Five years after the launch of branch 2.0, HAProxy has announced the release of HAProxy 3.0. This new load balancer is designed to distribute HTTP traffic and TCP checks among server groups, taking into account various factors such as server availability, load levels, and DDoS protection. HAProxy 3.0 also includes primary data filtration capabilities, enabling users to configure HTTP settings, filter incorrect request parameters, block SQL injection and XSS attacks, and connect content processing agents. Additionally, HAProxy can be used to coordinate interactions in systems based on microservice architecture. The project code is written in SI and is available under the GPLV2 license. Major websites like Airbnb, Alibaba, Github, Imgur, Instagram, Reddit, Stackoverflow, Tumblr, Twitter, and Vimeo utilize HAProxy for their operations.
HAProxy 3.0 is designated for long-term support (LTS) releases and will be supported until 2029. Some key changes in this release include:
- The addition of a new “CRT-Store” section in the configuration for managing TLS certificate storage and usage. This allows for separate storage of certificate components to customize their placement.
- Introduction of restrictions for requests using HTTP/2 protocol to address potential issues like DOS attacks from Continuation flows.
- Addition of a new GUID configuration directive for unique identification in the “Frontend”, “Backend”, and “Listen” sections, ensuring statistics persistence after restarts.
- Expansion of balancing capabilities for Syslog messages, including the option to assign weight coefficients to server-related log lines.
- Support for log line formatting in Json and CBOR presentations.
- Enhanced data extraction functions for obtaining information on open HTTP sessions, request processing waiting queues, and simultaneous session limits.
- Improved performance for Lua scripts loaded using the Lua-Load directive.