HAProxy
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 147 | 30 Apr 2025 | |
| latest/stable | 66 | 08 Nov 2021 | |
| latest/candidate | 147 | 30 Apr 2025 | |
| latest/candidate | 64 | 14 Oct 2021 | |
| latest/beta | 147 | 30 Apr 2025 | |
| latest/edge | 147 | 29 Apr 2025 | |
| latest/edge | 37 | 11 Nov 2020 | |
| 2.8/stable | 290 | 05 Jan 2026 | |
| 2.8/candidate | 290 | 16 Dec 2025 | |
| 2.8/edge | 308 | 09 Jan 2026 |
juju deploy haproxy
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
charms.haproxy.v0.ddos_protection
-
- Last updated 09 Jan 2026
- Revision Library version 0.2
DDoS protection interface library.
Getting Started
To get started using the library, you need to first declare the library in
the charm-libs section of your charmcraft.yaml file:
charm-libs:
- lib: haproxy.ddos_protection
version: "0"
Then, fetch the library using charmcraft:
cd some-charm
charmcraft fetch-libs
Using the library as the Provider
The provider charm should expose the interface as shown below:
provides:
ddos-protection:
interface: ddos-protection
Then, to initialise the library:
from charms.haproxy.v0.ddos_protection import DDoSProtectionProvider
class DDoSConfigurator(CharmBase):
def __init__(self, *args):
super().__init__(*args)
self.ddos_provider = DDoSProtectionProvider(self)
# Set the configuration when ready
self.ddos_provider.set_config(
rate_limit_requests_per_minute=100,
rate_limit_connections_per_minute=50,
concurrent_connections_limit=1000,
error_rate=10,
limit_policy="reject",
ip_allow_list=["192.168.1.1", "192.168.1.0/24"],
http_request_timeout=30,
http_keepalive_timeout=60,
client_timeout=50,
deny_paths=["/admin", "/internal"],
)
Using the library as the Requirer
The requirer charm should expose the interface as shown below:
requires:
ddos-protection:
interface: ddos-protection
Then, to initialise the library:
from charms.haproxy.v0.ddos_protection import DDoSProtectionRequirer
class HaproxyCharm(CharmBase):
def __init__(self, *args):
super().__init__(*args)
self.ddos_requirer = DDoSProtectionRequirer(self, relation_name="ddos-protection")
self.framework.observe(
self.on.config_changed, self._on_config_changed
)
def _on_config_changed(self, event):
# Read DDoS protection configuration
config = self.ddos_requirer.get_ddos_config()
if config:
# Apply the configuration
...
Index
class DataValidationError
Description
Raised when data validation fails. None
class DDoSProtectionInvalidRelationDataError
Description
Raised when data validation of the ddos-protection relation fails. None
class RateLimitPolicy
Enum of possible rate limiting policies.
Description
Attrs: DENY: Deny the connection. REJECT: Send a TCP reset packet to close the connection. SILENT: disconnects immediately without notifying the client that the connection has been closed (no packet sent).
class DDoSProtectionProviderAppData
Configuration model for DDoS protection provider.
Attributes
Methods
DDoSProtectionProviderAppData. validate_ip_allow_list( cls , v )
Validate and convert IP allow list.
Arguments
The list of IP addresses or CIDR blocks as strings.
Returns
The list of converted IPv4Address or IPv4Network objects.
Description
Converts each string to either IPv4Address (for single IPs) or IPv4Network (for CIDR blocks).
DDoSProtectionProviderAppData. validate_deny_paths( cls , v )
Validate that deny_paths contains no empty strings.
Arguments
The validated list of paths.
Returns
The validated list of paths.
DDoSProtectionProviderAppData. validate_limit_policy( self )
Validate and convert the limit_policy parameter.
Returns
The validated model.
Description
The limit_policy must be one of: silent-drop, reject, or deny. For deny, optionally an HTTP status code can be appended (e.g., "deny 503"). Extracts and stores the status code separately in policy_status_code.
DDoSProtectionProviderAppData. validate_limit_policy_with_rate_limits( self )
Validate that limit_policy is only set when rate limits are configured.
Returns
The validated model.
Description
If limit_policy is set, at least one of the rate limit fields must also be set. Conversely, if no rate limits are configured and limit_policy is not set, default limit_policy to SILENT when any rate limit is present.
class DDoSProtectionProvider
Description
DDoS protection interface provider implementation. None
Methods
DDoSProtectionProvider. __init__( self , charm: CharmBase , relation_name: str )
Initialize the DDoSProtectionProvider.
Arguments
The charm that is instantiating the library.
The name of the relation.
DDoSProtectionProvider. set_config( self )
Update the DDoS protection configuration.
Arguments
Maximum number of requests per minute per entry.
Maximum number of connections per minute per entry.
Maximum number of concurrent connections per entry.
Number of errors per minute per entry to trigger the limit policy.
Policy to be applied when limits are exceeded.
List of IPv4 addresses or CIDR blocks to be allowed.
Timeout for HTTP requests in seconds.
Timeout for HTTP keep-alive connections in seconds.
Timeout for client connections in seconds.
List of paths to deny.
class DDoSProtectionRequirer
Description
DDoS protection interface requirer implementation. None
Methods
DDoSProtectionRequirer. __init__( self , charm: CharmBase , relation_name: str )
Initialize the DDoSProtectionRequirer.
Arguments
The charm that is instantiating the library.
The name of the relation to bind to.
DDoSProtectionRequirer. get_ddos_config( self )
Retrieve the DDoS protection configuration from the provider.
Returns
The DDoS protection configuration if available, or None if the relation is not established or contains no data.