AMQP Cleartext Authentication
Description The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear. Solution Disable cleartext authentication mechanisms in the AMQP configuration in ubuntu or centos machines disable unencrypted access in the configuration file. >> unencrypted" here refers to client connections. https://www.rabbitmq.com/ssl.html Steps of disabling the AMQP: https://liquidwarelabs.zendesk.com/hc/en-us/articles/360019562832-Disable-cleartext-authentication-option-in-RabbitMQ The above link used for windows vulnerability. Please help in getting resolution for Centos or Ubuntu configuration file.11KViews0likes0CommentsSSL Certificate with Wrong Hostname
SSL Certificate with Wrong Hostname The SSL certificate for this service is for a different host. The commonName (CN) of the SSL certificate presented on this service is for a different machine. Purchase or generate a proper certificate for this service solution provided on other sites : "Purchase or generate a proper certificate for this service." What is the proper solution to go away for this vulnerability from linux machines and how to implement the solution ?6.5KViews1like1CommentUnusual requests initiated by /TSPD directory on f5 firewall
I developed a website for a client who deployed it behind an F5 firewall. I noticed that when accessing the site for the fist time the home page is not served. Instead an blank html page with some java script files located in the /TSPD directory. The javascript initiates requests to common internet sites like dropbox, reddit, twitter. After that it redirects to the original homepage. So for the visitor it is almost transparent but when opening developer tools I can see around 20 requests before loading the home page. I searched on the net and found that the /TSPD directory is related to anti-bot protection. Is this normal behavior to initiate such requests? It looks very suspicious. Can the firewall be misconfigured or compromised ? examples of requests: Request URL:https://twitter.com/login?redirect_after_login=%2Ffavicon.ico Request URL:https://www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif Request URL:https://store.steampowered.com/login/?redir=favicon.ico3.9KViews0likes2CommentsBypass certificate check
Is there any way that checking the certificate details could be bypassed in specific cases (e.g. a particular client/IP Address, particular URLs/domains) when using SWG as a Forward Proxy? We are trying to set up a Red Hat Satellite server to download repositories from Red Hat and make them available internally. The documentation states that "Use of an SSL interception proxy interferes with this communication. These hosts must be whitelisted on the proxy." Apparently, the reason an SSL Interception proxy interferes with it is that the server certificates aren't signed with publicly trusted certs. The application trusts these certificates, but obviously the proxy doesn't. We do have an SSL Intercept bypass list in place, but as I understand it, the proxy will still check that the certificate is valid (as this can be checked without decoding the traffic). Is there any way that we can disable or bypass this check for this traffic?Solved3.5KViews0likes2CommentsWhat is a wildcard virtual server
Hello, I'm looking to do a load balancing with sandwich firewalls. I read the white papers https://www.f5.com/services/resources/white-papers/load-balancing-101-firewall-sandwiches. Several questions are put in my head as I read it. How can a router perform asymmetric routing. So the answer is in the document a "wildcard" virtual server. So my question is what is a "wildcard" virtual server and how to put one in place? Thank you for your answers2.2KViews0likes2CommentsSSL Anonymous Cipher Suites Supported
The remote host supports the use of SSL/TLS ciphers that offer no authentication at all. Solution: Reconfigure the affected application, if possible to avoid the use of anonymous ciphers. openssl ciphers -v ssl-disable-anon-ciphers What is the proper solution for the affected load balancer Haproxy linux server ?2.1KViews0likes3CommentsRedis Server Unprotected by Password Authentication
Solution : Enable the 'requirepass' directive in the redis.conf configuration file.check if Redis is working on the servers.$ redis-cli ping PONG #requirepass "xxxxxxxx"-- change the password of the user and uncomment it. /etc/init.d/redis-server status /etc/init.d/redis-server stop /etc/init.d/redis-server start The above solution provided are for single server What is the solution for the clusters of Linux and there are multiple configuration files given below? config/redis/redis_121.conf config/redis/redis_122.conf config/redis/redis_123.conf config/redis/redis_124.conf config/redis/redis_125.conf1.9KViews0likes0CommentsSecurity Features Comparison of F5 vs AWS and Azure Load Balancers + WAF
Hi Experts I want to compile a list of security features of F5 and how these compete against AWS "ALB/ELB + WAF" and Azure "Load Balancer + WAF" capabilities ? Every solution have its own pros and cons in terms of availability, scalability, cost and most importantly the security features offered. But for this discussion, my main point is security advantage ONLY. Any advise will be highly appreciated. Thanks Porter1.9KViews0likes6CommentsF5 VPN Broken on Ubuntu 18.04 LTS
Heads up, the Ubuntu package for the F5 VPN is broken under the upcoming Ubuntu 18.04 LTS. The dependencies are clearly wrong since there has been an ABI change between Qt5.5 (as advertised) and Qt5.9 (installed) - The UI doesn't even show up. Listed dependencies: libqt5core5a (>= 5.5), libqt5network5 (>= 5.5), libqt5widgets5 (>= 5.5), libqt5gui5 (>= 5.5), libqt5dbus5 (>= 5.5), libqt5sql5 (>= 5.5), libqt5webkit5 (>= 5.5), libqt5opengl5 (>= 5.5), libqt5printsupport5 (>= 5.5) Since the package will likely be used on different debian-compatible architectures, it would be advisable to statically compile the library and remove the dependecy alltogether instead of relying on people having an ABI-compatible version that you compiled with. A timely update is appreciated, thanks.1.6KViews1like10CommentsForward explicit SSL proxy server
Dear all, Trying to figure out why HTTPS traffic is not passing the forward proxy. I followed the following article, configured the HTTP and SSL profiles and the two virtual servers accepting HTTP and HTTPS traffic. The only thing that we dont use is the APM part. Result is that when using the explicit IP address configured in HTTP virtual server and the local browser client is that it works just fine when accessing HTTP websites. When I try to access a website with HTTPS using the explicit IP address configured in my browser I can see an HTTP CONNECT and the virtual server replies with service unavailable HTTP 503. This happens with all HTTPS sites. If I change the proxy setting in the browser the HTTPS (port 443) to request is simply being reset. https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-12-0-0/7.html Does anyone has experience in deploying Big IP LTM as a explicit forward proxy using HTTP and clientSSL profiles only without the use of Irules?1.5KViews0likes20Comments