Open
Description
Use Case
By setting stats enable in the defaults you enable access to the stats page in every HTTP frontend by using /haproxy?stats in the URL. This is not ideal for public facing haproxies as it exposes information that most users would not want available anonymously.
Describe the Solution You Would Like
Please consider removing this setting from the defaults hash and require that module users explicitly set it themselves. I understand this is potentially a breaking change for users relying on this setting but feel the improved security posture is worth it.
Describe Alternatives You've Considered
Enabling default auth as an alternative would have the same potential of breaking existing setups as well as the default credentials already being known by malicious actors.