The latest insights from the load balancing experts | Loadbalancer.org

Sector: Security

Not all exploits are created equal - but security will always come first. Let’s tackle some bugs.

Find out more about this sector
Security
Security
Update on HAproxy HTTP/2 HPACK Decoder Vulnerability (2 April 2020) Tom Hopkins
A critical vulnerability in HAProxy’s HTTP/2 HPACK decoder in versions 1.8 and above has been discovered. This does not impact the majority of Loadbalancer.org customers.

1 min read

Read more
Security
Security
SACK Panic: What is it, and is it actually time to panic? Andrew Howe
Four closely related vulnerabilities regarding TCP handling in the Linux and FreeBSD kernels were publicly disclosed on 17 June 2019. Dubbed as “SACK Panic”, the main vulnerability can cause a Linux operating system to crash

2 min read

Read more
News
News
Huawei root access is BAD! VERY, VERY BAD: Or, how we reasoned ourselves out of root access by default Malcolm Turnbull
As you probably know, the notorious Chinese tech company was blacklisted by Google on the instructions of the Trump administration. All this high-profile paranoia about security got me thinking about our approach to the subject as we prepare to release v8.3.7 of the load balancer appliance...

4 min read

Read more
How-To's
How-To's
How do I secure my load balancer with Active Directory, LDAP or RADIUS? Neil Hosking
I’ve noticed a lot more of our customers are asking to use their Active Directory login details with the load balancer appliance. And it can get a bit fiddly, so I wanted to write

4 min read

Read more
Security
Security
FTPS Implicit vs FTPS Explicit: Who will win? Imannuel Graham
“Load balancing FTP can be loads of fun for system and network administrators alike!” - said nobody ever. Implementation of FTP and configuration of your firewalls can be cumbersome, especially when it comes to being

4 min read

Read more
HAProxy
HAProxy
New year, new vulnerability: HAProxy critical security update Annu Sroa
The Christmas tree is still up, you’ve barely swept away the used party poppers and champagne corks from your New Year celebrations - and already, there’s a new security issue to be aware

4 min read

Read more
Web Application Firewall (WAF)
Web Application Firewall (WAF)
Brute force login: Simple protection techniques with the ModSecurity WAF Andrei Grigoras
The web-based login to your application is a juicy target for hackers. And once they get past the login, they can cause you some serious pain. If you have a WAF (Web Application Firewall), though,

5 min read

Read more
Web Application Firewall (WAF)
Web Application Firewall (WAF)
Darktrace: When looks aren't everything Malcolm Turnbull
These are scary times when it comes to cybersecurity. Following on from high-profile breaches at Equifax, British Airways, Ticketmaster, Newegg and more, it’s not surprising that companies are prepared to pay top dollar for

4 min read

Read more
HAProxy
HAProxy
HAProxy critical security update — to avoid simple(ish) DoS attack (20 September 2018) Annu Sroa
A critical security issue has been found in HAProxy, leaving certain systems vulnerable to remote attack. We want to keep you informed, and we understand that this news might cause you some anxiety. But be reassured - most of our customers won’t be affected.

3 min read

Read more
SSL
Let's Encrypt — how did we survive without it? Rob Congalton
Let’s Encrypt is awesome! Not only is it more secure than your existing certificate authority. It's also reliable, scalable, fully automated — and free!

7 min read

Read more
How-To's
How-To's
How to train your Web Application Firewall (WAF) Aaron West
One customer recently joked that, "Taming a dragon would be easier than configuring a WAF!". So we've developed some tools to make the whole process easier.

11 min read

Read more
SSL
How to add Cloudflare in front of HAProxy Thorsten Wetzig
What is Cloudflare? Cloudflare provides a content delivery network (CDN). A CDN is a worldwide network of servers that delivers web content to clients based on the geographic location of the client. Using the Cloudflare

12 min read

Read more
Security
Security
Security through obscurity - double login protection made easy... Malcolm Turnbull
Security through obscurity is not a great idea when it is your ONLY protection technique. For example moving your SSH port from 22 -> 23 won't fool any hackers for long! However, I've always liked putting a 'double login' in front of important web sites to frustrate simple automated hacking tools.

