Category Archives: security

HAProxy and sslv3 poodle vulnerability

SSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol: SSLv3 (15 years old protocol). An attacker can force a browser to … Continue reading

Posted in HAProxy, security, ssl | Tagged , , , , | 7 Comments

Mitigating the shellshock vulnerability with HAProxy

Bash Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) Last week, a vulnerability in bash has been discovered. It is possible, under some circumstances, to inject code into a bash shell script. It could be very dangerous if bash is used to process … Continue reading

Posted in HAProxy, security | Tagged | Leave a comment

How to protect application cookies while offloading SSL

SSL offloading SSL offloading or acceleration is often seen as a huge benefit for applications. People usually forget that it may have impacts on the application itself. Some times ago, I wrote a blog article which lists these impacts and … Continue reading

Posted in HAProxy, security, ssl | 1 Comment

Apache cdorked backdoor detection

Apache Cdorked.A backdoor This is a pretty recent attack, using Cpanel to change the Apache httpd binary by a compromised one which embeds a backdoor. A few articles with more details are available here:   * http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/   * http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html It seems … Continue reading

Posted in security | Tagged , , | Leave a comment

wordpress CMS brute force protection with HAProxy

Brute force attacks Brute force is a pretty simple type of attacks: it consists of massively send requests to a URL with different parameter each time. The main purpose is to try to find the right parameter combination. Usually, brute … Continue reading

Posted in HAProxy, security | Tagged , , , , | 4 Comments

Microsoft Remote Desktop Services (RDS) Load-Balancing and protection

RDS, RDP, TSE, remoteapp Whatever you call it, it’s the remote desktop protocol from Microsoft, which has been renamed during the product life. Basically, it allows users to get connected on remote server and run an application or a full … Continue reading

Posted in Aloha, architecture, security, Virtual Desktop Infrastructure | Tagged , , , | 4 Comments

IIS 6.0 appsession cookie and PCI compliance

Synopsis You’re using HAProxy or the ALOHA Load-Balancer to load-balance IIS 6.0 web applications and you want them to pass successfully PCI compliance test. One of the pre-requisite is to force the cookie to be “HttpOnly”, in order to tell … Continue reading

Posted in Aloha, HAProxy, layer7, security | Tagged , , , | Leave a comment