A load balancer is a system that distributes incoming traffic across multiple servers so no single machine becomes a bottleneck. It improves availability, performance, and resilience by shifting requests away from overloaded or unhealthy hosts. Load balancers can work at different layers: some route raw TCP or UDP sessions, while others inspect HTTP and make decisions based on hostnames, paths, or headers.
In cyber security, load balancers matter because they sit at the front door of many services. A weakness in this layer can expose multiple back-end systems, affect authentication flows, or create a high-impact denial-of-service point. Defenders use load balancers to absorb spikes, isolate failed nodes, and apply controls such as TLS termination, health checks, rate limiting, and access rules. Attackers may try to overwhelm them, bypass them through misconfiguration, or abuse trust in forwarded headers and proxy settings. In incidents, knowing whether a service is behind a load balancer helps defenders identify the real origin servers and scope exposure correctly.



