A few other ways to identify a device such as a load balancer are listed here:
- Analyzing SSL differences between servers: There can be minor changes in the SSL configuration across different web servers. The timestamp on the certificate issued to the web servers in the pool may vary. The difference in the SSL configuration can be used to determine whether multiple servers are configured behind a load balancer.
- Redirecting to a different URL: Another method of load balancing requests across servers is by redirecting the client to a different URL to distribute load. A user may browse to a website, www.example.com, but gets redirected to www2.example.com instead. A request from another user gets redirected to www1.example.com, and a web page from a different server is then delivered. This is one of the easiest ways to identify a load balancer, but it is not often implemented as it has management overhead and security implications.
- DNS records for load balancers: Host records in the DNS zone can be used to conclude if the device is a load balancer.
- Load balancer detector: This is a tool included in Kali Linux. It determines whether a website is using a load balancer. The command to execute the tool from the shell is lbd <website name>. The tool comes with a disclaimer that it's a proof of a concept tool and prone to false positives.
- Web Application Firewall (WAF): In addition to a load balancer, the application might also use a WAF to thwart attacks. The WAFW00F web application firewall detection tool in Kali Linux is able to detect whether any WAF device exists in the path. The tool can be accessed by navigating to Information Gathering | IDS/IPS Identification.