Website on GCP cant be reached on some wifis - nginx

I am using GCP, nginx and domain name from "name.com" to deliever my website.
It can be reached on mobile network but doesn't work with wifi.
Although on some wifis you can reach my site with around ~60% (from those i have tests) you cant.
It might have to do something with DNS / DNSSEC but its litearly a guess, I am clueless.

Hey everyone so I have found the problem.
When I looked online for best practice its recommended to use different ports for the backend and frontend.
apparently the port used for the backend was blocked by some routers.
Now the backend and frontend use the same port and it is fixed.
Hopefuly it will help other people who are getting the same problem.

Could you try lower the TTL to 300 seconds for your domain in name.com? It could be that DNS has an old cache which did not yet point to your nginx instance/location. Or you could wait out the default TTL which is probably 12-24 hours.

Related

Strongswan DNS Leak with split-tunnel

I've set up Strongswan VPN with StrongMan(web-interface manager) on AWS.
It works great, my company employees can access contry-restricted site without any issues. But now I need to implement split-tunneling, because we also have to send terabytes of data, daily, to non-restricted sites.
I've coded small C# app that automaticaly manages split-tunneling routes with next command.
route ADD siteIP MASK 255.255.255.255 10.10.10.1 IF VPNInterfaceID
And it doesn't work like i'd like it to work.
Problem is: my DNS are leaking in split-tunnel mode.
If i route to "www.whatismyip.com" thru VPN, it masks my IP, so it works,
but i can't access restricted sites.
So i routed "www.dnsleaktest.com" thru VPN, and i can see that my DNS are in fact leaking.
I've found an app "Simple DNSCrypt", which fixed my problem, but i really dont want to use third-party software.
I'am very new to this topic, so any help would be appreciated.
I cant figure out how to hide my DNS.
Even overriding to 8.8.8.8 and 8.8.4.4 doesnt help.
What can i do? What should i read and learn? What could be the problem?
Sorry for my poor use of English.
Thank you in advance!
I've figured it out. Maybe, this answer will help someone someday.
You have also route DNS adresses thru VPN (in my case 8.8.8.8 and 8.8.4.4),
and "disabling" default ethernet adapter DNS by setting them to 127.0.0.1.
Dont forget to revert them back after disconnecting from VPN!

How long does it take for Cloudflare to start resolving a site?

I tried to switch over the Cloudflare on a live site that is expected to get a ton of traffic. Unfortunately, after I switched the DNS servers over, I got 523 errors for about 20 minutes before I gave up on it. Traceroute and ping reported "unknown host" during this time. I double-checked the DNS servers cloudflare had me switch to and they were correct. I have set this up on a WordPress site using the official cloudlflare plugin: https://wordpress.org/plugins/cloudflare
Is it normal for a site to go down for so long when switching over? I've never used Cloudflare before.
No, it's not normal for a site to go down. The DNS change will spread but until then, unless you changed other things about your site, people should still be redirected to your origin from your old DNS.
A 523 error suggests a problem with your origin. I'd suggest contacting cloudflare. It's actually possible the PLUGIN is the issue, as cloudflare's default behavior generally fine for a static wordpress site.

From past 3 days, getting a lot of Spam Traffic from US, How to Block?

Before I go ahead let me mention couple of things,
I'm having a dedicated server with CentOS 7, Plesk Onyx Web Pro Edition with Firewall, Fail2Ban & Modsecurity switched ON and nginx as my main webserver. (Not using Apache)
From past 3 days, all of a sudden there was a spike in traffic and it was showing from USA in Google Analytics. First I was happy but then I noticed there was no increase in server load, there was no increase in revenue and the bounce rate started going up. These were clear signs of an attack or a bot traffic.
I tried searching for a solution and each time I Google I always land up on sites mentioning about ghost spam which I think could be the reason here as the site is under no load and its just GA or maybe I am wrong. Anyway I followed the article and found that there are no spam hostnames at all and the most of traffic from my my own domain itslef as hostname and it's mostly shoing in direct traffic.
Then I installed Wordfence Security plugin but it worked for a day only. Then I setup cloudflare with I'm under attack mode and a firewall filter of known bots, its blocking IPs but there is no change in real time traffic.
As I'm using Plesk so I searched for plesk and there was a thread going for WordPress Toolkit security features but that didn't work either.
Tried a nginx bad bot block article and that didn't work either!
I'm really worried now and I'm not sure that I'll loose rankings or what but this is really harmful for the site.
Any help is really appreciated.
You can block traffic by filtering out IP address by using cloudflare.com. Also good thing about this that it's FREE :)

