Website accessible from everywhere except for client's network - asp.net

My client has a website that is showing some strange behavior. The site is built in ASP.Net and used to be hosted on their internal network. It's now been moved to a different server outside their network. They have other sites hosted on the same server, some built using DotNetNuke, and some classic ASP. All these sites are hosted on one application server, with a database (SQL Server 2008) on a separate server (which is on the same network as the application server). They share the application server, and the database server.
Now that this site has been moved to the outside server, they can't access it. I can, and so can others that I work with (from different IPs, across the country). But the client can't from their network. They can access the landing page subsite.clientdomain.com (no db access), but nothing else. So, for instance, there's a link to subsite.clientdomain.com/folder. When they click that link, the URL changes to subsite.com/folder, which does not work. For myself and others not at the client site, the URL does not change and opens with no problems.
I didn't write the site, and didn't even know it existed before this problem cropped up, so I know very little more than this. Any help is appreciated.

I'm going to go with Martijn B's answer. There's a DNS issue on the internal network. Somewhere on of the DNS servers is a definition that maps http://companywebsite to an ip address like 192.168.1.20 or whatever.
I would open a command prompt on your PC and type
ping new_website_name.com
Take a look at the IP address that comes back. You can also do an nslookup on new_website_name.com that will give you more information. If you (person A) gets one IP address and Person B (inside the network) gets a different IP address....there is definitely a DNS issue on the internal network.

You're going to have to do some network tracing to determine exactly where any redirection is occurring. Given that the problem is only manifested in certain locations, it is likely that it is a function of network configuration in that location (as previously suggested). Without understanding exactly what redirection is occurring, it would be unwise to make configuration changes that might make the problem worse or introduce new issues.

A DNS server cannot AFAIK redirect to a different URL. So something is redirecting from subsite.clientdomain.com/folder to subsite.com/folder, which could be caused by a HTTP redirect. This can be triggered by the software/website itself or by IIS.

Related

IIS website inaccessible from server (but ok from outside)

On a server where an IIS website is hosted, if I open IE or Firefox and type the IIS website url, i got an error after a few seconds ("Cannot display the webpage", just like website would be offline). If I do the same from the exterior (as normal user do) everything works.
I have tried to give the IP address directly (thus skipping DNS), problem is the same. It only works if I type the internal ip address of the IIS website (eg : 10.0.0.x).
The reason I want to do that is that I need to access a specific page of the website in order to execute a scheduled task. I cannot use internal ip address to do that, because host name (HttpContext.Current.Request.Url.Host) is used inside ASP.NET code to switch between different configuration.
Here is my question : is it possible to access a specific page on a IIS website from server where website is hosted ? (using complete url, not internal ip address ?)
Yes - If I understand your question correctly you should be able to add a mapping in your local hosts file to point that domain at your IIS webserver.
e.g.
10.0.0.x my.example.hostname
(where x is obviously a number)
We use this configuation internally when developing multiple sites on our local machines - each site is bound to a specific hostname and all these hostnames have mappings in the 'hosts' file to 127.0.0.1
The same principal applies here, if I've understood the question correctly :)

