Tag: Load Balancing

Shell-shocked by shell shock? Bash vulnerability explained.

Having recovered from the recent Heartbleed vulnerabilities we now have another headline grabbing vulnerability to keep us all busy. First let me say that our product should be perfectly safe and secure unless you’ve already shared your passwords or forgotten to run “lbsecure”

A10 Networks’ Advanced Core Operating Systems (ACOS)

Discover how A10 Networks ACOS is increasingly the platform of choice for enterprises, service providers, Web giants and government organizations seeking to optimize the performance and security…

Enhanced Microsoft IIS health checks using VBscript

By default, the load balancer uses a TCP connect to the port defined in the Virtual Service to verify the health of the real (backend) servers. For IIS this would typically be port 80. In many cases this kind of health check is adequate but for IIS this if often not the case.

Windows NLB (WNLB) and its disadvantages

Whilst Windows Network Load Balancing (WNLB) has been constantly improved in each version of Windows since it’s introduction in Windows 2000, it still has a fairly extensive list of disadvantages when compared to a hardware or virtual based loadbalancer.

Source IP Addresses, STunnel, Haproxy and Server Logs

When using proxies such as STunnel and HAProxy it’s easy to loose track of the client source IP address. This occurs for example when HAProxy is used in it’s default configuration to load balance a number of back-end web servers. By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client

Heartbleed 2.0? Not exactly but more OpenSSL issues have been found

In the wake of the recent Heartbleed Bug another series of OpenSSL vulnerabilities have been found. Whilst the Heartbleed bug was relatively easy to exploit, the latest batch of bugs are not. However if successfully exploited, there is potential for eavesdropping and traffic manipulation (CVE-2014-0224) as well as running arbitrary code on the vulnerable client or server (CVE-2014-0195)