Links
Categories
Tags
apache appsrv backend for dynamic content benchmark cache caching competition compression content switching ddos dos ecommerce exchange 2010 exchange 2013 geoip haproxy high-availability http keepalive imap infrastructure ipv6 layer4 layer7 marketing mod_security naxsi nginx performance persistence postfix reverse-proxy rtmp scalability slowloris smtp sni ssl sslid stud stunnel tls transparent proxy url hash varnish virtualization webperfTwitter Updates
- #apache cdorked Backdoor detection and prevention with #haproxy : blog.exceliance.fr/2013/05/08/apa… 1 week ago
-
Recent Posts
Category Archives: security
Apache cdorked backdoor detection
Apache Cdorked.A backdoor This is a pretty recent attack, using Cpanel to change the Apache httpd binary by a compromised one which embeds a backdoor. A few articles with more details are available here: * http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ * http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html It seems … Continue reading
wordpress CMS brute force protection with HAProxy
Brute force attacks Brute force is a pretty simple type of attacks: it consists of massively send requests to a URL with different parameter each time. The main purpose is to try to find the right parameter combination. Usually, brute … Continue reading
Microsoft Remote Desktop Services (RDS) Load-Balancing and protection
RDS, RDP, TSE, remoteapp Whatever you call it, it’s the remote desktop protocol from Microsoft, which has been renamed during the product life. Basically, it allows users to get connected on remote server and run an application or a full … Continue reading
Posted in Aloha, architecture, security, Virtual Desktop Infrastructure
Tagged dos, infrastructure, rds, vdi
4 Comments
IIS 6.0 appsession cookie and PCI compliance
Synopsis You’re using HAProxy or the ALOHA Load-Balancer to load-balance IIS 6.0 web applications and you want them to pass successfully PCI compliance test. One of the pre-requisite is to force the cookie to be “HttpOnly”, in order to tell … Continue reading
Posted in Aloha, HAProxy, layer7, security
Tagged cookie, iis, layer7, reverse-proxy
Leave a comment
Mitigating the SSL Beast attack using the ALOHA Load-Balancer / HAProxy
The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with the ALOHA or HAProxy. First of all, to mitigate this attack, you must use the Load-Balancer as the … Continue reading
Posted in Aloha, exchange 2010, Exchange 2013, HAProxy, security, ssl
Tagged exchange 2010, exchange 2013, haproxy, ssl
Leave a comment
