I've tested several http requests and only one IP is not getting any response from my server hosted in Openshit.
How can I unblock this IP?
Related
I've got a chatbot backend which is talking to a service (service 3) which talks to another and sending a CloudFront signed URL for an image.
Then from the Chatbot browser (client) requests to CloudFront which talks to Service 1 and Service 2 for serving the image.
All the services are deployed in AWS Elastic Beanstalk. But now its reurning HTTP 504 when requesting for the image from CloudFront.
As a way of resolving this, I tried updating Route 53 CNAME entry manually with Service 1 load balancer URL assuming this has caused by CloudFront not being able to reach public DNS entry for Service 1. But it did not resolve the issue.
Is it possible to configure the proxy on a secured route so that on a redirect the location header field in the response is rewritten to HTTPS?
I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://complan-complan.a3c1.starter-us-west-1.openshiftapps.com/planner
when I log in to the application. But also without login the request to the above URL is redirected to HTTP and again to HTTPS.
Thanks!
When the exposed route in OpenShift is set to TLS edge termination then the build-in HAProxy will terminate the HTTPS connection and create a new HTTP connection to your application.
To get the original client-ip/protocol/port the proxy inserts the HTTP headers X-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Port.
For redirection to work correctly you have to tell your framework/server to use those fields. In your case with Wildfly you can follow theses instructions
There are samples for other frameworks/servers in the OpenShift FAQ:
https://developers.openshift.com/faq/troubleshooting.html#_how_do_i_redirect_traffic_to_https
I'm curious is it possible to route an http get request through a remote host, which is not on a local network and behind a router? So the source ip address of the http packet will have a remote host ip adress, I don't need a reply from a final web server.
Thank you
Additional, unexpected HTTPS connections are being made to GCE servers.
This started 2nd October and is affecting europe-west1-b and us-central1-b.
We have the same codebase running on servers in Amazon EC2 that are not affected.
Is anyone else seeing issues with HTTPS traffic to GCE?
UPDATE: Clarification of duplicated connections:
A single HTTPS request from a web browser for example
GET /favicon.ico HTTP/1.1
Results in 5 HTTPS connections opened, no http request is send and then they are closed (before timeout period).
Then a final connection is opened and the request is sent as it should.
Note:
This usually would go undetected. However we only allow 10 SSL connections from a single IP in the space of 1 second (velocity restriction).
I have temporarily increased this to 20 and everything is working OK.
What I don't understand is why this would suddenly start happening and only on GCE servers.
I will update this again when I have looked into the raw SSL traffic.
I have two websites functioning under Google Compute Engine VM instances. Both sites accept requests and communicate only via HTTPS and not on HTTP.
How can I properly set a Network Load Balancer forwarding rule under GCE for HTTPS? I have my forwarding rule set on both port 80/443 (HTTP/HTTPS) but my health check always shows unhealthy. It seems like it can't handle HTTPS forwarding.
The way I have my site only doing HTTPS is by having a mod header loaded in Apache and strict transport security enabled. I then have a rewrite rule from HTTP to HTTPS for all requests.
As stated here,
There are two types of health checks available:
HTTP health checks, which are required for HTTP and network load
balancing.
HTTPS health checks, which are required when setting up
backend services to use HTTPS.
Therefore, a network load balancer uses an HTTP health check and it can't handle HTTPS forwarding. You'll need to setup a website, at least for the health check, that allows HTTP and returns an HTTP response with code 200.