Vulture is a reverse-proxy. It should be placed between users and the web-application you want to protect:


Vulture has a built-in firewall, based on OpenBSD pf. You do not need to protect Vulture with an additional firewall.


Vulture accepts incoming traffic on defined IP addresses and ports. IP addresses on which Vulture is listening are called listeners.
You can add / remove listeners and configure as many IP addresses as you need on any network device available on the system.

In cluster configuration, Vulture uses CARP and allows multiple hosts to share the same IP address and Virtual Host ID (VHID) in order to provide high availability. This means that one or more hosts can fail, and the other hosts will transparently take over so that users do not see a service failure.

Create a load-balancer (see below) on top of a CARP listener to have a highly available cluster with incoming traffic load balanced among all the Vulture nodes available in your cluster.

See how to configure Listeners here.

Load balancer

Vulture has a built-in layer 4 load-balancer, based on ha-proxy. You do not need to add a load-balancer "before" Vulture.
ha-proxy is configured in tcp mode: Vulture can load-balance any TCP traffic, not only HTTP.

Proxy balancer

Vulture has a built-in layer 7 HTTP Proxy balancer so that it can load-balance trafic to multiple web backends.

Incoming URL rewriting

Incoming HTTP requests can be rewritten by Vulture.
See details here.