cancel
Showing results for 
Search instead for 
Did you mean: 
maitane
Level 7

Cannot Connect screenshot

Hello,


We´re getting this screenshot when we try to generate a report accesing to http://admin.cebad.org/es/admin/actas


There´s no problem if we try this from an external network but in our MWG filtered network it happens sometimes, not always. So we think this is a problem related with timeouts.


If so, how can we get to keep conection without timeout just for this domain?
And we also like hide the "cannot connect" screenshot, I mean, we don´t want that it will be displayed.


I´ve attached the scrrenshot and the capture of the connection (conversation between 10.168.10.13 and 82.103.143.117).

Thanks.
Regards

0 Kudos
12 Replies
asabban
Level 17

Re: Cannot Connect screenshot

Hello,

on a first look it may be related to timeout settings. Unfortunately it seems there is only the communication Client <-> MWG in the dump, not the communication MWG <-> Web Server. Can you let us know if both connections are present or provide a dump which shows both connections?

Best,

Andre

0 Kudos
maitane
Level 7

Re: Cannot Connect screenshot

Hi Andre,

The dump attached corresponds with a TcpDump on the Director node with the following parameters:

-i eth2 -s0 host 10.168.10.13

Is this ok?

0 Kudos
maitane
Level 7

Re: Cannot Connect screenshot

Here you´re a new dump showing the connection between client and http://admin.cebad.org/es/admin/actas

Any idea?

Thanks

El mensaje fue editado por: maitane on 9/02/12 2:59:37 CST
0 Kudos
asabban
Level 17

Re: Cannot Connect screenshot

Hello,

it looks very similar to yesterdays dump. You see the client sending a GET request and nothing comes back for around 60 seconds. Then MWG sends an error message. Most likely because it received no data. I have seen this on servers which do not send a response while they do something, e.g. you tell a Web Server "create a report for me" and the server takes 2 minutes to create the report. In case it does not keep the connection alive, MWG will see this as a timeout and break the connection.

Unfortunately I wasn´t able to find the server communication, so I can´t tell for sure. I think there is an Event for increasing timeouts. Maybe you can try to create a rule for the URL which causes problems and set the timeout to 5 minutes and see what happens?

In case you want to create a full dump for me to analyze it would be the easiest for me to understand if you pick a test client and configure it to talk to one scanning node on the proxy port directly and capture the traffic with -s 0 -i any. It seens that we are in a transparent deployment here, which is pretty hard to analyse.

Best,

Andre

0 Kudos
maitane
Level 7

Re: Cannot Connect screenshot

Thanks Andre!!

We´ve already created a rule for this issue but it´s not working. We´ve create it as it appears on the attached image.

timeout.JPG

Is it right?

Wich parameters should we use to get it?

Thanks.

Regards

0 Kudos
asabban
Level 17

Re: Cannot Connect screenshot

Hello,

"equals" may be the problem here. Try

URL.Host equals admin.cebad.org

If that does not work you can try something like

URL matches *admin.cebad.org/es/admin*

Best,

Andre

0 Kudos
maitane
Level 7

Re: Cannot Connect screenshot

Hello,

We´ve tried all those and neither work.

I´ve got some more dumps but this is not the place to post them.

Can I send you a private mail to send them to you?

0 Kudos
maitane
Level 7

Re: Cannot Connect screenshot

Maybe we haven´t set the rule correctly. On the event settings we´ve got the following:Timeout event settings.JPG

Is it correct?

0 Kudos
asabban
Level 17

Re: Cannot Connect screenshot

Hello,

the Event looks good. Are you certain the rule is executed? You can find out if you set the action to block. If you now access the site it should be blocked by MWG (not showing Cannot Connect). If it works the timeout probably does not help here. We need to have a deeper look then.

You can drop the dumps on the Support FTP server on ftp.webwasher.com. Put them into a zip file and send me a PM with the filename and the password.

Best,

Andre

0 Kudos