Redirecting http traffic to another server temporarily

Assume you have one box (dedicated server) that's on 24 7 and several other boxes that are user machines that have unused bandwidth. Assume you want to host several web pages. How can the dedicated server redirect http traffic to the user machines. It is desirable that the address field in the web browser still displays the right address, and not an ip. Ie. I don't want to redirect to another web page, I want to tell the web browser that it should request the same web page from a different server. I have been browsing through the 3xx codes, and I don't think they are made for anything like this.
It should work some what along these lines:
1. Dedicated server is online all the time.
2. User machine starts and tells the dedicated server that it's online.
(several other user machines can do similarly)
3. Web browser looks up domain name and finds out that it points to dedicated server.
4. Web browser requests page.
5. Dedicated server tells web browser to repeat request to user machine
Is it possible to use some kind of redirect, and preferably tell the browser to keep sending further requests to user machine. The user machine can close down at almost any point of time, but it is assumed that the user machine will wait for ongoing transactions to finish, no closing the server program in the middle of a get or something.
What you want is called a Proxy server or load balancer that would sit in front of your web server.
The web browser would always talk to the load balancer, and the load balancer would forward the request to one of several back-end servers. No redirect is needed on the client side, as the client always thinks it is just talking to the load balancer.
ETA:
Looking at your various comments and re-reading the question, I think I misunderstood what you wanted to do. I was thinking that all the machines serving content would be on the same network, but now I see that you are looking for something more like a p2p web server setup.
If that's the case, using DNS and HTTP 30x redirects would probably be what you need. It would probably look something like this:
Your "master" server would serve as an entry point for the app, and would have a well known host name, e.g. "www.myapp.com".
Whenever a new "user" machine came online, it would register itself with the master server and a the master server would create or update a DNS entry for that user machine, e.g. "user123.myapp.com".
If a request came to the master server for a given page, e.g. "www.myapp.com/index.htm", it would do a 302 redirect to one of the user machines based on whatever DNS entry it had created for that machine - e.g. redirect them to "user123.myapp.com/index.htm".
Some problems I see with this approach:
First, Once a user gets redirected to a user machine, if the user machine went offline it would seem like the app was dead. You could avoid this by having all the links on every page specifically point to "www.myapp.com" instead of using relative links, but then every single request has to be routed through the "master server" which would be relatively inefficient.
You could potentially solve this by changing the DNS entry for a user machine when it goes offline to point back to the master server, but that wouldn't work without an extremely short TTL.
Another issue you'll have is tracking sessions. You probably wouldn't be able to use sessions very effectively with this setup without a shared session state server of some sort accessible by all the user machines. Although cookies should still work.
In networking, load balancing is a technique to distribute workload evenly across two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid overload. Using multiple components with load balancing, instead of a single component, may increase reliability through redundancy. The load balancing service is usually provided by a dedicated program or hardware device (such as a multilayer switch or a DNS server).
and more interesting stuff in here
apart from load balancing you will need to set up more or less similar environment on the "users machines"
This sounds like 1 part proxy, 1 part load balancer, and about 100 parts disaster.
If I had to guess, I'd say you're trying to build some type of relatively anonymous torrent... But I may be wrong. If I'm right, HTTP is entirely the wrong protocol for something like this.
You could use dns, off the top of my head, you could setup a hostname for each machine that is going to serve users:
www in A xxx.xxx.xxx.xxx # ip address of machine 1
www in A xxx.xxx.xxx.xxx # ip address of machine 2
www in A xxx.xxx.xxx.xxx # ip address of machine 3
Then as others come online, you could add then to the dns entries:
www in A xxx.xxx.xxx.xxx # ip address of machine 4
Only problem is you'll have to lower the time to live (TTL) entry for each record down to make it smaller (I think the default is 86400 - 1 day)
If a machine does down, you'll have to remove the dns entry, though I do think this is the least intensive way of adding capacity to any website. Jeff Attwood has more info here: is round robin dns good enough?

How to get visitor IP on load balancing machine using asp.net

We are having two load balancing server. In that we have hosted a asp.net 3.5 application right now we are using request userhostaddress to get visitor ip but it is giving load balancer ip instead of real ip. Can anyone have code for this.
I think that you must search not only for HTTP_X_FORWARDED_FOR, but for all that, depent what your loading ballance using
Context.Request.ServerVariables[CheckAllBelowList]
"HTTP_X_COMING_FROM",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_VIA",
"HTTP_COMING_FROM",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_FROM",
"HTTP_PROXY_CONNECTION",
"HTTP_CLIENT_IP",
"CLIENT_IP",
"FORWARDED",
The return of one of that, is the actual Ip of you client, except if is other proxy, I also need to learn how some one can get this, to find the user that is behind 2-3 proxy's...
If you know any other, please tell me so.
The problem is more to do with the fact that the "load balancer" is acting as a proxy. What type of load balancer are you using? I know with Microsoft ISA server there is a setting to pass the original users IP address through to the webserver.
Otherwise you will have to write a page to dump out the server variables and see if there an extra server variable being added that gives you the real client IP address.
depending on the load balancing server the client's IP could/should be written to:
Context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
But beware if the user is also behind a proxy the value may be the proxies original client instead of the load balancer's client (which would be the proxy IP in this case). I'm not certain what behaviour is "normal".
Hope that helps,
Alex

