DDoS Protection and Rate Limiting

Guard against abuse and brute force attacks

Global rate limiting and comprehensive DDoS protection against transport layer (Layer 4) and application layer (Layer 7) attacks — for any application, in any environment. 

The Problem

DDoS attacks are growing more common and dangerous

Distributed denial-of-service (DDoS) attacks remain serious cybersecurity threats each year — endemic across the web much like the flu or common cold. Such attacks can cause high resource use, downtime, data theft, and revenue loss. Protection is essential. 

However, not all solutions are created equally. Many DDoS protection and rate limiting solutions fail to react to threats quickly and globally, while providing affordable 24/7 protection.

Attacks are multiplying

Cloudflare observed 8.5 million DDoS attacks across its domains in H1 2024.

Throughput is rising

During the 2023 NFL Super Bowl, a major DDoS attack peaked at 71 million requests per second (RPS) — the largest ever recorded.

Packets are being weaponized

Attack magnitude is rising annually, with a notable DDoS attack peaking at 1.7 terabits per second in early 2024. 

DDoS Protection and Rate Limiting Features

High-performance and customizable protection

HAProxy's next-gen, multi-layered security approach stops botnets and abuse in their tracks.

Write simple response rules using ACLs

ACLs use strings, patterns, request rates, and logical operators to determine routing behaviors. Challenge, deny, and redirect traffic in real time with minimal configuration. Apply custom rules and enforce redirects based on stick table data.

Track activity with Global Profiling Engine (GPE)

View client behavior in real-time across every HAProxy cluster. Dynamically generated counter thresholds, based on historical data, power automated global rate limiting and advanced security analysis. Track suspicious behavioral patterns everywhere and act.

Enable rapid filtering with PacketShield

HAProxy ALOHA's PacketShield offers a simple, efficient, and cost-effective response to DDoS attacks. Enable customizable, real-time packet filtering at wire speed in front of your load balancers and servers — with zero disruptions or false positives.

Stop spam with CAPTCHA module

Our native CAPTCHA module presents a challenge page to clients to determine if they're human. Extend support to multiple CAPTCHA providers — such as Google reCAPTCHA — based on simple rules written in your HAProxy global settings.

Platform Overview

Do more with HAProxy One

The world's fastest application delivery and security platform seamlessly blends data plane, control plane, and edge network to deliver the world's most demanding applications, APls, and Al services in any environment.

Discover HAProxy One
HAProxy One

HAProxy Enterprise

A flexible data plane layer that provides high-performance load balancing, an API/Al gateway, Kubernetes application routing, best-in-class SSL processing, and multi-layered security.

HAProxy Fusion Control Plane

A scalable control plane that provides full-lifecycle management, monitoring, and automation of multi-cluster, multi-cloud, and multi-team HAProxy Enterprise deployments.

HAProxy Edge

A secure edge network that provides a high-capacity global ADN and threat intelligence — enhanced by machine learning — that powers the next-generation security layers in HAProxy Fusion and HAProxy Enterprise.

World-class experience

24/7 support from real humans! We're the authoritative experts on HAProxy — including the edge, data plane, control plane, and security layers. We'll do whatever it takes to make your HAProxy deployment a success.

What are users saying about HAProxy DDoS protection and rate limiting?

HAProxy adeptly aggregates table data from our cluster of load balancers on a real-time basis. Inspecting tag values within our logon messages is done quickly as soon as our client sends them. We can easily modify rate-limiting thresholds for traffic loads that are dynamic in nature.

Shreya B., via G2 Cloud Engineer
DDoS Protection and Rate Limiting

By building a PoP network based on HAProxy, cross-cutting concerns like authentication, authorization, and rate limiting could be moved to the edge of the network. They increased their service reliability, gained observability over their traffic, and removed single points of failure.

Luke Seelenbinder Co-Founder @ Stadia Maps

Ready to get started with DDoS protection and rate limiting?

Learn more about keeping your applications, APIs, and AI services safe from DDoS attacks and abuse with HAProxy.