Kevin-Lucas Stroe
on
•
18 mins
With numerous options available, choosing and configuring the right tool can be daunting.
With numerous options available, choosing and configuring the right tool can be daunting.
Here is another example of a more “exotic” Stunnel configuration. Most people, and rightly so, will ask “but why?”. Well, because we can!
I thought I would try and cover the basics here by explaining how to create an SSL certificate and the various files that you'll end up with.
Ansible is an open source project sponsored by RedHat, and is the simplest way to automate IT tasks.
How many times have you looked at the HAProxy report and thought, what on earth is this all about?! What are the busiest times on my Loadbalancer? Which Real Server is busy? How much traffic is going through my VIPs?
With our recent release, you can now use the new Prometheus exporter to export the HAProxy metrics into an existing Prometheus environment.
The "ARP problem" for Layer 4 DR (Direct Routing) mode is something that needs to be solved for each of your Real Servers in the virtual service.
Although our appliances are absolutely awesome and fun to use, going through the same process many times may become slightly tedious!
In this example, I’m going to add a new transformation function to ModSecurity to calculate the Scrabble score of a variable. This will allow us to block HTTP requests containing query string parameters with a Scrabble score above a chosen threshold.
The X-Forwarded-For Header is a simple yet powerful solution to a very common problem. I'm not sure why, but for some reason it also seems to cause a lot of confusion.
Cloudflare provides a content delivery network (CDN). A CDN is a worldwide network of servers that delivers web content to clients based on the geographic location of the client.
By default, the load balancer uses a TCP connect to the port defined in the Virtual Service to verify the health of each real (backend) server. For IIS, this would typically be port 80.
By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client.
There are a lot of SSL offload throughput statistics available for appliances across the internet but rarely do they detail the way they were tested.
There’s been a lot of debate here in the office about how best to capture both your Loadbalancer’s IP and the Source IP of the user in your access_log in Apache 2.4. This is the tried and tested method we've come up with.
Although it's not technically a standard, the X-Forwarded-For (XFF) header is incredibly useful if you have any kind of proxy in front of your web servers.