Windows Authentication Only Works With hosts entry

I'm setting up a (ASP.NET) website to be used internally at my company. In IIS, I've turned on Integrated Windows authentication and turned off anonymous access. Once I've done this, the website pops up the "enter your username/password" box whenever you visit the site, but won't log you in even if the username/password are correct. This happens even if you're logged in to your computer with a domain account as opposed to a local account.
However, if I enter the IP of the site in my hosts file, the site works perfectly (logs the user in without the additional challenge).
I guess I have two questions.
1) Why does the hosts entry have this affect?
2) How can I get the site to succeed without a) forcing everyone to edit their hosts file or b) the site challenging them and failing to log them in?
EDIT: I checked, and we do have our DNS server set up to point those URLs to the correct servers. That's why pinging the URL displays the right IP. However, it appears that in addition to having that DNS entry, we also have to have the hosts file entry for the site to work.
You probably are having an issue with Kerberos authentication.
Since you're using a url of Site.DomainName.com, I'm assuming DomainName.com is your AD's name also.
On the server that's running IIS, copy SetSPN.EXE from the resource kit tools and run the following:
setspn -A http/site.domainname.com IISServerName
Where SITE is your URL and IISServerName is the name of the server.
This sure sounds like a dns problem. Does the dns server know about the hostname you are using? Sounds like the dns server does not know the forward lookup (hostname to ip) for the host you are trying to connect to.
We recently set up an intranet site with windows authentication here. The network guys setup a group policy and pushed changed to IE and Firefox.
For IE, it added the site to "Intranet Sites" and for Firefox it modified the configuration file so that our intranet..com would be trusted.
So... we got it to work. Here's what happened.
While looking around at the DNS Manager on test.DOMAINNAME.com, my coworker noticed that a different site on the same server was set up as a "Host (A)" entry, whereas the site we were working on was set up as an "Alias (CNAME)" entry. Several other sites on that computer were also set up as Alias entries, and he mentioned that the one site with the Host entry was "rock-solid", and he'd had sporadic issues with at least one other site that was set up as an Alias.
We talked to the AD/DNS admin, and as a test, he switched our entries from Alias to Host, and once we cleared our local DNS caches, it worked perfectly (without requiring entries in our .hosts file).
So the question still sorta stands. This was a Win2k3 box serving as one of three internal DNS servers, and making this modification fixed our problem. If anyone can add any additional information, we'd be very grateful, but in the meantime, we're debating going back and fixing all our other sites.

Why can I see my website even though it's down?

I'm wondering if anyone knows how this happens? My website is down, but every computer on my internet connection/router can see it. I've cleared my cache etc, but another computer in the house shouldn't be seeing a site that's offline. How weird?
It's hosted remotely, not on my network or anything.
The first question to ask yourself is, how certain are you that it's down? If computer A can access it and computer B cannot, either one could be "right":
The site could be down, and computer A could be looking at a cached version from the ISP.
The site could be up, but computer B could be having general internet connectivity problems, or problems accessing this site in particular (bad DNS cache, etc.)
One way to tell is to add some new content to the site (via FTP or an in-place content management system like wordpress, for example) and see if the computer that can access it (computer A) can see the changes. If so, then you're looking at a "live" site, where the pages are being served directly from the server. (If the server is active and runs web software like PHP or ASP, then that would be another way to "prove" that the site is up and running).
Do you know the IP address of your web server?
Do you have direct access to the Internet on port 80?
Tell if your server is up or down by doing the following
telnet 255.255.255.255 80
Where 255.255.255.255 is your web server's IP address. On windows the screen will go blank if the server answers. Then type
GET / HTTP/1.0
And hit enter twice. You should see the content of your default page. If your running as a virtual host, you'll probably need to use HTTP/1.1 and the Hostname tag.
GET / HTTP/1.1
Host: www.yourservername.com
There is one return after HTTP/1.1 and two returns after your hostname. If you get content (the correct content) back from your web server it is definitely not down. If the server fails to connect then your web server is really down, and the content your computers are seeing could be any of the following:
local page cache
local proxy server
ISP proxy server
local ARP poisoning attack redirecting you to attacker's local web server which mirrored your site.
DNS poisoning to direct your browsers to someone else's web server which mirrored your site.
If your site is up, but geographically separated folks can't see your site, it is most likely a DNS issue or an ISP level routing issue.
A good tool to check for DNS issues is OpenDNS's CacheCheck. As for the routing issue, the best bet is to call your web hosting company and see if they've had any other complaints from their other customers, or if they are currently working on a routing issue.
Internet provider cache maybe.
What DNS servers are your friends using? Same as yours?
Your ISP is probably caching the content.
i know it's down cause i asked my friends in other locations to look at it. then i ran a test using this site i found.
http://www.websitepulse.com/help/tools.php
i'm switching hosts and we're dealing with my main domain name. that's the other reason i expected this interuption. i just want to know when it's finally switched.
is ISP cache a bad thing?

Resources