Alpha Video Training
Results 1 to 14 of 14

Thread: load balancer - logs

  1. #1
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default load balancer - logs

    For those of you using a load balancer, do your Alpha logs show the original IP address of the request or the IP address of the load balancer (or the Alpha node)? And if so, do you have a way around this, so you can track the original IP address of the client request?

    Also, anyone working with MS Windows Network Load Balancer (NLB)?
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  2. #2
    "Certified" Alphaholic mikeallenbrown's Avatar
    Real Name
    Mike Brown
    Join Date
    Nov 2009
    Location
    United States
    Posts
    1,896

    Default Re: load balancer - logs

    IP Address of the load balancer.
    Mike Brown - Contact Me
    Programmatic Technologies, LLC
    Programmatic-Technologies.com
    Independent Developer & Consultant

  3. #3
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: load balancer - logs

    Some of the LBs have a feature called "transparency" which carries through the original client IP. Alpha does not need much in the way of a balancer, most of the LB software and hardware that I have looked at does more than needed.

    I am looking at Alpha IIS or even standard Alpha using IIS Web Farms to redirect to Alpha Instances.
    Last edited by Steve Wood; 02-18-2018 at 09:53 PM.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  4. #4
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: load balancer - logs

    I am also testing load balancer but not in IIS.

    I have configuration where I have kind of reverse proxy then behind it is a html server and this server also forwards traffic as a reverse proxy to AA server instances. AA server instances are bind to 127.0.0.1 and different ports. So the first reverse proxy hides my real IP from evil world and the second reverse proxy(html server) forwards traffic to AA when needed (.a5w pages and ajax). Now I try to put load balander (node) between these two reverse proxy. At least this is current plan. At the moment Alphas built in access logs has always value 127.0.0.1

    But in Alpha server using xbasic I can get the real IP from client and also the IP of first reverse proxy(has many different values so not always same IP) using code:

    dim IPs as C = Context.Request.GetHeader("Here header name")

    Kenneth
    Last edited by kkfin; 02-19-2018 at 01:37 PM.

  5. #5
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: load balancer - logs

    Hey Key, thanks - I was about to go look for how to grab the IP from the header. That is one of the ways discussed in load balancer docs. If I grabbed the IP from the header, I can generate my own internal logs and still use the Alpha logs as needed (the Access log is good for determing overall load over a give time period.) Having the IP in a real time log is important. I am also working on real time IP blocking - blocking by IP (3rd party tool) if it generates X number of 404 or 500 errors in a given time period. Inspired by one client in particular who gets SQL-injection hits all of the time bringing the Alpha site to a halt.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  6. #6
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: load balancer - logs

    Well, so far there is no IP address in my HTTP header that is passed through the load balancer. Not all load balancers have this protocol.

    It would be:

    dim IPs as C = Context.Request.GetHeader("X-Forwarded-For")

    And you can view all headers with a simple:

    ?request.raw
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  7. #7
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: load balancer - logs

    I think it is very difficult to do anything for sql inject attacks. Firewall with this feature(prevent) or url rewriting. Good point is also not to use sql if not absolutely necessary. It is not a must in most cases.

    I think here is actually a DDOS attack ongoing. If current situation is that servers IP points to domain name , check here . So if you see the real IP then only solution is to get a CDN service maybe CloudFlare and replace current name servers with CloudFlare name servers and GET NEW IP (this is must!) and THEN modify DNS A record (not earlier). Now the attacker can not directly use IP address anymore (attacker do not find it) and CloudFlare protects domain name from attacks.

    I have configuration that if I use my Ip address as a url I get empty web page just one world in it. I think this is also a must configuration today if your try to prevent DDOS attacks

  8. #8
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: load balancer - logs

    Hacking#1: The way I plan to address bad bot hits on my site is to use the optional https error pages that can be configured in the Alpha server. For example, if the client request triggers a 500 or 404 error, I can send the 'user' to my own A5W page and run some xbasic on that request to block the IP after X times. SQL injection often will produce either of these https errors. I use a 3rd party IP blocker that will allow me to immediately block an IP sent from an xbasic script. Hacking threat is getting bad enough that I have to do this.

    Hacking#2: For a particular client, we are contemplating taking the nuclear option to stop hacking and restrict access to the website. The concept is to use an IP whitelist rather than a blacklist. ALL IPs will be initially blocked and users have to validate who they are before their IP is added to the whitelist. This is only viable because they have a closed set of customers and no access from the general public.

    Load Balancer#1: Back on this subject. I have attached two website load charts. They show user requests over a couple days. The first chart is load using ONE instance of Alpha Anywhere. The second chart is after I started using the load balancer and shows just one of the four Alpha instances. Note how dense the first chart is compared to the second chart; this is because the same load is spread over four Alpha instances. The black arrow on the first chart is when the Alpha server went unresponsive (users could not login or perform any work) and we restarted the server.

    Load Balancer#2: One of the drawbacks of using a load balancer is you lose the original client IP; it is replaced with the IP address of the load balancer. I confirmed this is true for the arrangement at Zebrahost as well. Personally, I cannot live with that -- I need to know the client IP address! So I am starting to work with a software-based load balancer that will let me grab the original client IP address from the header (as Ken talked about above). If it works I am going to package it up as an Alpha utility for others to use.
    Attached Images Attached Images
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  9. #9
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: load balancer - logs

    Hacking and auto scanning is made against IP address.

