I tested the rule on Firefox within Ubuntu VM and it worked as it gave me a forbidden error code page. When I tested it on my phone browser, it does not work as it just shows the index page with no errors. Is there a different configuration I needed to do for it or it just does not work on a mobile phone browser?
The URL I used is, "HTTP://vhost1.group21.com/?ID=103.50.84.114".
SecHttpBlKey (key here)
SecAction "id:900500,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.block_search_ip=0,\
setvar:tx.block_suspicious_ip=1,\
setvar:tx.block_harvester_ip=1,\
setvar:tx.block_spammer_ip=1"
This should not be a thing. This is about IP connections and not about the origin of the request.
The only difference I see is the IP address. So the VM and the mobile device have different IPs and the RBL lookup gives a different result for the two.
In order to debug this, I suggest you put all the rules in the 910 rule file to "log" (now "nolog") and then check the error log and compare when it blocks and when it does not. This should allow you to isolate the misbehaviour.
Related
Problem: when I visit particular url the site goes white and the title of the tab says "403 Forbidden" and nothing else happens.
I wanted to ask the forumees here about this weird problem when I, and I solely, cannot access one particular website, until I've run right into very same problem with yet another site just now.
Apparently the problem lies with my computer, and my computer only.
The site IS accessible by everyone except of me.
I cleaned the cache, removed all sh!t files, restarted the modem and the computer couple of times already, to no avail.
I can access those sites via my phone, I can access them from anywhere else but! my computer.
Has anyone stumbled upon such a problem?
There could be a variety of reasons behind this. Your browser, a browser extension, IP address shitlisted for some reason (usually spamming), some sort of virus that gets detected by remote antiviruses and block your connections, some adware or spyware that rewrites your requests...
It's also possible that if you only have problems with those two websites and especially if you did something you were not supposed to, maybe they just blocked you out.
So try using a proxy server or a VPN like strongvpn. If it works then at least you know it's got something to do with your IP address.
I've got a requirement to detect if a webpage is being served on the internet or intranet, i.e. assuming a url of https://accessibleanyway.com, is the phone connected to the work wifi or to something else like their home wifi or the phone network?
What different ways are there to do this?
(1) Use WebRTC to get the local ip address. Not widely supported
(2) Try to access a local web page using jsonp/cors/iframe
The problem with 2 is that the webpage is https and the local resource is likely to be http which you can't do in IE afaik. If I make the local resource https then it's via a self cert which means installing CAs on the phones (can you buy certificates for the intranet anymore?)
Any suggestions?
The problem with (2) was that the same page was trying to use http and https, and even with an iframe you get issues.
What you could do instead is start on a http loading page, use an iframe to access a local resource which you can only access if you are on the intranet, jsonp will work fine for this. Once that's worked or failed, redirect to your start page with some token in the querystring to indicate that you are on the intranet or not
NB jumping from http to https would probably have some security issues if you are on the same website (authentication cookies being initially visible), but I would have thought it would be fine if you are going to a different one
Obviously there'll be some security needed around the token as otherwise the user could just generate their own but that's a different matter which depends on individual setups. It would obviously have to be generated by a server call, otherwise someone could just read the client code.
NB I think the IP address approach is never going to work as you have no way of knowing what a companies intranet setup looks like until you go there, so it's not a generic answer
the linux-guy here has a question about IIS v6.
The case is, that i have a site running, when i do some specific tasks on this site ( Like deleting a specific item, three times in a row) the site will break, and a completely blank page will appear. Checking the response headers, i noticed that the server sends a "403 Forbidden: IP address of the client has been rejected."
Through a proxy, i can connect just fine.
Checking the site-options in the IIS manager, shows me that my IP is not blocked globally, its something thats just happening.
Where can i check for this? It happens automatically and the block ends after about 8-12 minutes, every time?
best regards.
Jonas
do you have access to IIS?
i assume blocking occure on web site side (inside ASP code), not in IIS.
please check IIS console, and make sure that there are no blocked IP's. If it's true, you should find database/table or some config file, where stored all blocked IP's. After that, you should get able to find ASP code, which is responsable for blocking....
you also could try make quick search inside all ASP pages for text like: "REMOTE_ADDR" and ".ServerVariables"
I am facing a strange thing when i open some URL. The URL is (www.jobserve.com)
When i open this URL from my home, it opens some web page. Same url if i open from my office network, i get a entirely differnt URL, which is what i want.
Both, my home and office are in same city in India(3 Km. apart!) but somehow from my home network, i get served a entirely different page which is not what i am trying to open.(The page opening up in the office one is desired one. Office network has proxy/firewall which could be shielding the IP address for opening to outside world!).
My question is why is it happening so, because both accesses are happening from same country/city(but different ISPs though!), so there cannot be a country/IP specific host/content served differently than the global content of the same server.
So what could be happening here?
This raised another question in my mind(when i tried to find ip of the server using nslookup and domain name which returned error - "can't find www.jobserve.com/: Non-existent domain"):-
How can i find IP address of the web server using the domain name other than nslookup which is not working for this particular domain/url?
I recall there were some sites which find geographical location of server and show that pictorially, but i am not able to recall the url for that? Does anyone know?
Thanks,
-AD.
Some sites look at the incoming IP address, lookup where it's coming from and then take various actions they think relevant to you - usually, redirecting you to a more-local site.
Of course, lots of sites react if they think they've "seen you before." For example, there may be cookies that tell them something about you. Or, they may be reacting to your browser.
Sometimes, organizations look at the source IP address and if it's coming from a business they may respond differently than if it's from a non-business ("home") IP.
And, sometimes companies intercept IP traffic and edit it in various ways. This is not normally done to web pages, but if your employer isn't happy with your watching porn at work ( -smile- ), they may do something about it! ...China is well known for doing this type of interception...
I work for an UK based company and all my regional settings are UK based. Moreover the internet is itself from UK so all websites act as if I am from UK.
Google.com goes to google.co.uk
virgin, T mobile ads every where
Does this give any idea about why you are getting a different website in office?
For finding the IP address: don't use a slash. Just
nslookup www.jobserve.com
Alternatively, you can use a website like http://www.domaintools.com/ (there are many others, that's just the first one that comes to my mind).
I want to be able to set my country of origin - does this involve testing through a proxy, or is there something that can be set else where?
I would use TOR for this purpose. That way you are sure you are hitting the site from a different country.
Depends on what do you want to test against. If it is a GeoIP system, you'd need to get yourself a proxy in another location or otherwise use a different network. If it is the HTTP content negotiation headers you can change them in the browser configuration.
How you do it depends on the operating system and browser and what you are testing.
If you are testing non-HTML content that runs in the browser (eg flash), then with IE, you must change your machine's location as IE picks it up from there. With Firefox, browse to about:config, accept the "Here be dragons" warning and edit the general.useragent.locale value.
If you are testing what version of a page is returned based on local, then you need to specify the lanuge (in Firefox, tools -> options menu -> content tab -> choose button in languages section and add the correct country code)
I'm assuming you're using the IP to check the country. If you're testing internally then it may be possible to get a setup where the both the testing machine and the server to be tested are behind the same NAT. In this case just set your IP manually to an IP for whatever country you want to test, and connect to the server. So long as both of you are behind the same NAT it should see you as whatever IP you set.
Perhaps this is obvious, but you can also test from another country by using a VPN (from a company like purevpn.com) or by using a virtual machine like an EC2 from AWS. The gold standard is a remote desktop like an EC2 virtual machine because VPNs or proxies can have latency.