[LON-CAPA-admin] Can't access published resources

Stuart Raeburn raeburn at msu.edu
Thu Dec 12 12:03:36 EST 2013 

Hi,

> Ok,  I set up a separate packet filter (port 80) on the firewall for this
> server only and configured it to set the source IP to 66.51.156.71.

Yes, following that change this is now working for LON-CAPA servers  
running Apache without SSL, e.g., on http://demo.loncapa.org, I see:

66.51.156.71 - - [12/Dec/2013:11:45:47 -0500] "GET  
/raw/msudemo/msudemo-domainconfig/domlogo/msudemo.gif HTTP/1.1" 200  
1475 "-" "libwww-perl/5.833"

and files are correctly replicated from demo.loncapa.org to 66.51.156.71.

> Thu Dec 12 11:03:36 2013 (1394): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</font>

However, in the case of the LON-CAPA library server for the msu domain  
(which uses Apache/SSL), you'll need an additional filter on the  
firewall to set the source IP to 66.51.156.71 for the lhsalc.lhsa.com  
server for Apache/SSL requests, i.e., in cases where the destination  
port on the remote LON-CAPA server is 443.


Stuart Raeburn
LON-CAPA Academic Consortium


Quoting Ken Hoegeman <ken.hoegeman at gmail.com>:

> Ok,  I set up a separate packet filter (port 80) on the firewall for this
> server only and configured it to set the source IP to 66.51.156.71.
>
> I am still getting these log messages.  Can you check your logs again to
> make sure my firewall is forwarding on the correct IP address now?
>
> Thanks
>
> Ken
>
> Thu Dec 12 11:03:31 2013 (1396): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/acadiau/aaleksejevs/Assignment 6.page</font>
>
> Thu Dec 12 11:03:32 2013 (1396): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/PDI520 membrane
> potential_Auto_Cleaned_Up.problem.meta</font>
>
> Thu Dec 12 11:03:32 2013 (1399): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/PDI520 membrane
> potential_Auto_Cleaned_Up.problem</font>
>
> Thu Dec 12 11:03:33 2013 (1399): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/PDI520 membrane
> potential_Auto_Cleaned_Up.problem</font>
>
> Thu Dec 12 11:03:36 2013 (1394): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</font>
>
> Thu Dec 12 11:03:37 2013 (1394): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Cat -
> acetaminophen.problem.meta</font>
>
> Thu Dec 12 11:03:37 2013 (1393): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Cat -
> acetaminophen.problem</font>
>
> Thu Dec 12 11:03:37 2013 (1393): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Cat -
> acetaminophen.problem</font>
>
> Thu Dec 12 11:03:38 2013 (1394): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
> Adderall.problem.meta</font>
>
> Thu Dec 12 11:03:38 2013 (1395): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
> Adderall.problem</font>
>
> Thu Dec 12 11:03:38 2013 (1395): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
> Adderall.problem</font>
>
> Thu Dec 12 11:03:43 2013 (1397): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
> Adderall.problem</font>
>
> Thu Dec 12 11:03:43 2013 (1397): <font color="blue">WARNING: LWP get: 403
> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
> Adderall.problem</font>
>
>
> On Thu, Dec 12, 2013 at 9:22 AM, Stuart Raeburn <raeburn at msu.edu> wrote:
>
>> Hi,
>>
>> You are seeing 403 (Forbidden) responses when attempting to replicate
>> resources from other servers in the LON-CAPA network because of a mismatch
>> between the IP address advertised by the LWP request originating from your
>> server, and the IP address resolved from the hostname for your LON-CAPA
>> server provided in the authoritative list of LON-CAPA member servers.
>>
>> Your server is: lhsalc.lhsa.com which resolves to: 66.51.156.71
>>
>> However, the requests originating from your server are identified as
>> originating from your firewall.
>>
>> Reverse look-up for 66.51.156.76 reports that this IP is a pointer to:
>> firewall.lhsa.com
>>
>> The Apache error log files on the remote server contain entries such as:
>>
>> [error] access to /raw/msu/msu-domainconfig/domlogo/msu.gif failed for
>> 66.51.156.76, reason: Unable to find a host for 66.51.156.76
>>
>> The handler routine in /home/httpd/lib/perl/Apache/lonracc.pm on the MSU
>> side which limits access to URLs beginning /raw/ to only those servers
>> known to belong to the LON-CAPA network is returning a FORBIDDEN (403
>> return code) from the following code:
>>
>> my $reqhost = $r->get_remote_host(REMOTE_NOLOOKUP);
>> my @hostids= &Apache::lonnet::get_hosts_from_ip($reqhost);
>>
>> This occurs in cases where $reqhost is not the IP address of a known
>> LON-CAPA server.
>>
>> In this case, $reqhost -- from $r->get_remote_host(REMOTE_NOLOOKUP) -- is
>> 66.51.156.76, which does not correspond to a known server, since
>> 66.51.156.71 is the expected IP for (which resolves to: lhsalc.lhsa.com),
>> hence the message "Unable to find a host".
>>
>>
>> Stuart Raeburn
>> LON-CAPA Academic Consortium
>>
>>
>>
>> Quoting Ken Hoegeman <ken.hoegeman at gmail.com>:
>>
>>  When browsing published resources I get file not found messages and my
>>> lonnet.log is full f these lines:
>>>
>>> The folder structure is there on our server, just non of the files
>>>
>>> Any suggestions would be appreciated.
>>>
>>> Thanks
>>>
>>> Ken Hoegeman
>>>
>>> Wed Dec 11 14:35:05 2013 (22753): Trying to reconnect lonc for msul1 (
>>> s10.lite.msu.edu)
>>>
>>> Wed Dec 11 14:35:11 2013 (22743): <font color="blue">WARNING: LWP get: 403
>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>> font>
>>>
>>> Wed Dec 11 14:35:13 2013 (22744): <font color="blue">WARNING: LWP get: 403
>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>> font>
>>>
>>> Wed Dec 11 14:35:15 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>> font>
>>>
>>> Wed Dec 11 14:35:16 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>> font>
>>>
>>> Wed Dec 11 14:35:17 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sc/gblanpied/courses/chemistry/
>>> thedump_chemistry.sequence.meta</font>
>>>
>>> Wed Dec 11 14:35:17 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sc/gblanpied/courses/chemistry/
>>> thedump_chemistry.sequence.meta</font>
>>>
>>> Wed Dec 11 14:35:17 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>> bondtype2.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:18 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>> bondtype2.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:18 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>> lecture/set4/E.N.pairs.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:19 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>> lecture/set4/molecular.geom.I.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:19 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>> lecture/set4/E.N.pairs.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:19 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>> ionformula.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:19 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>> ionformula.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:20 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/lecture/set4/bond.
>>> classification.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:20 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/lecture/set4/bond.
>>> classification.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:20 2013 (22745): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>> lecture/set4/molecular.geom.II.problem.meta</font>
>>>
>>> Wed Dec 11 14:35:20 2013 (22746): <font color="blue">WARNING: LWP get: 403
>>> Forbidden:
>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>> lecture/set4/molecular.geom.II.problem.meta</font>

More information about the LON-CAPA-admin mailing list