The Load balancer I mentioned at dinner last night is "Pound"
I had looked at using the Solaris 11.3 packed load balancer but it looked like
it would be hard to set up and my firewall didn't like
systems playing with packets in one of its modes.
So Pound allows use of the SSLl engines so it is much faster than haproxy on T
hardware. Its faster than haproxy on non-ssl stuff too.
For compliance issues, I think this counts as an "application firewall" .
Its original purpose was to sit in front of Zope / Django systems and protect
them from bad input.
From:
http://www.apsis.ch/pound/ <http://www.apsis.ch/pound/>
What Pound is:
• a reverse-proxy: it passes requests from client browsers to one or
more back-end servers.
• a load balancer: it will distribute the requests from the client
browsers among several back-end servers, while keeping session information.
• an SSL wrapper: Pound will decrypt HTTPS requests from client
browsers and pass them as plain HTTP to the back-end servers.
• an HTTP/HTTPS sanitizer: Pound will verify requests for correctness
and accept only well-formed ones.
• a fail over-server: should a back-end server fail, Pound will take
note of the fact and stop passing requests to it until it recovers.
• a request redirector: requests may be distributed among servers
according to the requested URL.
Pound is a very small program, easily audited for security problems. It can run
as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk
at all (except for reading the certificate file on start, if required) and
should thus pose no security threat to any machine.
Haver fun!
-tim_______________________________________________
msosug mailing list
[email protected]
http://mexico.purplecow.org/m/listinfo/msosug
