httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Elliot" <...@lidalia.org.uk>
Subject RE: [users@httpd] No response recieved from Apache at some external locations, but not others
Date Thu, 19 Oct 2006 11:01:15 GMT
>> -----Original Message-----
>> From: Robert Elliot [mailto:Rob@lidalia.org.uk <mailto:Rob@lidalia.org.uk>
]
>> Sent: Thursday, October 19, 2006 12:08 PM
>> To: users@httpd.apache.org
>> Subject: [users@httpd] No response recieved from Apache at
>> some external locations, but not others
>>
>> Hi, I'm having issues running Apache/2.0.59 (Win32) DAV/2
>> mod_auth_sspi/1.0.4 mod_ssl/2.0.59 OpenSSL/0.9.8c SVN/1.4.0
>> Server on Windows Server 2003.
>>
>> I reckon about 60% of external people can see the website,
>> and 40% cannot.  Unfortunately all three of my external
>> attempts to retrieve a flat HTML file fail, from work, client
>> site and my PDA's GPRS.  IE and Firefox both sit waiting for
>> a response forever if I request a legitimate file.  If I
>> request a nonsense one I get an accurate 404 from the server,
>> examining the response in Fiddler reveals it is definitely an
>> HTTP response served by my server, it shows my server's
>> config.  What's more, Apache does seem to log my attempts
>> that fail as 200 requests, and nothing appears in the error
>> log.  So my request is getting through; but no response gets
>> back to me.  nmap run from work also correctly identified my
>> server as running Apache configured the way I have it, so
>> nmap can get a response back. Just not, it would seem, any
>> web browser when asked to serve a valid file.
>> 
>> Obviously it is not a firewall ... issue
>
>I wouldn't be too quick to jump to that conclusion. Mystery timeouts
>very often *are* a FW issue - it is standard practice for a FW to drop
>silently disallowed packets. This makes it harder for an attacker to
>determine if he's really being denied or if the network is just slow, so
>it slows him down.
>
>Mind you, it would mean a FW that was dropping outgoing packets based on
>their HTTP response code which is a bit weird...
 
Thanks for the reply.
 
If it is an FW issue then it must either be my router dropping the packets on the basis of
both the IP address it is asked to send them to and the HTTP response code, or a corporate
FW dropping incoming packets based on a combination of IP address and response code.

The former seems unlikely to me; I'd be surprised if my router was up to that sort of cleverness.
 It certainly isn't logging anything like that, and I certainly haven't configured the firewall
like that myself.
 
I'd be a bit surprised by the latter, too; my work don't seem to filter anything, and the
client I'm currently at have a system of informing you if you request something they don't
approve of.  Though I suppose my ISP might have been blacklisted by someone or other?

>
>What is different between clients who *can* access the site and those
>who cannot?

I'm unsure; I thought it might be that "home" users seem to get in OK and "corporate" not,
but my wife can get in from her work (a big oil multinational).  I haven't identified a common
factor yet.
 
>Are you sure the logs are really identical too?
 
I believe so, though I'm currently at work so I'll have to examine them again tonight.  There's
definitely nothing in the error log. 

>Can you post an example URL for us to try?

OK, try http://www.lidalia.org.uk <http://www.lidalia.org.uk>  - should show the Apache
splash page.

(PS - apologies if this is poorly formatted, the Outlook Web Cient doesn't seem to give me
many options about playing nice with mailing lists.)

Mime
View raw message