Category Archives: security

HAProxy and sslv3 poodle vulnerability

SSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol: SSLv3 (15 years old protocol). An attacker can force a browser to … Continue reading

Posted in HAProxy, security, ssl | Tagged , , , , | 7 Comments

Mitigating the shellshock vulnerability with HAProxy

Bash Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) Last week, a vulnerability in bash has been discovered. It is possible, under some circumstances, to inject code into a bash shell script. It could be very dangerous if bash is used to process … Continue reading

Posted in HAProxy, security | Tagged | Leave a comment

How to protect application cookies while offloading SSL

SSL offloading SSL offloading or acceleration is often seen as a huge benefit for applications. People usually forget that it may have impacts on the application itself. Some times ago, I wrote a blog article which lists these impacts and … Continue reading

Posted in HAProxy, security, ssl | 1 Comment

Apache cdorked backdoor detection

Apache Cdorked.A backdoor This is a pretty recent attack, using Cpanel to change the Apache httpd binary by a compromised one which embeds a backdoor. A few articles with more details are available here:   * http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/   * http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html It seems … Continue reading

Posted in security | Tagged , , | Leave a comment

wordpress CMS brute force protection with HAProxy

Brute force attacks Brute force is a pretty simple type of attacks: it consists of massively send requests to a URL with different parameter each time. The main purpose is to try to find the right parameter combination. Usually, brute … Continue reading

Posted in HAProxy, security | Tagged , , , , | 4 Comments