Strange port 80 access problem
I have a very strange access problem that just popped up this morning. For whatever reason, my machine at home over my cable modem can no longer access Apache on port 80... However other services are accessible elsewhere (Direct Admin control panel, FTP, SMTP,etc...) BUT Apache is accessible to other devices, not on my IP... It seems as though there is some sort of IP block on me, but I can't seem to find anything in the logs to confirm this. I don't have a 'deny from' in any .htaccess files... What could be going on? I'm running apache 1.3.39, and FreeBSD 6.1. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange port 80 access problem
On Wednesday 12 September 2007, Don O'Neil said: I have a very strange access problem that just popped up this morning. For whatever reason, my machine at home over my cable modem can no longer access Apache on port 80... However other services are accessible elsewhere (Direct Admin control panel, FTP, SMTP,etc...) BUT Apache is accessible to other devices, not on my IP... It seems as though there is some sort of IP block on me, but I can't seem to find anything in the logs to confirm this. I don't have a 'deny from' in any .htaccess files... What could be going on? I'm running apache 1.3.39, and FreeBSD 6.1. It's very possible that your ISP is blocking port 80. It seems more and more of them are doing that with home subscribers. I know someone who has service with one of the large telcos and they not only block port 80, but mail and ftp as well. They told him if he wanted to run servers he would have to subscribe to business service at 5X the cost of residential. If you can ping other ports on your home machine, that's most likely what's happening. Your logs wouldn't necessarily show anything because the requests are not reaching your server. After you verify (from outside) that you can't reach port 80, about your only other option is to use one of the free nameservers that will redirect your traffic to another port. You will also need to reconfigure apache to listen on that port instead of port 80. Finally, if you have a firewall on your box, make sure it's not getting blocked there. Verify that apache is actually listening on 80 by doing: sockstat | grep httpd You should see lines like the following: www httpd 59775 3 tcp46 *:80 *:* If you don't than that's your problem, but if you see the *:80, you need to contact your ISP, fix your firewall, or look into redirect. Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange port 80 access problem
Written by Beech Rintoul on 09/12/07 11:14 It's very possible that your ISP is blocking port 80. It seems more and more of them are doing that with home subscribers. I know someone who has service with one of the large telcos and they not only block port 80, but mail and ftp as well. They told him if he wanted to run servers he would have to subscribe to business service at 5X the cost of residential. I've had a similar experience with COX Communications in the US midwest. They block http, https, alternate http ports like 8000 and 8080, smtp, and I think pop and imap/imaps. I'm sure part of the reason for this paranoid behavior is to protect their networks from saturation from bots and whatnot, but part of me thinks they just want to stick it to their customers whom they view as pesky annoyances rather than valuable consumers. I circumvent these hassles by boring ssh tunnels to the services I need access to on my home machines. This is a stopgap until I get time to fiddle with openvpn. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange port 80 access problem
On Wednesday 12 September 2007, Reid Linnemann said: Written by Beech Rintoul on 09/12/07 11:14 It's very possible that your ISP is blocking port 80. It seems more and more of them are doing that with home subscribers. I know someone who has service with one of the large telcos and they not only block port 80, but mail and ftp as well. They told him if he wanted to run servers he would have to subscribe to business service at 5X the cost of residential. I've had a similar experience with COX Communications in the US midwest. They block http, https, alternate http ports like 8000 and 8080, smtp, and I think pop and imap/imaps. I'm sure part of the reason for this paranoid behavior is to protect their networks from saturation from bots and whatnot, but part of me thinks they just want to stick it to their customers whom they view as pesky annoyances rather than valuable consumers. I circumvent these hassles by boring ssh tunnels to the services I need access to on my home machines. This is a stopgap until I get time to fiddle with openvpn. That's another option. I'm very lucky. Here in Anchorage, the cable provider (GCI), is totally OK with people running servers as long as you're not selling webspace or email services (Your home business is OK). They deal with abusers on an individual basis. They also do network scanning looking for bots and will put a user on security block until they fix it, but I've never known anyone who actually got blocked. I wish more ISP's had that attitude instead of trying to screw subscribers out of more money just to run their mail or website. -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange port 80 access problem
On 9/12/07, Reid Linnemann [EMAIL PROTECTED] wrote: Written by Beech Rintoul on 09/12/07 11:14 It's very possible that your ISP is blocking port 80. It seems more and more of them are doing that with home subscribers. I know someone who has service with one of the large telcos and they not only block port 80, but mail and ftp as well. They told him if he wanted to run servers he would have to subscribe to business service at 5X the cost of residential. I've had a similar experience with COX Communications in the US midwest. They block http, https, alternate http ports like 8000 and 8080, smtp, and I think pop and imap/imaps. I'm sure part of the reason for this paranoid behavior is to protect their networks from saturation from bots and whatnot, but part of me thinks they just want to stick it to their customers whom they view as pesky annoyances rather than valuable consumers. I circumvent these hassles by boring ssh tunnels to the services I need access to on my home machines. This is a stopgap until I get time to fiddle with openvpn. It might depend where you are on their network, but there's some inconsistencies with the blocking. Port 80 is blocked, but port 443 is allowed. Port 25 is blocked, but 587 is allowed. 135, 137, 139, and 445 are blocked. 8080, 8081, and 1 get through to my network. Most other ports are allowed by default. Like it or hate it, it's a control designed to support their subscriber AUP, which states pretty plainly that customers are forbidden to host servers on the home user accounts (http://www.cox.com/policy/ #6). Business lines have such restrictions listed and allow hosting services by policy, and puts the burden of security on the customer rather than attempting to enforce by technical means. DS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]