Category: Loadbalancer.org

No its not a bloody free load balancer and never will be.

Last week we exhibited at Cloud Expo Europe, promoting the release of the new cloud products:  ENTERPRISE AWS + ENTERPRISE AZURE . We love trade shows, it provides a platform to meet existing customers as well as potential new customers. Several people visiting our stand mentioned the recent announcement that  Kemp Technologies have released a free load balancer . Understandably they were interested to hear if we would be responding in kind, however in his usual politically correct mood our boss responded with: “ No, its not bloody free and never will be”, Malcolm Turnbull – CEO Loadbalancer.org As usual we had a good chat with the guys on the Kemp stand, nice people, with a good product – but apparently they said they don’t compete with us. We really enjoyed meeting some existing customers and potential new ones.

Simple Denial of Service DOS attack mitigation using HAProxy

Denial of Service (DOS) attacks can be especially effective against certain types of web application. If the application is highly dynamic or database intensive it can be remarkably simple to degrade or cripple the functionality of a site. This blog article describes some simple methods to mitigate single source IP DOS attacks using HAProxy. I’ve described how you would implement the techniques using the Loadbalancer.org appliance but they are easily transferable to any HAProxy based cluster

Black Friday black out protection with HAProxy

The media industry had lots of fun at the expense of e-commerce outlets on Black Friday  mercilessly reporting on site crashes and outages  . My wife yelled that I needed to ‘fix the Internet’ when Argos.co.uk would not respond immediately to her demands on Friday evening.

STunnel Cipher List and Qualys SSL Labs Testing

In the wake of all the recent vulnerabilities we have been working hard to make sure that we give the correct information to our customers. So we decided to setup our latest version of STunnel on our support server (https://support.loadbalancer.org) and test our Cipher Lists with the Qualys SSL Labs site (https://www.ssllabs.com/ssltest)

XML Converter for Version 6.21 loadbalancer.org appliance

I was tasked last week with creating a long awaited appliance XML updater for Version 6.21 of our appliance which until now has been a matter of offering an upgrade service free of charge to anyone running on Version 6.21 of the loadbalancer.org appliance wishing to upgrade to our latest Version 7.6.2 appliance. We have been telling you our highly valued users of our loadbalancer.org appliance that this could take some time to complete, this was to allow support time to do the conversions.

Another year, another IP Expo show

We’re dusting ourselves off after exhibiting at IPExpo 2014. A huge thank you to everyone who visited our stand during the two day event. There were some productive discussions, light-hearted fun, and we even talked about load balancing!!! We love the opportunity to get some face-to-face time and felt the show was so good we’ve already booked up for IPExpo 2015

The Poodle SSLv3

So here we go again! SSL is broken once more and this one now leaves us with no SSL Ciphers that we can reliably use in a live production site so I guess this now forces us to use the TLS suite of ciphers which in the past have also had problems. Lets put it this way – if you use any form of SSL ciphers your vulnerable! Qualys have again been quick to update the Qualys SSL Labs Test tool that they provide which is free to use. This will test your SSL Certificate and all the currently usable Ciphers for your site

Shell-shocked by shell shock? I give you “CMD Caret” ^&

There seems to have been so much hype over the recent bash bug, shell shock! And there were all the people  in the Microsoft world thinking YES we are so cool we are NOT affected by it! Yea right I knew it, there had to be something much the same as the bash bug available in CMD.exe It affects the Windows CMD.exe Shell and I will provide a working example of how it can be exploited. It does show the whole hype of the bash bug bearing in mind you need access to the machines shell in the first place