diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index 5ef4c83da7be5e3d5d31b050ad54ef7a7ba9390f..3394742592d0fa52e87f6cbf15295a8fbcf12847 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -9,7 +9,6 @@ global
   ca-base /etc/haproxy/certs
   crt-base /etc/haproxy/private
   ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  maxconn 256
   pidfile /run/haproxy.pid
 
 defaults
@@ -17,9 +16,13 @@ defaults
   log-format %ci:%cp\ [%T]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
   mode http
   option dontlognull
-  timeout connect 5000
-  timeout client 120000
-  timeout server 120000
+  timeout connect 5s
+  timeout client 20s
+  timeout server 15s
+  timeout check 1s
+  timeout http-keep-alive 1s
+  timeout http-request 10s  # slowloris protection
+  default-server inter 3s fall 2 rise 2 slowstart 60s
   errorfile 400 /etc/haproxy/errors/400.http
   errorfile 403 /etc/haproxy/errors/403.http
   errorfile 408 /etc/haproxy/errors/408.http
@@ -30,7 +33,6 @@ defaults
   option forwardfor
   option http-server-close
   retries 3
-  maxconn 1000
   default_backend {{proxy_default_backend}}
 
 listen stats
@@ -111,16 +113,20 @@ backend backend_{{host}}
 {% if host == inventory_hostname %}
   http-response deny
 {% else %}
-  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 32
+  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
 {% endif %}
 {% endfor %}
 {% if varnish_host|default(false) %}
 
 backend backend_varnish
+  option httpchk HEAD /varnishcheck
+  http-check expect status 200
+  option forwardfor
+  hash-type consistent
 {% if varnish_host == inventory_hostname %}
-  server varnish 127.0.0.1:6081 maxconn 32
+  server varnish 127.0.0.1:6081 maxconn 1000
 {% else %}
-  server varnish {{ hostvars[varnish_host]['static_ipv4']|default(hostvars[varnish_host]['ansible_default_ipv4']['address']) }}:6081 maxconn 32
+  server varnish {{ hostvars[varnish_host]['static_ipv4']|default(hostvars[varnish_host]['ansible_default_ipv4']['address']) }}:6081 maxconn 1000
 {% endif %}
 {% endif %}