Tag Archives: layer7

IIS 6.0 appsession cookie and PCI compliance

Synopsis You’re using HAProxy or the ALOHA Load-Balancer to load-balance IIS 6.0 web applications and you want them to pass successfully PCI compliance test. One of the pre-requisite is to force the cookie to be “HttpOnly”, in order to tell … Continue reading

Posted in Aloha, HAProxy, layer7, security | Tagged , , , | Leave a comment

SSL offloading impact on web applications

SSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the Load-Balancer Layer is called “SSL offloading“, because you offload this process from … Continue reading

Posted in Aloha, architecture, HAProxy, ssl | Tagged , , , | 8 Comments

Microsoft Exchange 2013 architectures

Introduction to Microsoft Exchange 2013 There are 2 types of server in Exchange 2013:   * Mailbox server   * Client Access server Definitions from Microsoft Technet website:   * The Client Access server provides authentication, limited redirection, and proxy services, and offers … Continue reading

Posted in Aloha, architecture, exchange, Exchange 2013, layer4, layer7 | Tagged , , , , , , | 5 Comments

Microsoft Exchange 2013 load-balancing with HAProxy

Introduction to Microsoft Exchange server 2013 Note: I’ll introduce exchange from a Load-Balancing point of view. For a detailed information about exchange history and new features, please read the pages linked in the Related links at the bottom of this … Continue reading

Posted in exchange, Exchange 2013 | Tagged , , , , , | 7 Comments

Exchange Outlook Web Access (OWA) Cross-Site Request Forgery (CSRF) protection

Outlook Web Access Outlook Web Access is the webmail embedded in Exchange mail server. It is used by users outside the office to get access to their emails. Unfortunately, some version of OWA are affected by a CSRF attack. This … Continue reading

Posted in Aloha, exchange, layer7, security | Tagged , , , | 2 Comments

high performance WAF platform with Naxsi and HAProxy

Synopsis I’ve already described WAF in a previous article, where I spoke about WAF scalability with apache and modsecurity. One of the main issue with Apache and modsecurity is the performance. To address this issue, an alternative exists: naxsi, a … Continue reading

Posted in Aloha, architecture, HAProxy, security | Tagged , , , , , , , , , , , , | 3 Comments

SSL Client certificate management at application level

HAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced features like TLS extension SNI. … Continue reading

Posted in Aloha, architecture, HAProxy, layer7, security, ssl | Tagged , , , , , , | 22 Comments