1 2 Previous Next 12 Replies Latest reply on Feb 14, 2012 5:52 AM by asabban

    Cannot Connect screenshot

    maitane

      Hello,


      We´re getting this screenshot when we try to generate a report accesing to http://admin.cebad.org/es/admin/actas


      There´s no problem if we try this from an external network but in our MWG filtered network it happens sometimes, not always. So we think this is a problem related with timeouts.


      If so, how can we get to keep conection without timeout just for this domain?
      And we also like hide the "cannot connect" screenshot, I mean, we don´t want that it will be displayed.


      I´ve attached the scrrenshot and the capture of the connection (conversation between 10.168.10.13 and 82.103.143.117).

       

      Thanks.
      Regards

        • 1. Re: Cannot Connect screenshot
          asabban

          Hello,

           

          on a first look it may be related to timeout settings. Unfortunately it seems there is only the communication Client <-> MWG in the dump, not the communication MWG <-> Web Server. Can you let us know if both connections are present or provide a dump which shows both connections?

           

          Best,

          Andre

          • 2. Re: Cannot Connect screenshot
            maitane

            Hi Andre,

            The dump attached corresponds with a TcpDump on the Director node with the following parameters:

            -i eth2 -s0 host 10.168.10.13

            Is this ok?

            • 3. Re: Cannot Connect screenshot
              maitane

              Here you´re a new dump showing the connection between client and http://admin.cebad.org/es/admin/actas

              Any idea?

              Thanks

               

              El mensaje fue editado por: maitane on 9/02/12 2:59:37 CST
              • 4. Re: Cannot Connect screenshot
                asabban

                Hello,

                 

                it looks very similar to yesterdays dump. You see the client sending a GET request and nothing comes back for around 60 seconds. Then MWG sends an error message. Most likely because it received no data. I have seen this on servers which do not send a response while they do something, e.g. you tell a Web Server "create a report for me" and the server takes 2 minutes to create the report. In case it does not keep the connection alive, MWG will see this as a timeout and break the connection.

                 

                Unfortunately I wasn´t able to find the server communication, so I can´t tell for sure. I think there is an Event for increasing timeouts. Maybe you can try to create a rule for the URL which causes problems and set the timeout to 5 minutes and see what happens?

                 

                In case you want to create a full dump for me to analyze it would be the easiest for me to understand if you pick a test client and configure it to talk to one scanning node on the proxy port directly and capture the traffic with -s 0 -i any. It seens that we are in a transparent deployment here, which is pretty hard to analyse.

                 

                Best,

                Andre

                • 5. Re: Cannot Connect screenshot
                  maitane

                  Thanks Andre!!

                   

                  We´ve already created a rule for this issue but it´s not working. We´ve create it as it appears on the attached image.

                  timeout.JPG

                  Is it right?

                  Wich parameters should we use to get it?

                   

                  Thanks.

                  Regards

                  • 6. Re: Cannot Connect screenshot
                    asabban

                    Hello,

                     

                    "equals" may be the problem here. Try

                     

                    URL.Host equals admin.cebad.org

                     

                    If that does not work you can try something like

                     

                    URL matches *admin.cebad.org/es/admin*

                     

                    Best,

                    Andre

                    • 7. Re: Cannot Connect screenshot
                      maitane

                      Hello,

                      We´ve tried all those and neither work.

                       

                      I´ve got some more dumps but this is not the place to post them.

                      Can I send you a private mail to send them to you?

                      • 8. Re: Cannot Connect screenshot
                        maitane

                        Maybe we haven´t set the rule correctly. On the event settings we´ve got the following:Timeout event settings.JPG

                        Is it correct?

                        • 9. Re: Cannot Connect screenshot
                          asabban

                          Hello,

                           

                          the Event looks good. Are you certain the rule is executed? You can find out if you set the action to block. If you now access the site it should be blocked by MWG (not showing Cannot Connect). If it works the timeout probably does not help here. We need to have a deeper look then.

                           

                          You can drop the dumps on the Support FTP server on ftp.webwasher.com. Put them into a zip file and send me a PM with the filename and the password.

                           

                          Best,

                          Andre

                          1 2 Previous Next