Welcome, Guest. Please login or register.

Login with username, password and session length

 
Advanced search

1092751 Posts in 72323 Topics- by 19429 Members - Latest Member: 17williarw
Jump to:  
The Trombone ForumHorns, Gear, and EquipmentTechnology(Moderator: john sandhagen) Smartphones/PDAs not connecting to TTF
Pages: 1 2 3 4 5 6 [7] 8  All   Go Down
Print
Author Topic: Smartphones/PDAs not connecting to TTF  (Read 65928 times)
0 Members and 1 Guest are viewing this topic.
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51526
"Almost Professional"


View Profile
« Reply #120 on: Oct 01, 2012, 06:41AM »

The Admins (RHM, bhcordova, BFW, and myself) have access to the Ban List.  I don't really want to reveal the total of the banned IP addresses, but I can say the vast majority of them are from the Far East, where most of our spammers originate.

If someone wants me to test a particular IP address, I would be happy to do so.  Send either a PM or an e-mail (bguttman@tromboneforum.org).  I can't promise instantaneous response, but I'll be happy to help.

If it turns out your IP address has been blocked, I may be able to tell you why and if justified I can remove the block.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
bbocaner

*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 945

View Profile
« Reply #121 on: Oct 01, 2012, 07:55AM »

OK, So my phone on AT&T wireless is now displaying a "apache 2 on centos test page" which seems like a default page that would come with the fresh installation of apache on centos, which is what we already determined the forum was running on post-upgrade. This seems to me to point to a proxy compatibility issue with the proxy that AT&T is using. The ttf server is being confused somehow by the HTTP/1.1 headers that are being passed by the proxy and is selecting the default web server rather than the virtual server that the forum is hosted on using the same IP. This is probably what was happening before, but the default server was configured to just give a 403 rather than the default test page that is now installed. This would point to an incompatibility between the way the proxy is configured and the way the ttf server is configured.
Logged

--
Barry
bbocaner

*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 945

View Profile
« Reply #122 on: Oct 01, 2012, 07:57AM »

If it is the ban list, it's possible that the server is configured to send the banned IPs to a different virtual web server than the regular ones. Bruce -- can you check 198.228.200.32?
Logged

--
Barry
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51526
"Almost Professional"


View Profile
« Reply #123 on: Oct 01, 2012, 02:45PM »

We don't have any  banned IP's starting on 198.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
Captainslow

*
Offline Offline

Location: Torrington, CT
Joined: May 3, 2012
Posts: 163

View Profile WWW
« Reply #124 on: Oct 01, 2012, 03:14PM »

OK, So my phone on AT&T wireless is now displaying a "apache 2 on centos test page" which seems like a default page that would come with the fresh installation of apache on centos, which is what we already determined the forum was running on post-upgrade. This seems to me to point to a proxy compatibility issue with the proxy that AT&T is using. The ttf server is being confused somehow by the HTTP/1.1 headers that are being passed by the proxy and is selecting the default web server rather than the virtual server that the forum is hosted on using the same IP. This is probably what was happening before, but the default server was configured to just give a 403 rather than the default test page that is now installed. This would point to an incompatibility between the way the proxy is configured and the way the ttf server is configured.

I agree with this and think this is what is happening.... I ran the wire shark again, will post and this appears to be exactly what's going on. I am switching to Verizon now lol. I doubt there is much of a KB on making your site work with ATT phones. I can research it but what a PIA....

Logged

Musical Director / Trombonist / Weekend Warrior

----HORNS----
2013 Shires .547 Dual Bore Valve
1979 Conn Victor 5h

James May - "It`s a small step in the right direction."
Eastcheap

*
Offline Offline

Location: Somewhere between Dallas and Tyler
Joined: Apr 9, 2010
Posts: 1569
"It's the only song I know."


View Profile
« Reply #125 on: Oct 01, 2012, 07:23PM »

It's a transparent proxy, meaning there is some policy NAT in place to redirect HTTP traffic to it regardless of any settings on the phone itself.

