All, I appreciate the quick and thorough answer to my question of last week. Today, I am reviewing DISA hardening guidelines in regards to HAP. Specifically, I am considering this Rule:
"The server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials." My assessment is that HAProxy is inherently hardened in this regard. I've found no evidence in the configuration documentation that speaks to sample code. I've found no evidence of build parameters that de-select example applications and the like. Be aware that we are using an imperfect analog for HAP in terms of DISA security requirements. Not every Rule matches every product perfectly. My assessment is that HAProxy is inherently hardened in this regard. Thank you in advance, Ed Hart
