Latest How to configure HAProxy's Proxy Protocol with Squid A customer asked me the other day how to set up Squid Proxy Protocol on their Loadbalancer appliance.
Open source Announcing CVE-2021-35368: OWASP ModSecurity Core Rule Set Bypass In early June 2021, I identified a request body bypass vulnerability in the OWASP ModSecurity Core Rule Set (CRS). Loadbalancer.org appliances themselves are unaffected...
Open source ModSecurity and the Case of the Never Decreasing Variables In the world of web application security, it can be invaluable to consider a user's behaviour across the entire duration of their web app session...
WAF How to train your Web Application Firewall (WAF) Let's look at the best way to use the WAF with as little pain as possible!..
WAF Secure connections: encrypt, inspect and decrypt traffic when using a WAF We’re often asked how to configure our load balancer to protect both web servers and users...
Open source How to tackle bugs and vulnerabilities – a solutions architect’s opinion Dealing with bugs and vulnerabilities is quite common in the tech space. Aaron West, the head of Solutions at Loadbalancer.org shares some insights about our approach of tackling such issues, and more...
Security Healthcare IT should listen to Amazon's Werner Vogels: “Dance Like Nobody’s Watching. Encrypt Like Everyone Is” Find out why Werner Vogels' comments ring especially true for healthcare data...
Security Update on HAproxy HTTP/2 HPACK Decoder Vulnerability (2 April 2020) A critical vulnerability in HAProxy’s HTTP/2 HPACK decoder in versions 1.8 and above has been discovered. This does not impact the majority of Loadbalancer.org customers...
How-tos Security through geography: blocking traffic by country, continent, or IP address using ModSecurity Imagine you’re running a business and you often see malicious-looking web traffic from the other side of the globe hitting your website...
Security SACK Panic: What is it, and is it actually time to panic? Four closely related vulnerabilities regarding TCP handling in the Linux and FreeBSD kernels were publicly disclosed on 17 June 2019...
Security Huawei root access is BAD! VERY, VERY BAD: Or, how we reasoned ourselves out of root access by default As you probably know, the notorious Chinese tech company was blacklisted OK, so Trump didn't actually say that about Huawei. But, given his recent declaration, it wouldn't surprise me if he did...
How-tos How do I secure my load balancer with Active Directory, LDAP or RADIUS? I’ve noticed a lot more of our customers are asking to use their Active Directory login details with the load balancer appliance. And it can get a bit fiddly, so I wanted to explain the process in more detail...
Security FTPS Implicit vs FTPS Explicit: Who will win? Implementation of FTP and configuration of your firewalls can be cumbersome, especially when it comes to being secure during your file transfer...
WAF Why use a WAF? Because what doesn't kill you makes you stronger Our helpdesk often encounters confusion about Web Application Firewalls, or WAFs - what they are, how to use them, and what issues they can potentially cause...
HAProxy New year, new vulnerability: HAProxy critical security update An incorrect frame length check could result in a read-past-bound which can cause a crash...
WAF Brute force login: Simple protection techniques with the ModSecurity WAF The web-based login to your application is a juicy target for hackers. And once they get past the login, they can cause you some serious pain...
WAF Darktrace: When looks aren't everything An engineer at a business using Darktrace, confessed that many IT staff ignored the pricey security software because it sent so many false alerts...
HAProxy HAProxy critical security update — to avoid simple(ish) DoS attack (20 September 2018) A critical security issue has been found in HAProxy, leaving certain systems vulnerable to remote attack. We want to keep you informed, and we understand that this news might cause you some anxiety. But be reassured - most of our customers won’t be affected...
Security Let's Encrypt — how did we survive without it? Let’s Encrypt is awesome! Not only is it more secure than your existing certificate authority. It's also reliable, scalable, fully automated — and free!..
AWS / Azure / GCP FC Barcelona choose Loadbalancer.org in AWS for flexibility and security With our 9 years expertise in making applications within AWS indestructible, Loadbalancer.org was able to provide FC Barcelona with an intelligent application delivery controller built on 15 years' worth of battle‑hardened software...
Application Management Nutanix Ready, a great platform now comes with a certified load balancer We have built upon our existing strengths in virtualized environments to become Nutanix certified, with the addition of support for Nutanix AHV positions...
AWS / Azure / GCP How to add Cloudflare in front of HAProxy Cloudflare provides a content delivery network (CDN). A CDN is a worldwide network of servers that delivers web content to clients based on the geographic location of the client...
Application Management Load Balancing Web Servers with OWASP Top 10 WAF in Azure In the Azure Management Portal, select the Virtual Machines option, click on the newly deployed Load Balancer VM, click on Network interfaces and then select the network interface attached to the load balancer, then click IP configurations and ensure that IP forwarding is Enabled...
Security Load Balancing Apache Web Servers with OWASP Top 10 WAF in Azure The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy...
Security Security through obscurity - double login protection made easy... Security through obscurity is not a great idea when it is your ONLY protection technique. For example moving your SSH port from 22 -> 23 won't fool any hackers for long! However, I've always liked putting a 'double login' in front of important web sites to frustrate simple automated hacking tools...