It's true that AT&T connects you to the network via a NAT router, but there's no proxy involved, so far as I can tell (and I'm using AT&T wireless right now).  If fact, I've no particular reason to believe that anything more sinister than IP masquerading is going on.

If the Legado proxy test is saying otherwise, then something else is afoot.  Most AT&T phones have browsers configured to use a proxy by default.  I don't know if that applies to Android and iPhone, however (I know it doesn't to Palm).

Quote
That's not to say I don't think his theory also holds water... Todd Jonz's thought that it may be because of a ban list is compelling.

This has been discussed at some length.  If there's a ban, it's almost certainly not a TTF ban, but something implemented at a lower level.

Quote
However, in the headers in the capture that captainslow posted, it shows it as coming from Apache/2.2.19 on FreeBSD, and a capture that I just did shows a page load on TTF coming from Apache/2.2.3 on CentOS.

Which tends to suggest something going on at a lower level.  In fact, that could be a DNS hiccough (it seemed to take ages for the AT&T nameservers to get the new address).  The Apache/2.2.3 (CentOS) server is definitely TTF's.
Logged
bbocaner

*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 945

View Profile
« Reply #126 on: Oct 02, 2012, 06:04AM »

It's true that AT&T connects you to the network via a NAT router, but there's no proxy involved, so far as I can tell (and I'm using AT&T wireless right now).  If fact, I've no particular reason to believe that anything more sinister than IP masquerading is going on.

If the Legado proxy test is saying otherwise, then something else is afoot.  Most AT&T phones have browsers configured to use a proxy by default.  I don't know if that applies to Android and iPhone, however (I know it doesn't to Palm).

This has been discussed at some length.  If there's a ban, it's almost certainly not a TTF ban, but something implemented at a lower level.

Which tends to suggest something going on at a lower level.  In fact, that could be a DNS hiccough (it seemed to take ages for the AT&T nameservers to get the new address).  The Apache/2.2.3 (CentOS) server is definitely TTF's.



Like I said. It's a transparent proxy, which they force upon you using a policy NAT rather than with OS or browser settings. Maybe they only do it for iphone and/or android users, but it's there.

And something about the way the proxy works causes it not to be compatible with something about the way the TTF server is set up to do virtual hosts.
Logged

--
Barry
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51526
"Almost Professional"


View Profile
« Reply #127 on: Oct 02, 2012, 06:08AM »

FWIW, we don't have any banned IPs beginning with 210.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
bbocaner

*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 945

View Profile
« Reply #128 on: Oct 02, 2012, 06:17AM »

FWIW, we don't have any banned IPs beginning with 210.

Not worth anything :) -- that's the IP address of the lagado test applet that eastcheap mentioned. But thanks anyways. :)
Logged

--
Barry
Eastcheap

*
Offline Offline

Location: Somewhere between Dallas and Tyler
Joined: Apr 9, 2010
Posts: 1569
"It's the only song I know."


View Profile
« Reply #129 on: Oct 02, 2012, 09:33AM »

Like I said. It's a transparent proxy, which they force upon you using a policy NAT rather than with OS or browser settings. Maybe they only do it for iphone and/or android users, but it's there.

Okay, I think we're actually making some progress here.

The 198.228 addresses don't belong to AT&T.  That network is owned by Service Provider Corporation.  Time and time again, they've been implicated in the connection problems.

There's not a lot of information about them on the net, but what I've seen isn't very positive.  This blog post might be relevant.

I'm typically assigned AT&T-owned 32/8 addresses and there's not a whiff of proxy.

However...

When I inject a bogus "Via" entry in my request headers, surprise surprise, I get directed to the aforementioned Apache test page.  Apparently, the problem is the "Via" entry per se, not the associated proxy, which is kind of obnoxious, but functional.

