haproxy VS proxychains-ng

Compare haproxy vs proxychains-ng and see what are their differences.

proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead. (by rofl0r)
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
haproxy proxychains-ng
16 7
4,385 9,392
2.7% -
9.9 5.0
6 days ago 14 days ago
C C
GNU General Public License v3.0 or later GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

haproxy

Posts with mentions or reviews of haproxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-11.
  • HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
    2 projects | news.ycombinator.com | 11 Oct 2023
    I wanted to try it out just now but hit a roadblock immediately - it cannot automatically obtain and maintain TLS certificates. You have to use an external client (e.g. acme.sh), set up a cron to check/renew them, and poke HAProxy to reload them if necessary. I'm way past doing this in 2023.

    https://www.haproxy.com/blog/haproxy-and-let-s-encrypt

    https://github.com/haproxy/haproxy/issues/1864

  • minexmr2.com updated to p2pool v3.1, monerod v0.18.2.0, and ready for Mar 18 p2pool (not monero) hardfork
    6 projects | /r/MoneroMining | 12 Mar 2023
    I turn on 1 relatively cheap cloud server to process DNS, https and stratum connections and route them via haproxy to one of N miner servers described above.
  • Update to haproxy 2.4.18 breaks WebDAV
    2 projects | /r/haproxy | 11 Dec 2022
  • HAProxy 2.7
    5 projects | news.ycombinator.com | 2 Dec 2022
    With the recent discussions about memory safe languages, HAProxy is still surprisingly written in C [0].

    [0]: https://github.com/haproxy/haproxy

  • 35M Hot Dogs: Benchmarking Caddy vs. Nginx
    11 projects | news.ycombinator.com | 16 Sep 2022
    It does not, because HAProxy does not perform any disk access at runtime and thus would be unable to persist the certificates anywhere. Disks accesses can be unpredictably slow and would block the entire thread which is not something you want when handling hundreds of thousands of requests per second.

    See this issue and especially the comment from Lukas Tribus: https://github.com/haproxy/haproxy/issues/1864

    Disclosure: Community contributor to HAProxy, I help maintain HAProxy's issue tracker.

  • The perils of the “real” client IP
    2 projects | news.ycombinator.com | 5 Mar 2022
    :+1: for the effort to document this, and coordinating the disclosure with the vendors. This mainly talks about rate-limiting bypass/DoS, but if XFF is also used for audit trail logging of IP addresses and/or IP-based access lists, then the security implications can be even more severe, with falsified audit logs and bypassed security controls.

    Setting up an application server behind a reverse proxy to use the "real" client IP is unfortunately very typically just a trial-and-error based process, with very little room for this kind of nuanced security-conciousness, because the configuration and exact behavior is all so non-standardized across different implementations of reverse-proxies and application servers... Typically users will just try different configuration settings until they find a combination that seems to work, and you would actually need to dig in with curl and tshark to understand the edge cases, because the documentation of the application-specific implementation is typically just one brief sentence...

    Getting XFF working correctly through a complicated HTTP stack with multiple layers of nginx/haproxy/apache proxies (yes, they have different non-overlapping feature sets), custom backends implementing custom XFF handling/forwarding, and jetty/spring backends upgraded across a major version bump that changed the implementation and configuration properties related to XFF handling was insanely difficult. And of course it broke when migrating from a F5 LB to an AWS ALB, because it behaved differently for that one edge-case for an important customer... highly recommended to just override the entire XFF header with a single value at the appropriate point in your stack, if at all possible.

    If just the naive leftmost-first vs rightmost-ish-with-configurable-list-of-trusted-upstream-proxies wasn't enough, then yeah, HAProxy does the thing where it adds a new 100% standards-compliant header continuation line [1] that maybe 1% of backend application developers have ever tested with. And trying to configure HAProxy to interpret the incoming XFF headers for logging/access-control ~is~/was even more weird [2].

    [1] https://github.com/haproxy/haproxy/issues/44

  • Ask HN: What are the best the publicly available FAMANG code repos?
    16 projects | news.ycombinator.com | 23 Aug 2021

proxychains-ng

Posts with mentions or reviews of proxychains-ng. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-06-11.
  • Using proxy password with a program that doesn't take a proxy password
    2 projects | /r/linuxquestions | 11 Jun 2022
    Chrome lets you set a proxy but not a username or password but I have a proxy that can only be authenticated with a password. I tried using proxychains-ng but that doesn't work with Chrome https://github.com/rofl0r/proxychains-ng/issues/45.
  • locate proxychains
    2 projects | /r/linuxquestions | 29 Sep 2021
    You should use proxychains4, you can build it yourself https://github.com/rofl0r/proxychains-ng, I like using sshuttle project, kinda like a pseudovpn https://github.com/sshuttle/sshuttle

What are some alternatives?

When comparing haproxy and proxychains-ng you can also consider the following projects:

zstd - Zstandard - Fast real-time compression algorithm

sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

ClickHouse - ClickHouse® is a free analytics DBMS for big data

3proxy - 3proxy - tiny free proxy server

Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

brotli - Brotli compression format

Jool - SIIT and NAT64 for Linux

traefik - The Cloud Native Application Proxy

preload - preload is an adaptive readahead daemon that prefetches files mapped by applications from the disk to reduce application startup time.

torsocks - Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git

gatekeeper - The first open-source DDoS protection system