Get the most out of your Centmin Mod LEMP stack
Become a Member

CSF Can ping but can't open page

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Aug 30, 2016.

  1. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Ok thanks :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    have you also tried getting the user to connect via vpn with dedicated ip but have all devices in local lan connected via the vpn to browse the site ? so server and csf firewall see all connections from all devices coming from same vpn ip ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    And have you also contacted CSF Firewall developers on their support forums General Discussion (csf) - ConfigServer Community Forum ?

    Also are all the problematic servers with centmin mod installed, with same web host ? or different web hosts ? does the web host have it's own firewall that can be enabled ?

    Do problematic servers have any native DDOS mitigation services included from web host provider ?
     
    Last edited: Sep 3, 2016
  4. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    If he use a vpn all works great.

    Code:
    And have you also contacted CSF Firewall developers on their support forums General Discussion (csf) - ConfigServer Community Forum ?
    Not yet....

    Code:
    Also are all the problematic servers with centmin mod installed, with same web host ? or different web hosts ? does the web host have it's own firewall that can be enabled ?
    Different web hosts.... OVH canada and Digital Ocean.....

    Yes ovh has Dddos support but the support team disable it.
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    then it may come down to the users own ISP/modem/router itself if vpn works but check with csf forums/devs too
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    My hope was to never come back to this topic but now all are confirmed :(

    I had a friend on my place to help him move to a centminmod dedicated server and move his new site there ....

    Using the one time installer for latest Centminmod beta all was ok and i just create the vhost and import database and data .....

    All was perfect and fast and he was very happy with Centminmod :)

    Then he ask me to check the responsive site on tablet and mobile....

    I say to him sure connect them to my network and go ahead .....

    He did connect both mobile and tablet and now we had 3 devices on the network....

    When he try to browse and open the site with mobile or tablet he was getting an error network timeout .....

    Then i was remember this issue and i close the site on my main pc and after about 20-30 seconds he was able to browse on the tablet and looking around without any issues but not on other devices and then we close it on tablet and try after 20-30 seconds on mobile and it was perfect......

    So as i see it with my own eyes on my network (never had any issues and i do not have issues with my network 100%) i am sure that something is limiting connection from even 2 devices (if i am wrong then 3 for sure 100%) ...

    I was remember also that the default limitation on csf was 5 so i didn't change it......

    Don't know what else to do for that :(

    I have disable the:

    Code:
    #limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
    #limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;
    as it looks something related as the server is not blocking me for ever or for more than x seconds....

    Do i have to do something else to disable that or are they load from another place?

    I just want to let you know that i just verify this and i am sure 100% that there is no network issues that cause that...

    Thank you
     
  7. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  8. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I did on the previous setup but i didn't get any email :( Didn't try on this setup...

    I will test it and i will let you know.....
     
  9. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    It seems that i can do that on every centminmod server .... :(

    Just tested with :

    wordpress7.centminmod.com

    It is very easy to do it......

    Connect only two devices on the same network and open the same link for example:

    wordpress7.centminmod.com

    On one device click around links every 4-5 seconds but do not stop for one/two minutes and at the same time just refresh a few times or try to open a link from the same site on the second device....

    The second device will not be able to load the site in a minute or two......
     
  10. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Interesting i just tried on my side with 2x android phones + android tablet on local wifi connection and DO NOT get blocked and I made sure to remove the ip from whitelisting on the server too.
     
  11. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    no email alerts ? check your spam folder too
     
  12. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I just edit the instructions on how to do it ...... Did you do it that way?

    Code:
    no email alerts ? check your spam folder too 
    I did but nothing....Did you get any email alert ?
     
  13. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    On the previous server i had also the ip in the whitelist and got that issue......

    Don't know what to say....

    I am thinking to create a video of it....
     
  14. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    i don't get any email alerts because the ip is not blocked by csf firewall at all
     
  15. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I know there is no block for the ip on csf.....
     
  16. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Ah i have chrome browser with data saver setting enabled, so connections go through google proxy ip and not directly from my ISP ip, so that means each device had it's own unique google proxy ip which seems to make it work.

    If i disable data saver option in chrome browser settings on my Android devices, it does block one 1 out of 3 of the devices. But it's always the same 1 device that is blocked and never the other 2 devices.
    • Samsung Galaxy S7 - always ok
    • Samsung Galaxy Tab S 8.4 4G Tablet - always ok
    • Zoppo Z999 - only device that gets blocked everytime
    For temp work around for clients of yours needing to check on all their devices, if it's Android or mobile, enable the Chrome data saver option or use a VPN.
     
  17. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    That's great that you will be able to replicate this :)

    Finally i am not crazy :)

    Doesn't look relative to iOS or Android as my previous tests was on all iOS systems mac and iphone and ipad and my test today was on one Android tablet (that got blocked) and one iphone..... and just now that i did a third check with two Pc's one mac and one with Windows 10 i got the Win 10 blocked but that block for sure is not related to any device type or OS :)
     
  18. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    ok, try editing /etc/sysctl.conf for centos 6 or centos 7 edit /etc/sysctl.d/101-sysctl.conf

    and change net.ipv4.tcp_tw_recycle from enabled to disabled
    Code (Text):
    net.ipv4.tcp_tw_recycle = 0

    then for centos 6 run
    Code (Text):
    sysctl -p

    for centos 7 run
    Code (Text):
    /sbin/sysctl --system


    for me it resolved my problem of connecting multiple devices on same private lan with one shared public ISP IP to servers
     
  19. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    9:30 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Problem solved !!!!!!! :)
     
  20. eva2000

    eva2000 Administrator Staff Member

    45,466
    10,319
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,005
    Local Time:
    5:30 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    ok looks like 123.08stable and 123.09beta01 need updating :)