Our Spring application is running on several different servers. For one of those servers POST requests do not seem to be working. All site functionality that uses GET requests works completely fine; however, as soon as I hit something that uses a POST request (ex. form submit) the site just hangs permanently. The server won't give any response. We can see the requests in Tomcat Manager but they don't time out.
Has anyone ever seen this?
We have found the problem. Our DBA accidentally deleted the MySQL database files on that particular server (/sigh). In our Spring application we use GET requests for record retrieval and the records we were trying to retrieve must have been cached by MySQL. This made it seem as if GET requests were working. When trying to add new data to the database, which we use POST requests to do, Tomcat would wait for a response, which never came, from MySQL.
In my experience if you're getting a timeout error it's almost always due to not having correct ports open for your application. For example, go into your virtual machine's rules and insure port 8080, 8443 or 80, 443 are open for http and https traffic.
In google cloud platform: its under VPC networking -> firewall rules. Azure and AWS are similar.
Related
I have a web api application built with yarp support listening on port 443.
I know it is up and running because postman says so when https://myserver/info. 'Info' is a simple http GET returning some strings from a simple controller.
I also have a web api project listening on port 5002 which I know is functioning because postman says so when https://myserver:5002/myotherapp/info.
I would like postman to tell me that https://myserver/myotherapp/info is also valid, but have not been able to configure it so.
I have tried numerous different combinations in the appsettings.json to achieve this but to no avail. All I am trying to do is direct to localhost:5002 on the server. In my current setup I am seeing 503 Service Unavailable in postman.
It may not be a configuration issue but could someone assist me by confirming what the ReverseProxy element of appsettings.json should look like in this simplest of cases?
Context: I have an application which communicates with a server of the owner. This application requests certain information from the server by accessing some URL's. I don't know these URL's, except for a few, but once I know them, I can manually visit them in the browser and obtain said information.
Goal: Figuring out the URLs of those requests, i.e., what are the requests being made by the application when I'm using it, so that I can, in the future, make them manually myself.
Progress:
Since the communications are in HTTPS, reading the packets with Wireshark while using the application was unsuccessfull since they are encrypted.
However, I was able to find where in the binary of the application is the URL of the server located. Thus, I can theoretically redirect the requests of the application to any other server. Hence, I thought a good idea to be able to receive the unencrypted requests would be to set up a proxy server, redirect the application to it, and then execute the application and obtain the results.
Problem: I don't know how to implement this idea in practice though, and it is here where I'd appreciate your help. I suppose that, ideally, I would be able to both receive the requests made by the application (and thus read them), as well as redirect them to the server and read the received information.
I am trying to build a SOCKS solution for forward proxy. I am using dante SOCKS proxy as I have heard that big companies like google uses it as forward proxy solution.
on the SOCKS server, I am allowing based on FQDN's like google.com:443
Now the problem is, when the client constructs the packet, it tries to resolve google.com and gets X.X.X.X and sends connect request to SOCKS server. Now when the server receives the packets, it tries to reconstruct the packet to send out to internet, the server again does DNS resolution and if the server gets response as Y.Y.Y.Y, then it doesn't allow client's request as the destination IP in the client's request is different then the server's resolved IP address.
There was a solution in dante client which tells client to put a dummy destination address 0.0.0.1 and sends request to server and server processes it properly then. However that is creating a problem with internal domains as after using that dns resolution method, every requests goes through dante server :(
Please let me know
If there is any solution through which would help me in maintaining a DNS record expiry DC wide for e.g. google.com resolves to X.X.X.X and I should be able to resolve to this same IP address on 100's of DNS client and in case if the record changes, then it should immediately change/expire on client.
Any other proxy/socks solution which should be transparent to applications for forward proxy
I went ahead with this solution in case anyone is curious to see the solution.
I used PowerDNS Auth Server with Pipe backend. The requests would land to PowerDNS server for resolution, it will pass on all the data to Pipe backend script with ABI, the script analysis the requests, sees if it is present under cached variable/memory map, if it is cache hit, it will respond using cached DNS records else it will use a DNS resolver to resolve that query like a resolver resolves normally.
PowerDNS version lower than 4.1 supports Pipe backend + resolver. This way, the request would first land to pipe backend script, if the script doesn't have any entries cached, it will not respond or will respond blank and then PowerDNS would resolve it with the mentioned resolver server in the configuration. However with version 4.1 and above, the resolver part is removed from PowerDNS Auth server hence you need to handle that behaviour via Pipe backend script.
It depends on your client. Firefox, for example, sends hostname to SOCKS proxy without resolving it. You can confirm that by Wireshark.
PS. assume you are using a SOCKS5/4a proxy. SOCKS4 does not support hostname. Ref: https://en.wikipedia.org/wiki/SOCKS#SOCKS4a
there doesn't seem to exist any configuration that enables HTTPS only access to neo4j databases.
I've tried disabling the HTTP connectors but neo4j needs at least one HTTP connector otherwise it wouldn't start the service at all.
I found that commenting out the HTTP connector would let the neo4j service start but triggers an error in all browsers except chrome that wouldn't let you connect to the database.
As far as my research has brought me. There is no neo4j-only solution to this problem at the moment.
From what I've read and found out there might be several possibilities like limiting http access to port 7474 from outside of your network and redirecting http to https.
I was not able to test them personally but it seems that there's no different way to do this.
For now http has to be enabled and configured for https to work.
I run a company webserver that seems to get hit constantly with wpad.dat requests. It fills up my error logs with 404 not found errors. I had considered ignoring the wpad.dat requests in the config, but upon further inspection it seems that some systems try to get this file every couple seconds at times. Some try several times a minute ongoing for days.
Can I create a wpad.dat file that I can serve to these systems to tell them there are no proxy settings so they can stop hammering the server with requests? I know the idea of the wpad.dat file is to provide auto-detected proxy settings. We only seem to have this issue with users logged into our VPN. Their web browsers just sit there and hammer the server with requests. I'd like to give them what they want. Any suggestions?
Serving this file seems to tell the connected system that there is no proxy info and to connect directly.
function FindProxyForURL(url, host) {
return "DIRECT";
}