I was told to do something I don't believe is possible, that challenge is as follows.
I have 2 web servers.
Web Server 1 is where the pages are and clients access it, server 2 is a server with a very restrictive firewall setting which is to only accept access from server 1.
So, server 1 has a link of a content inside server 2, and it can only be accessed if the request comes from the server 1 Ip address.
But, the client cliks the link therefore his IP address will be sent to server 2, which will be denied because the firewall policy.
Am I getting this correctly or there's a way to do this?
I hope you can understand what I need.
Thanks in advance.
Perhaps what the person posing this problem to you is suggesting is that the client connects to server 1, then server 1 connects to server 2 to fetch the content (i.e server-to-server, on the fly, perhaps by way of some API). So, the client never connects to server 2 directly.
client --> server 1 --> server 2
Related
My .Net website uses WebClient to download a resource from another server. I am receiving "403 forbidden" responses from the remote server.
I think there is some sort of firewall issue as the requests work from my home development environment but the same requests are refused when my site is deployed to a web hosting company. I want to find the IP address that the refused requests originate from.
My question is this: is there a way to programatically find the actual source IP Address used by WebClient when it made the request?
I know the public IP address of my website but this might not be the same address WebClient would use for outgoing traffic. Unfortunately I have very limited access to the hosting company shared server and can't see any IIS logs or any other logs of incoming or outgoing traffic. Hence I am trying to get this IP address programatically.
I have seen SO questions on how to request a specific outgoing IP using BindIPEndPointCallback, but none on how to discover an actual actual IP used.
I want to use this as a proxy server to connect many different clients with servers. Here is what I'm looking to do:
The server software on a user's computer would connect to a proxy server that is running on a VPS. It would pass in some kind of Key or authentication info to identify itself and then would maintain a persistent TCP connection to the proxy server.
A client application running on a mobile device or other computer would connect to the proxy server and pass in some kind of Key or authentication info. The proxy server would match the connection between the client and server based on their authentication info, and then forward all data back and fourth between the connections.
The proxy server would need to be able to handle multiple clients and servers connecting to it at once and use the authentication info to pair them up. There could be multiple clients connecting to the same server at the same time too. The connection from the client and server would both be outbound so that they are not blocked by firewalls. I wrote the client and server software, so I can make them work with any specific proxy.
What is the name of this kind of proxy server? And can anyone recommend any?
Thanks!
Im just wondering, can 2 or more different external hostname/DNS redirect to multiple local servers but same port?
Let's see, I have 2 DNS internet domain for an example, myserver1.com and myserver2.com, and both I have same A record to my forwarded server IP (e.g: 102.123.123.123). Under my server which only has 102.123.123.123 IP address has 2 application servers but instead of trying to make they work, I use different port for each server applications for an example, serverApp1 listening to 0.0.0.0:2010, serverApp2 listening to 0.0.0.0:2020
My point is, is there any way or how to forward my myserver1.com:2000 to serverApp1 (port 2010), and myserver2.com:2000 to serverApp2 (port 2020) but both myserver1.com and myserver2.com has a same A record?
Im quite sure either it is in iptables or /etc/hosts or BIND issues, but guide me if I missed something. And by the way, the servers and DNS records are accessible from the internet which is the firewalls are configured properly. Thanks.
I don't have much experience in that, but I think you will need a third server/firewall/proxy listening for the incoming host and route it accordingly.
Again, I don't have much experience in that, so I'm not sure if the firewall is able to do that.
I think you can use redirection servers like apache.
In my application we want to access lot of intranet servers from internet. So what we did, we configured a apache with all the mappings in httpd.
So when ever a request to apache comes, it will be redirected appropriately.
For example - I have two servers or hostname in intranet : 1) abc.com:7300/context1
2) xyz.com:8900/context2
We configured a apache with host name abcxyz.com:9000. When a request like
abcxyz.com:9000/context1 comes it will be redirected to abc.com:7300/context1 and when a request like abcxyz.com:9000/context2 comes it will be redirected to xyz.com:8900/context2.
In your case since the requests are going through the single server (102.123.123.123), you can use redirection.
Hope it helps.
I have two Windows 2008 R2 Standard Server on which IIS 7.5 is installed (Server1 and Server2). On Server1 I have installed Web Farm Framework 2.2 and created a server Farm "myFarm.com". I have also installed ARR on the Server1.
In the server farm, I have added Server2 and Server1 as the secondary servers. I have configured the ARR with default option. Load balancing is configured to "Round Robin so that request can go to both of the server randomly.
To test my setup I have created a Test.ASPX page and deployed it in both servers. This is a simple page which returns serverName on which server page is executed. This way I would know that load balancing is working or not.
Then I opened Internet Exlorer and tried to browse my Test.ASPX page from server1 which hosts Web Farm and ARR. Everytime I hit the page request goes to Server2 only. I made my server2 has unhealthy in the webfarm to check if Server1 handle the request or not. When I tried to hit the Test.aspx in the browser, I was surprised to add following error:
The request cannot be routed because it has reached the Max-Forwards limit. The server may be self-referencing itself in request routing topology.
From the error message it appears that when my server2 is not available ARR is sending the request to Server1 which is again sending it to itself causing loopback. I couldn't find a way to stop this loopback.
One of the solution which I found after searching is that I should not add Server1 to the web farm as it is hosting ARR, but I have only two servers and I don't want to use one server just for ARR.
As soon as I mark my server2 healthy request starts getting executed by server2.
Could someone suggest what should be configured to resolve this error?
Thanks
You can do a self reference ARR and avoid to get the max-fowards limits if you configure ARR on port 80 and your web farm on another port : ex 8080
So when ARR route the request to itself he will do it on another port so avoid to foward and foward again the request.
Enjoy :-)
I had the same problem recently and this is the configuration that helped me (following what Cedric suggested in another post).
So, here is what you can do:
In your web-site configuration, add additional binding for Server2, for example, to port 88 (i.e. you should be able to get response by navigating to http://Server2:88/Test.ASPX).
In your server farm configuration, add condition to your routing (Routing Rules -> URL Rewrite) to avoid processing requests that go to port 88:
We have a asp.net 3.5 web application running on a hosting company's web server that's got a very strict firewall setup. The web application communicates with our sql server express 2005 which is on a completely different network.
The problem is that the web applications sends our sql server a random port number to connect to when it connects to our sql server on port 1433. Hence the web application can not connect to our sql server because then they have to open a whole range off port numbers on the firewall which they are not prepared to do.
My question is the following. Can you specify either in your connection string or somewhere in your web.config the port the client sends to sql server to connect back to on?
Thanks
If I'm getting you right, you want to do something that goes against how TCP/IP port handling is supposed to work.
You want the web application to always use the same port when connecting to your SQL server? This would mean you can only have one connection open at any given time, and so only one user at any given time. The client is supposed to communicate with a server from a "random" port. It's the basics of networking. At least how I learned it.
I'm not sure you can even force it to use the same port every time, and even if you can I'd advice against it.
I'd say the problem is the firewall, and not your application. I can understand that the SQL server only wants to speak to the IP address that your site is on, but it shouldn't really care which port the client wants to talk over (something like [website-ip]:* -> [sql-ip]:1433). To me, it seems like who ever set up the firewall has some kind of crazy firewall ideas, but maybe that's just me.
Is it possible that your SQL Server Express is configured to listen on dynamic ports? If the 'TCP Dynamic Ports' value is 0, I think it will be dynamic even if you have a specific port configured. That value should be cleared completely.
You can specify port if you are using TCP/IP.
For ex:
Data Source=190.190.200.100,1433;Network Library=DBMSSOCN;Initial Catalog=myDataBase;User ID=myUsername;Password=myPassword;
where DBMSSOCN=TCP/IP