I think this makes a nice security addition to the dashboard charm; it could also apply to API services which also use haproxy as part of their service chain infront of the actual service daemon.
If we do implement this I'd like for it to be disabled by default; enabling should turn on a set of sensible defaults that have been more widely reviewed and we need to make sure sufficient configuration options are exposed to allow tuning.
I think this makes a nice security addition to the dashboard charm; it could also apply to API services which also use haproxy as part of their service chain infront of the actual service daemon.
If we do implement this I'd like for it to be disabled by default; enabling should turn on a set of sensible defaults that have been more widely reviewed and we need to make sure sufficient configuration options are exposed to allow tuning.