What is a good strategy for accessing an API which is limited to a static IP Address from Heroku?

I need my app to be able access an third party API who limits access based on a single, static IP Address.
Due to the dynamic nature of the Heroku dynos and routing mesh, this is not possible - I'll need something with a fixed IP Address to act as a proxy.
An US East EC2 Linux/Nginx instance would seem the sensible choice, but these seems like a lot of work/maintenance for something pretty trivial. Does anyone know of any services out there that do this?
Ok so after a bit of research I've discovered the best way to do this currently is indeed with an AWS US East EC2 instance running some sort of proxy. I've gone with linux/nginx.
I've also learned there is a Heroku add-on currently in alpha stage of development that will handle exactly this requirement. If you'd like to test it, get in touch with Heroku support.
You can also use the Proximo add-on to get a static outbound IP address via proxy without any of the maintenance headaches.

Why can I see my website even though it's down?

I'm wondering if anyone knows how this happens? My website is down, but every computer on my internet connection/router can see it. I've cleared my cache etc, but another computer in the house shouldn't be seeing a site that's offline. How weird?
It's hosted remotely, not on my network or anything.
The first question to ask yourself is, how certain are you that it's down? If computer A can access it and computer B cannot, either one could be "right":
The site could be down, and computer A could be looking at a cached version from the ISP.
The site could be up, but computer B could be having general internet connectivity problems, or problems accessing this site in particular (bad DNS cache, etc.)
One way to tell is to add some new content to the site (via FTP or an in-place content management system like wordpress, for example) and see if the computer that can access it (computer A) can see the changes. If so, then you're looking at a "live" site, where the pages are being served directly from the server. (If the server is active and runs web software like PHP or ASP, then that would be another way to "prove" that the site is up and running).
Do you know the IP address of your web server?
Do you have direct access to the Internet on port 80?
Tell if your server is up or down by doing the following
telnet 255.255.255.255 80
Where 255.255.255.255 is your web server's IP address. On windows the screen will go blank if the server answers. Then type
GET / HTTP/1.0
And hit enter twice. You should see the content of your default page. If your running as a virtual host, you'll probably need to use HTTP/1.1 and the Hostname tag.
GET / HTTP/1.1
Host: www.yourservername.com
There is one return after HTTP/1.1 and two returns after your hostname. If you get content (the correct content) back from your web server it is definitely not down. If the server fails to connect then your web server is really down, and the content your computers are seeing could be any of the following:
local page cache
local proxy server
ISP proxy server
local ARP poisoning attack redirecting you to attacker's local web server which mirrored your site.
DNS poisoning to direct your browsers to someone else's web server which mirrored your site.
If your site is up, but geographically separated folks can't see your site, it is most likely a DNS issue or an ISP level routing issue.
A good tool to check for DNS issues is OpenDNS's CacheCheck. As for the routing issue, the best bet is to call your web hosting company and see if they've had any other complaints from their other customers, or if they are currently working on a routing issue.
Internet provider cache maybe.
What DNS servers are your friends using? Same as yours?
Your ISP is probably caching the content.
i know it's down cause i asked my friends in other locations to look at it. then i ran a test using this site i found.
http://www.websitepulse.com/help/tools.php
i'm switching hosts and we're dealing with my main domain name. that's the other reason i expected this interuption. i just want to know when it's finally switched.
is ISP cache a bad thing?

Resources