What is Stunnel and how do you configure it?
Here is another example of a more “exotic” Stunnel configuration. Most people, and rightly so, will ask “but why?”. Well, because we can!
Here is another example of a more “exotic” Stunnel configuration. Most people, and rightly so, will ask “but why?”. Well, because we can!
Customers with manually configured, custom client authentication deployments (rare) or using “re-encrypt to backend” to communicate with untrusted third-party servers (very rare) may be impacted.
A local privilege escalation vulnerability was found on polkit's pkexec utility. It is a critical vulnerability because it gives full root privileges to any local user or attacker.
All WAF vendors and services using ModSecurity are affected by this vulnerability (unless they have the vulnerable piece of code disabled, by chance).
Network Security devices such as firewalls, WAF, SWG, IPS etc. are often deployed inline with bridge mode., which has two major problems.
A WAF isn't a magic bullet, but, as part of a defense in depth strategy, a properly configured WAF should catch and stop common, everyday attacks.
The Apache Log4j utility is commonly used for logging requests by millions of Java applications to log error messages. However, recently the critical vulnerability CVE-2021-44228 was discovered in the Apache Log4j library.
On the 4th October 2021, the social media giant Facebook experienced a global outage, affecting not only Facebook, but also Instagram and WhatsApp.
In this example, I’m going to add a new transformation function to ModSecurity to calculate the Scrabble score of a variable. This will allow us to block HTTP requests containing query string parameters with a Scrabble score above a chosen threshold.
In early June 2021, I identified a request body bypass vulnerability in the OWASP ModSecurity Core Rule Set (CRS). Loadbalancer.org appliances themselves are unaffected.
In a world where tech is constantly evolving, it’s impossible to predict all future issues/glitches that might arise.
In the world of web application security, it can be invaluable to consider a user's behaviour across the entire duration of their web app session.
Let's look at the best way to use the WAF with as little pain as possible!
We’re often asked how to configure our load balancer to protect both web servers and users.
Dealing with bugs and vulnerabilities is quite common in the tech space. Aaron West, the head of Solutions at Loadbalancer.org shares some insights about our approach of tackling such issues, and more.
Find out why Werner Vogels' comments ring especially true for healthcare data.
A critical vulnerability in HAProxy’s HTTP/2 HPACK decoder in versions 1.8 and above has been discovered. This does not impact the majority of Loadbalancer.org customers.
Imagine you’re running a business and you often see malicious-looking web traffic from the other side of the globe hitting your website.
Four closely related vulnerabilities regarding TCP handling in the Linux and FreeBSD kernels were publicly disclosed on 17 June 2019.
As you probably know, the notorious Chinese tech company was blacklisted OK, so Trump didn't actually say that about Huawei. But, given his recent declaration, it wouldn't surprise me if he did.
I’ve noticed a lot more of our customers are asking to use their Active Directory login details with the load balancer appliance. And it can get a bit fiddly, so I wanted to explain the process in more detail.
What options do we have to ensure that our FTP connections are secure? Enter FTPS (file transfer protocol SSL), with a choice of two modes: FTPS implicit and FTPS explicit.
Our helpdesk often encounters confusion about Web Application Firewalls, or WAFs - what they are, how to use them, and what issues they can potentially cause.
An incorrect frame length check could result in a read-past-bound which can cause a crash.
The web-based login to your application is a juicy target for hackers. And once they get past the login, they can cause you some serious pain.
An engineer at a business using Darktrace, confessed that many IT staff ignored the pricey security software because it sent so many false alerts.