HAProxy Enterprise 3.0 is now available. This release extends HAProxy Enterprise’s legendary performance and flexibility and builds upon its cornerstone features. The HAProxy Enterprise WAF is even more powerful, the Global Profiling Engine is more dynamic and performant, UDP load balancing is simpler and more observable, HTTPS performance is improved, and we have added new CAPTCHA and SAML single sign-on modules.

This month, Fortune.com reported that TikTok’s web scraper — known as Bytespider — is aggressively sucking up content to fuel generative AI models. We noticed the same thing when looking at bot management analytics produced by HAProxy Edge — our global network that we ourselves use to serve traffic for haproxy.com. Some of the numbers we are seeing are fairly shocking, so let’s review the traffic sources and where they originate.

HAProxy Fusion 1.3 is now available—making it even simpler to adopt modern, scalable application delivery. New custom dashboards, high-performance Kubernetes service discovery, and optimized workflows bolster HAProxy Fusion's observability and flexibility.

Standardized logging formats are important for teams that rely on logging for observability, troubleshooting, and workflow integration. Using structured formats simplifies parsing and eliminates the need to interpret fields manually, ensuring consistency across logging formats. This reduces manual work, prevents brittleness from unstructured logs, and simplifies integration between teams that feed logs into a shared aggregation system.

HAProxy Data Plane API 3.0 is now available! The latest version is hosted on our GitHub releases page. This release follows the recent HAProxy 3.0 release and incorporates its changes, along with some improvements and changes specific to the API. HAProxy Data Plane 3.0 adds multiple breaking changes. We'll cover the impacts of these changes in detail to highlight how your implementation and usage of Data Plane API may be affected.

Most load balancers only check a client certificate when the client first connects. However, this can be problematic if a client stays connected for an extended period of time. Staying connected would allow clients to continually send and receive data. Imagine you have an employee whose certificate and key were stolen by an adversary. If you are using TLS client authentication, that adversary can connect to your infrastructure and maintain illegal access.

Tracing follows requests as they move through an entire network, from the initial client request to the final response. In financial services, end-to-end tracing is essential for maintaining robust security, ensuring comprehensive observability of system operations, and understanding chains of events in case of issues or anomalies.