3 min read

Read more
HAProxy
HAProxy
Client Certificate Authentication with HAProxy Aaron West
Using client certificates for security is a pretty cool idea! You can protect an entire application or even just a specific Uniform Resource Identifier (URI) to only those that provide a valid client certificate.

9 min read

Read more
How-To's
How-To's
How to stop web form spam — use a simple honey pot trap in ModSecurity... Aaron West
How frustrating do you find it when hackers or robots fill in your website forms with "Buy Viagra Now!" type spam?

4 min read

Read more
Security
Stack Clash and Loadbalancer.org Dave Saunders
Background I was reading about the Stack Clash vulnerability last night and it seems that this is something which has been around before, been fixed twice and then another method to trigger the exploit has

2 min read

Read more
Just for Fun
Just for Fun
What is a load balancer? Annu Sroa
If your IT department or IT partner has asked you to sign off budget for a load balancer, you may be wondering what it is. More importantly, you probably want to know why your business

4 min read

Read more
Web Filters / Proxy
Web Filters / Proxy
Transparent vs Explicit proxy — which method should I use? Neil Hosking
Different vendors have widely different opinions on which method should be used to deploy web filters or SWGs (secure web gateways). Historically, vendors struggled to implement authentication in Transparent mode, and maybe they remember some

5 min read

Read more
Security
Security
Not so sweet, Sweet32 vulnerability... Dave Saunders
It's a little bit late but I wanted to write a short entry about how to deal with the Sweet32 vulnerability which was announced towards the end of last year.  I'm going to avoid regurgitating

1 min read

Read more
Security
Security
Blocking Japan with ModSecurity and Maxmind Lite Theo Garvey
Accessibility is the magic word for todays blog. If you’re lucky enough to run a website, then the whole world has access to it by default! Now lets imagine that the website you’re

2 min read

Read more
Security
New PuTTY vulnerability "vuln-ech-overflow" identified - upgrade to 0.66 to protect your environment Dave Saunders
Information It has been identified that versions of PuTTY, PutTTYtel and pterm are vulnerable to a potential exploit in the handling of ECH (erase characters), affecting versions 0.54 to 0.65. Due to the

1 min read

Read more
News
Loadbalancer.org partner with Sucuri for cloud based WAF & DDOS protection Andrew Zak
During the last year at Loadbalancer.org we have spent a lot of time and effort researching WAF (Web Application Firewall) solutions. The integrated WAF in version 8 of the Loadbalancer.org appliance has been

3 min read

Read more
News
News
It's great to be v8 Dave Saunders
As the evolution of of Loadbalancer.org continues, we are proud to present our latest software release, v8.0. New features such as the Web Application Firewall (WAF) spearheading our increased focus on security and

2 min read

Read more
Denial of Service
Blocking invalid range headers using ModSecurity and/or HAProxy (MS15-034 - CVE-2015-1635) Malcolm Turnbull
Microsoft quietly patched a fairly nasty little bug (MS15-034) in IIS last month: A simple HTTP request with an invalid range header field value to either kill IIS, reveal data or remotely execute code! We

4 min read

Read more
Denial of Service
Denial of Service
Simple Denial of Service DOS attack mitigation using HAProxy Malcolm Turnbull
Denial of Service (DOS) attacks can be especially effective against certain types of web application. If an application is highly dynamic or database-intensive it can be remarkably simple to degrade or cripple the functionality of

4 min read

Read more
Security
How do I get an A+ from Qualys SSL + FIPS compliance? Scott McKeown
Chasing that eternally moving target that is an A+ from Qualys’ SSL scanner? Well, you’ve found the correct Blog! I’ve been testing again whilst also looking at the effect of FIPS compatible ciphers.

6 min read

Read more
Security
Shell-shocked by shell shock? I give you "CMD Caret" ^& Andrew Smalley
There seems to have been so much hype over the recent bash bug, shell shock! And there were all the people  in the Microsoft world thinking YES we are so cool we are NOT affected

2 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now