wp-login”, so the web server would have unnecessary work. In this case, HAProxy would be set in such a way that a 404 page is returned without forwarding the request to the web server.

There are numerous bots crawling websites. This also includes the search engine bots, which are used to index websites. Usually this is also desired. However, there is also Spam botsthat are no “help” to the website operator and thus unnecessarily consume server capacity. If their ID is known, these bots can be excluded from HAProxy so that their requests are not forwarded to the web server.

One way of one Overloading the web server, you have to send him a massive number of requests in a short period of time. Here, too, HAProxy can exclude requests to ensure server uptime.

Server relief when using SSL / HTTPS

If several websites are hosted on a web server, the SSL certificates of the individual websites are managed by HAProxy: The client's request is sent to HAProxy, which then forwards it unencrypted to the web server. As a result, the web server does not have to process the encryption itself, but can answer the requests directly.

Load balancing

Will a webpage on multiple web servers hosted, HAProxy can split the requests so that the web servers are evenly loaded. In large data centers, such systems can even increase the server performance or switch on additional web servers for support, should there be a high number of visitors.

Country-specific allocation of users to the correct server

Will be a website international operated and has web servers distributed in different countries, HAProxy can be configured in such a way that user inquiries from country A are directed to the correct web server for language A. This is usually done using the IP address.

HAProxy is one of many ways to increase the performance and security of websites. If you are also interested in a performance and security solution for your website, we look forward to hearing from you. 0711 - 633 779 60 or by email to [email protected]