When configuring SSL Termination/Offloading and using the default cipher list, a scan using SSL Labs will produce an A which is great. One thing with our default list is that it could result in a scan indicating that there may be a vulnerability to Sweet32. Sweet32 has several potential methods to be exploited but the one which potentially affects a Loadbalancer.org appliance is the use of the Triple-DES legacy cipher when performing SSL Termination/Offloading. To mitigate this, it is a simple case of altering the cipher list slightly, adding a !3DES, to prevent the use of the Triple-DES cipher.Continue reading...
Accessibility is the magic word for todays blog. If you’re lucky enough to run a website, then the whole world has access to it by default!
Now lets imagine that the website you’re running is targeted for a geographically specific customer base such as the USA. You get up one morning and decide to take a look at your web analytic reports, and find that Japan is where the second largest volume of traffic is coming from. At which point, you might start thinking about restricting traffic from specific countries that would only waste bandwidth on your server.
It has been identified that versions of PuTTY, PutTTYtel and pterm are vulnerable to potential exploit in the handling of ECH (erase characters), affecting versions 0.54 to 0.65. Upgrading to version 0.66 or patching your running version is advised to mitigate the vulnerability.Continue reading...
During the last year at Loadbalancer.org we have spent a lot of time and effort researching WAF (Web Application Firewall) solutions. The integrated WAF in version 8 of the Loadbalancer.org appliance has been designed for fast, low latency PCI-compliance for our customers. We also have several customers clustering commercial solutions (such as Imperva) behind our load balancer giving a much better WAF feature set + great performance and health monitoring.Continue reading...
As the evolution of Loadbalancer.org continues, we are proud to present our latest software release, v8.0. New features such as the Web Application Firewall (WAF) spearheading our increased focus on security and various updates including an enhanced process for high availability appliance pairing , improved LBCLI, advancement of the web user interface (WebUI).Continue reading...
Microsoft quietly patched a fairly nasty little bug (MS15-034) in IIS last month: A simple HTTP request with an invalid range header field value to either kill IIS, reveal data or remotely execute code! We haven't seen one of these in a while and obviously you are safe if you have automatic security patching turned on. However, with our renewed focus on web application security, I thought this would be a good example to show how easy virtual patching is with the industry standard tools used in the Loadbalancer.org appliance.Continue reading...
Denial of Service (DOS) attacks can be especially effective against certain types of web application. If the application is highly dynamic or database intensive it can be remarkably simple to degrade or cripple the functionality of a site. This blog article describes some simple methods to mitigate single source IP DOS attacks using HAProxy. I've described how you would implement the techniques using the Loadbalancer.org appliance but they are easily transferable to any HAProxy based cluster.Continue reading...
Contact us or submit your details to request a call back.
tel: +1 888 867 9504
Contact us or submit your details to request a quick quote.
tel: +1 888 867 9504 (24x7)
You explain the problem, and we will provide the solution.