Definition: HAProxy is open source software that can be connected upstream of one or more web servers in order to take over certain previously configured processes.
HAProxy can be thought of as a "reception desk" in front of the web server. If you imagine a website like a large company with several departments, this reception has important tasks:
-
Distinguishing employees from customers or strangers and granting access only to authorized persons
-
pointing customers in the right direction
-
Receive notifications
-
etc.
A website is structured in a similar way: it has various directories, there are areas for registered users and public areas and requests are made to the web server. The web server is the main player and is responsible for providing the content. However, it is also the point of attack for malicious requests, for example. HAProxy is installed as software in front of the web server and can perform various tasks.
Application examples of HAProxy
One of the biggest advantages of HAProxy is its stability and speed. This means that various tasks that would otherwise have to be performed by the web server can be upstreamed to it.
Malicious requests
HAProxy can avoid harmful requests. This refers to requests to non-existent login pages, requests from spam bots or a massive number of simultaneous requests.
If attackers want to hack a website via the page login, they sometimes try to use known login URLs of common content management systems. WordPress, for example, has the default login URL "/wp-login". On a Drupal site, the default URL is "/user/login". A URL like "/wp-login" will most likely not exist, so the web server would have unnecessary work. In this case, HAProxy would be set to directly return a 404 page for such a request without forwarding the request to the web server.
There are numerous bots that crawl websites. These include search engine bots, which are used to index websites. As a rule, this is also desired. However, there are also spam bots that are of no "help" to the website operator and therefore consume server capacity unnecessarily. If their identifier is known, these bots can be excluded from HAProxy so that their requests are not forwarded to the web server.
One way to overload a web server is to send it a massive number of requests in a short space of time. Here too, HAProxy can exclude requests in order to guarantee the server uptime.
Server load relief when using SSL / HTTPS
If several websites are hosted on one web server, the SSL certificates of the individual websites can be managed by HAProxy: The client's request reaches HAProxy, which then forwards it unencrypted to the web server. This means that the web server does not have to process the encryption itself, but can answer the requests directly.
Load balancing
If a website is hosted on several web servers, HAProxy can divide the requests so that the web servers are evenly loaded. In large data centers, such systems can even ramp up server performance or add additional web servers for support if there is a peak in visitor numbers.
Country-specific allocation of users to the right server
If a website is operated internationally and has web servers distributed in different countries, HAProxy can be configured so that user requests from country A are routed to the correct web server for language A. This is usually done based on the IP address. This is usually done using the IP address.
HAProxy is one of many ways to increase the performance and security of websites. If you are also interested in a performance and security solution for your website, please contact us at 0711 - 633 779 60 or by e-mail at info@arocom.de