Latest
When is an ACL not an ACL? When it's an HAProxy ACL...
If you're from a network background or are of a certain age (or both!), you will have come across Access Control Lists or ACLs.
Insights from the load balancer experts
HAProxy
Using Grafana Loki with HAProxy for log aggregation
In today's security-conscious world, logs are crucial for gaining insight into your systems...
How-tos
What is Stunnel and how do you configure it?
Here is another example of a more “exotic” Stunnel configuration. Most people, and rightly so, will ask “but why?”. Well, because we can!..
Automation
Solving the Layer 4 ARP problem on Linux with Ansible
The ARP problem for Layer 4 DR (Direct Routing) mode is something that needs to be solved for each of your Real Servers in the virtual service...
Events
IP EXPO Europe 2016
We engaged in some great conversations with people over the two days. This is why we love IP EXPO - talking through the problems customers are experiencing today...
Security
Blocking Japan with ModSecurity and Maxmind Lite
The Web Application Firewall is based on ModSecurity which is an open source WAF for Apache, IIS, and Nginx for protecting against a many variety of attacks and allows for HTTP traffic monitoring and logging...
Open source
Transparent HAProxy in Azure using TProxy
HAProxy is an excellent choice if you need layer 7 functionality, but its a full reverse-proxy, so the application thinks that all of the traffic is coming from HAProxys IP - rather than the clients...
Healthcare
I didn't realise NTP was so important for medical imaging systems like PACS and VNA
We can write custom health checks specific to your environment checking availability of servers as well as other backend systems such as REST servers, databases and storage...
High Availability
Disaster recovery is more important than HTTPS SNI support...
SNI is an extension to the TLS protocol which enables the client to broadcast its hostname when it tries to connect to your server. This allows you to use multiple SSL certificates on a single IP...
Events
Thank you to all who visited us at IP EXPO Manchester 2016
This was Loadbalancer.org's first time exhibiting at the Manchester version of IP EXPO. After many years attending the London event, we can safely confirm that the Northerners are a much more chatty bunch...
AWS / Azure / GCP
Integrating your load balancer with auto scaling groups in EC2 (Amazon AWS)
The Loadbalancer.org for AWS appliance will monitor auto scaling groups, update configs based on auto scaling events and add/remove servers...
Events
Exhibiting at Cloud Expo Europe 2016
We met lots of people and gave away a lot of lanyards...in fact the show organizers ran out of lanyards, so Loadbalancer.org were happy to fill the void...
Open source
How to stop TPROXY when used with HAProxy breaking clients in the real server subnet
Once HAProxy is running transparently, it will allow the real server to see the client IP so the real server will reply directly back to the client bypassing the load balancer...
Application Management
Load balancing Microsoft Remote Desktop Services in AWS
Using the flexibility of both AWS and our Enterprise AWS appliance, it's possible to configure a secure and robust load balanced Remote Desktop Services deployment to suit a range of requirements...
How-tos
Supporting two default gateways on your load balancer with PBR (Policy Based Routing)
Policy Based Routing is a clever way to give us more control over which routing path connections will take. It allows us to specify custom routing tables and then add rules offering fine grained control over which routing table a connection will use...
Events
Loadbalancer.org buys new head office building in Portsmouth
We thought it was about time we bought our very own office building!..
Security
New PuTTY vulnerability "vuln-ech-overflow" identified - upgrade to 0.66 to protect your environment
Due to the way that PuTTY uses a signed integer variable to store the number of characters to be erased and there was inadequate checking for overflow, there was the potential for an attacker to corrupt important data in certain circumstances...
Events
IP EXPO Europe 2015 - Thank you to everyone who visited our stand
Thank you to everyone who visited our stand at IP Expo 2015...
Security
Blocking invalid range headers using ModSecurity and/or HAProxy (MS15-034 - CVE-2015-1635)
Anomaly score based blocking is more flexible and effective than simple first error blocking...
Open source
Transparent Load balancing with HAProxy on Amazon EC2
One of our favorite methods of load balancing is using Layer 4 DR because it is transparent and fast. Unfortunately, because of Amazon's infrastructure, this is not possible in EC2 so we need to use another method which means we are left with layer 4 NAT and transparent HAproxy using TProxy...
Security
Simple Denial of Service DOS attack mitigation using HAProxy
Denial of Service (DOS) attacks can be used to degrade or cripple the functionality of a site...
Security
How do I get an A+ from Qualys SSL, but keep FIPS compliance as well?
Is getting an A+ rating with the Qualys scanner starting to feel a bit like chasing a mythical unicorn? Every time you get close to catching and keeping the beast — it run's away and they change the rules again!..
Security
Shell-shocked by shell shock? I give you "CMD Caret" ^&
There seems to have been so much hype over the recent bash bug, shell shock! And there were all the people in the Microsoft world thinking YES we are so cool we are NOT affected by it!..
Loadbalancer.org product roadmap – new features, release notes and more (as always, a work in progress)
We've had a chat about this internally and thought that it would be nice to have a permanent post on the blog that we change on the fly as and when customer requirements change...
Microsoft
How to enhance Microsoft IIS health checks using VBscript
By default, the load balancer uses a TCP connect to the port defined in the Virtual Service to verify the health of each real (backend) server. For IIS, this would typically be port 80...
Microsoft
Windows NLB (WNLB) and its disadvantages
WNLB causes switch flooding and does not support multiple scheduling algorithms for distributing client load...
Open source
Stunnel X-Forward-For (XFF) with HAProxy and the PROXY Protocol
By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client...
Security
Heartbleed 2.0? Not exactly but more OpenSSL issues have been found
Whilst the Heartbleed bug was relatively easy to exploit, the latest batch of bugs are not...