I think we need finally to put the whole "banned IP" notion to rest and accept that the problem is simply dysfunctional server-side software.  I doubt that there's anything the TTF admins can do about it except complain.

Quote
And something about the way the proxy works causes it not to be compatible with something about the way the TTF server is set up to do virtual hosts.

So far as I can tell, the VH system used by TTF's host is some kind of in-house thing that doesn't work very well.  I've had minor problems with it off and on for years, regardless of ISP.

For an illustration, try connecting to TTF using the raw IP address (currently 54.243.192.52) so as to produce a meaningless "Host:" header entry.  What comes back (as raw ASCII, not HTML) is:

Database Error: Unable to connect to the database:Could not connect to MySQL

which simply isn't appropriate behavior.
Logged
Captainslow

*
Offline Offline

Location: Torrington, CT
Joined: May 3, 2012
Posts: 163

View Profile WWW
« Reply #130 on: Oct 02, 2012, 11:48AM »

The banned IP was a theory pre update because the error was coming from the old server with a 403 error. It wasn't completely wacky to think that. Now with the new server. The possibility of a compatibility issues is in question. I guess the next step is to figure out the configuration and see if other .php sites suffer from this ailment and what actions did they take to overcome it. I will ask a forum admin at another site if he ever ran into this issue. (This forum I am referring to has a user base of over 80k). Its possible that he ran into this as well at some point.
Logged

Musical Director / Trombonist / Weekend Warrior

----HORNS----
2013 Shires .547 Dual Bore Valve
1979 Conn Victor 5h

James May - "It`s a small step in the right direction."
Eastcheap

*
Offline Offline

Location: Somewhere between Dallas and Tyler
Joined: Apr 9, 2010
Posts: 1569
"It's the only song I know."


View Profile
« Reply #131 on: Oct 02, 2012, 01:07PM »

I guess the next step is to figure out the configuration and see if other .php sites suffer from this ailment and what actions did they take to overcome it.

I've never seen it.  In fact, in over twenty years, I've not seen anything quite like the TTF server.

I really don't think it's an SMF problem.  On the off chance that it is, how about we wait awhile?  AFAIK, Richard Byrd is working on the SMF upgrade even as we speak (after a bout of seriously unpleasant gut problems), and the present version of SMF is really too old to be worth discussing anyway.
Logged
bbocaner

*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 945

View Profile
« Reply #132 on: Oct 02, 2012, 03:45PM »

I'd wager it's something in the Apache configuration rather than the forum or php configuration. I wonder if perhaps the proxy is mangling the Via: header somehow in a way that is close enough for most applications but stumbles up some way the virtual hosts are defined in apache. It'd be very interesting to do a capture from the ttf server, or at least look at its apache logs.
Logged

--
Barry
Eastcheap

*
Offline Offline

Location: Somewhere between Dallas and Tyler
Joined: Apr 9, 2010
Posts: 1569
"It's the only song I know."


View Profile
« Reply #133 on: Oct 03, 2012, 03:48AM »

I wonder if perhaps the proxy is mangling the Via: header somehow...

No.  The "Via:" line shown in the lagado screenshot above conforms to RFC2616.  The proxy is doing precisely what it's supposed to do.

Quote
but stumbles up some way the virtual hosts are defined in apache.

The "Via:" entry has nothing to do with virtual hosting, and Apache knows it.  Besides, I've never managed to make the server return anything except the plaintext MySQL-related error upon a request for a nonexistent host.

What appears to be happening is that, for some reason, the server admins have decided to block all requests from RFC2616-compliant gateways and proxies, not just smartphones.

Any "Via:" entry in the request header currently results in the following:

HTTP/1.1 403 Forbidden
Date: Wed, 03 Oct 2012 10:11:04 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Content-Length: 5043
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
        <head>
                <title>Apache HTTP Server Test Page powered by CentOS</title>

...

Note that the Status-Code is still 403.  What's new is the server dishing up the Apache test page (which is a typical sort of thing for an incompletely configured server to do).
Logged
bbocaner

*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 945

View Profile
« Reply #134 on: Oct 03, 2012, 05:55AM »

That's BIZARRE for it to be returning 403 AND the content!
Logged

--
Barry
Todd Jonz
Department of Redundancy Department

*
Offline Offline

Location: Vermont
Joined: Sep 13, 2003
Posts: 3667
"Do not taunt Happy Fun Ball."


View Profile
« Reply #135 on: Oct 03, 2012, 09:49AM »


Eastcheap writes:

> So far as I can tell, the VH system used by TTF's
> host is some kind of in-house thing that doesn't
> work very well.

TTF's new IP address, 54.243.192.52, is allocated to Amazon, which suggests to me that the Forum now runs in Amazon's AWS/EC2/S3 cloud.  If that's the case then I should think Amazon's front-end would handle incoming requests and distribute them to an application processor.

Barry writes:

> That's BIZARRE for it to be returning 403 AND the content!

No extra charge.  ;-)


Logged

Have you registered at TromboneChat.com yet?
Eastcheap

*
Offline Offline

Location: Somewhere between Dallas and Tyler
Joined: Apr 9, 2010
Posts: 1569
"It's the only song I know."


View Profile
« Reply #136 on: Oct 03, 2012, 12:07PM »

That's BIZARRE for it to be returning 403 AND the content!

Not really.  RFC2616 suggests that you do just that:
10.4.4 403 Forbidden

   The server understood the request, but is refusing to fulfill it.
   Authorization will not help and the request SHOULD NOT be repeated.
   If the request method was not HEAD and the server wishes to make
   public why the request has not been fulfilled, it SHOULD describe the
   reason for the refusal in the entity.  If the server does not wish to
   make this information available to the client, the status code 404
   (Not Found) can be used instead.

Obviously, you should provide content that describes the reason for the refusal, not the I-just-installed-Apache test page.  :)

TTF's new IP address, 54.243.192.52, is allocated to Amazon, which suggests to me that the Forum now runs in Amazon's AWS/EC2/S3 cloud.

I think they may just be leasing space on an Amazon network.  The server itself doesn't appear to be, functionally, very different from before.

In any case, it's my understanding that the current arrangement is temporary.
Logged
Todd Jonz
Department of Redundancy Department

*
Offline Offline

Location: Vermont
Joined: Sep 13, 2003
Posts: 3667
"Do not taunt Happy Fun Ball."


View Profile
« Reply #137 on: Oct 03, 2012, 03:10PM »


Eastcheap writes:

> it's my understanding that the current arrangement is temporary.

This is where I get confused.  I'm under the impression that the upgrade is complete, and that the Forum is now residing at its new home.  (Edit: Doug Elliot set me straight in another thread, explaining that TTF is indeed running on an interim server.)

Aside to Eastcheap:  Just FYI, the iOS autocowrecker wants desperately to change "Eastcheap" to "East heap."  I'd complain to Apple if I were you.  :-)


Logged

Have you registered at TromboneChat.com yet?
tbonejeff

*
Offline Offline

Location: Freeburg, IL
Joined: May 20, 2005
Posts: 282

View Profile
« Reply #138 on: Oct 03, 2012, 03:18PM »

I just now tried accessing TTF from my AT&T Samsung Galaxy Note, running Android 4.0.4. The built-in browser went to the Apache page. The Opera mini browser went to TTF. The Dolphin browser went to the Apache page.
Logged

Jeff Peterson
TromboneMonkey

*
Offline Offline

Location:
Joined: Aug 16, 2009
Posts: 2389

View Profile
« Reply #139 on: Oct 03, 2012, 03:35PM »

I run the Dolphin Browser on my Android.  Neither it nor the standard Android (Chrome) browser can access the site, but Opera Mini can.  FWIW.
Logged

-John
Pages: 1 2 3 4 5 6 [7] 8  All   Go Up
Print
Jump to: