LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 10-31-2008, 11:22 AM   #1
HelpMe2877
Member
 
Registered: May 2008
Location: USA
Distribution: CentOS, RHEL, Windows
Posts: 54

Rep: Reputation: 15
Replacing a WAF (Web Application Firewall)


hello,

I work for a company that manages websites and I currently have a WAF (Web Application Firewall) in place in the Data Center. I am looking for a way to create a "backup or failover" WAF so that when the main one goes down, this second WAF will pick up (at least until I can get the main back up). Our Web Servers are running Windows server 2008 but i'm looking to put this backup onto a CentOS 5.2 system. I've already tried using a load balancer as the backup but couldn't establish the connections well enough. Does anybody have any good ideas on a software solution that is open source and runs on linux?

Thanks in advance for any ideas!
 
Old 10-31-2008, 12:19 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,520

Rep: Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944
Quote:
Originally Posted by HelpMe2877 View Post
hello,

I work for a company that manages websites and I currently have a WAF (Web Application Firewall) in place in the Data Center. I am looking for a way to create a "backup or failover" WAF so that when the main one goes down, this second WAF will pick up (at least until I can get the main back up). Our Web Servers are running Windows server 2008 but i'm looking to put this backup onto a CentOS 5.2 system. I've already tried using a load balancer as the backup but couldn't establish the connections well enough. Does anybody have any good ideas on a software solution that is open source and runs on linux?

Thanks in advance for any ideas!
Check out the heartbeat capabilities of Linux. I know they come with OpenSuSE, and probably with most other 'server grade' Linux distros. These pages may help you:

http://www.linuxjournal.com/article/5862
http://www.linux-ha.org/

If you've already got a working Linux replacement for the Windows boxes, you should be able to use HA to get something going.

One thing I did (very low-tech, but useful), was to put a second NIC into each of my two boxes. Static IP's, but connected to each other via a crossover ethernet cable. Since they could only see each other, I wrote a small, simple script to ping the main box from the backup. Since I removed the routers/swtiches/everything else from the middle, I knew if the ping failed, the main box had problems. The backup box would then change its IP address to that of the main box, and bring up the services. Not foolproof, I know, but it worked for what I needed, and was quick, cheap, and easy to implement.
 
Old 10-31-2008, 01:34 PM   #3
HelpMe2877
Member
 
Registered: May 2008
Location: USA
Distribution: CentOS, RHEL, Windows
Posts: 54

Original Poster
Rep: Reputation: 15
I'll have to test that out and see what happens. Thanks for the quick reply.
 
Old 10-31-2008, 01:56 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,520

Rep: Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944
Quote:
Originally Posted by HelpMe2877 View Post
I'll have to test that out and see what happens. Thanks for the quick reply.
No problem, hope it helps.
 
Old 11-06-2008, 08:26 AM   #5
HelpMe2877
Member
 
Registered: May 2008
Location: USA
Distribution: CentOS, RHEL, Windows
Posts: 54

Original Poster
Rep: Reputation: 15
tbone,

thanks for the idea but couldn't get it passed by the big guys. Didn't want to mess with the existing WAF setup so i actually was able to find a program called Profense by Armorlogic. It's a web application firewall that can be downloaded from www.armorlogic.com and they have a Professional version with lots of features (that you have to pay for) or else they have a free Base version which was slimmed down a little bit, but actually all that we needed it for. Very easy to configure and figure out. You load the ISO onto a blank system, set the ip, netmask, and gateway and do everything else over a web interface. Check it out some time. thanks again
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Breach Security's ModSecurity Open Source Web Application Firewall LXer Syndicated Linux News 0 12-06-2007 08:20 PM
Web application: cocoon jsp/servlet tomcat all in web application adilturbo Programming 0 11-24-2007 06:00 PM
Web Application to grab large files from web addresses farmerjoe Programming 3 10-16-2005 08:49 AM
Replacing checkpoint firewall, arp table itsjustme Linux - Security 1 12-30-2004 01:10 PM
Replacing a win2k router/firewall with Linux/BSD, which? sud_crow Linux - Networking 4 07-11-2004 02:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration