- Restrict the stats page to trusted IPs.
- Bind admin sockets to localhost only.
- Use TLS for frontend listeners.
- Disable or protect the stats socket.
- Set strict ACLs for admin actions.
- Run as a dedicated user.
- Keep HAProxy updated.
Do you need help or support? Feel free to contact us!