    So if IP it does not point to a domain name it does not affect. You do not have to protect against it. I use this configuration. There is one single word index.html running on html server(second proxy) that can handle thousands hits per seconds. Because IP does not point anywhere hacker can not start examine my site and go further because there actually is no site in my IP address. Dead end.

    So user/hacker have to use domain name(and know it) to access site. In site I always use landing page. So just css and html in Index page. This is not served from AA and because of CDN it is cached and loads as fast from Europe or USA. This is for performance. But I also have to protect my domain name and it is protected automatically by the first proxy. Any attack and one get challenge page.

    I also use service provider that includes external firewall so whitelisting is easy to done and do not spend server resources. So no need for example RDP Guard.

    So I think it is better to use tools available because it is not possible for one developer to handle these attack/hacking tasks.

    I use also" url based load balancing" so for example site.com/ar/... and site.com/rr/.. are serverd by different instance.

  10. #10
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: load balancer - logs

    using an empty index.html default page coupled with an obscure-named landing page is a good method because for certain the hacker will travel all of the hyperlinks starting with the default page. But for a commercial website, we will have a valid sitemap.XML and robots.txt giving away our secret and telling hacking bots what pages to hit. If our load balancing does not fix our issues, we will also use url-based balancing, unique url for specific customers.

    Good conversation. One other point just from the 'independent developer' angle. The fact that a site gets hacked to death, even though it is not our fault, reflects on our project. My client enjoys blaming Alpha, by which they mean me, for their troubles. For the site I have been talking about I long suspected they were maxing out their one Alpha instance but found it hard to prove. Seeing the results of moving it to four Alpha instances definitely proved it.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  11. #11
    "Certified" Alphaholic DaveM's Avatar
    Real Name
    Dave Mason
    Join Date
    Jul 2000
    Location
    Hudson, FL
    Posts
    6,027

    Default Re: load balancer - logs

    Some reasons above are why I would not want to have an inhouse server. MY websites and my clients came under ddos attacks early yesterday morning. My hosting company caught it right away and fixed it. Still the sites were not responding rapidly while that was going on. I get sql injection and php attacks several times a day+ several other kinds of attacks. Fortunately I have safeguards in place. Would not help for alpha since I am 100% on Linux.
    Dave Mason
    dave@aldausa.com
    Skype is dave.mason46

  12. #12
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: load balancer - logs

    Quote Originally Posted by Steve Wood View Post
    using an empty index.html default page coupled with an obscure-named landing page is a good method because for certain the hacker will travel all of the hyperlinks starting with the default page. But for a commercial website, we will have a valid sitemap.XML and robots.txt giving away our secret and telling hacking bots what pages to hit. If our load balancing does not fix our issues, we will also use url-based balancing, unique url for specific customers.
    First one more time IP address and the actual website are two different things in my configuration. If you use url: examplesite.com you get the actual site but if you use url: 999.9.9.9 (= servers real IP) you get another but empty site. So hacker has to know url: examplesite.com to access the real site, but IP does not lead them there. If this concept is unclear when protecting site then not much can be done. Url: 999.9.9.9 (=your servers real IP address) and Url: examplesite.com should never show same site.

    So examplesite.com has professional look and it has hyperlinks, pictures, text and login option and Bootstrap4 css. Also site has valid sitemap.xml and robots.txt. It has ssl and it has CDN. Because index page is static and because site has CDN index page loads in milliseconds (alone in USA it is cached by 28 data-centers). All this make it 100% SEO friendly and it has all features that makes Google rank it high. Most important are SSL and speed. I think to all web users the most important thing is that first page will load superfast.

    Dave: With Alpha shared hostingis is out of question in practise but I also use Node and it is a great advantage today for example to get load balancing for free ( I think Alpha Cloud is shared hosting but then you can forget Node). And I use CloudFlare to protect my domains. Protecting DDOS attack is a feature so nobody has to do anything. Protection is automatic.
    Last edited by kkfin; 02-21-2018 at 04:11 AM.

  13. #13
    "Certified" Alphaholic mikeallenbrown's Avatar
    Real Name
    Mike Brown
    Join Date
    Nov 2009
    Location
    United States
    Posts
    1,896

    Default Re: load balancer - logs

    Because of your thread, Steve, I now can log my user's IP addresses. Thanks!

    I discovered that my hosting service, by default, includes the user's IP address in X-Forwarded-For.
    Mike Brown - Contact Me
    Programmatic Technologies, LLC
    Programmatic-Technologies.com
    Independent Developer & Consultant

  14. #14
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: load balancer - logs

    If anyone is using a load balancer of any type would you please PM or email me at steve@alphatogo.com.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

Similar Threads

  1. Load Balancer help needed
    By Steve Workings in forum Mobile & Browser Applications
    Replies: 0
    Last Post: 08-23-2016, 12:29 PM
  2. How can I capture the server ip when using a load balancer?
    By gregincolumbus in forum Mobile & Browser Applications
    Replies: 3
    Last Post: 02-22-2016, 04:08 PM
  3. How to get user’s IP address when using a load balancer?
    By Gatorfan in forum Mobile & Browser Applications
    Replies: 2
    Last Post: 04-06-2015, 10:58 AM
  4. Tracking user IP through a load balancer
    By mikeallenbrown in forum Mobile & Browser Applications
    Replies: 9
    Last Post: 03-28-2014, 11:07 AM
  5. Reports, Report Server, and Load Balancer
    By Steve Workings in forum Application Server Version 11 - Web/Browser Applications
    Replies: 3
    Last Post: 12-01-2012, 09:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •