[LON-CAPA-admin] Can't access published resources

Thu Dec 12 12:19:19 EST 2013

Ok,  I setup a filter for port 443 and it appears to be working now.
Thanks so much for your help

Ken

On Thu, Dec 12, 2013 at 12:03 PM, Stuart Raeburn <raeburn at msu.edu> wrote:

> Hi,
>
>
>  Ok,  I set up a separate packet filter (port 80) on the firewall for this
>> server only and configured it to set the source IP to 66.51.156.71.
>>
>
> Yes, following that change this is now working for LON-CAPA servers
> running Apache without SSL, e.g., on http://demo.loncapa.org, I see:
>
> 66.51.156.71 - - [12/Dec/2013:11:45:47 -0500] "GET /raw/msudemo/msudemo-
> domainconfig/domlogo/msudemo.gif HTTP/1.1" 200 1475 "-"
> "libwww-perl/5.833"
>
> and files are correctly replicated from demo.loncapa.org to 66.51.156.71.
>
>
>  Thu Dec 12 11:03:36 2013 (1394): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>> font>
>>
>
> However, in the case of the LON-CAPA library server for the msu domain
> (which uses Apache/SSL), you'll need an additional filter on the firewall
> to set the source IP to 66.51.156.71 for the lhsalc.lhsa.com server for
> Apache/SSL requests, i.e., in cases where the destination port on the
> remote LON-CAPA server is 443.
>
>
>
> Stuart Raeburn
> LON-CAPA Academic Consortium
>
>
> Quoting Ken Hoegeman <ken.hoegeman at gmail.com>:
>
>  Ok,  I set up a separate packet filter (port 80) on the firewall for this
>> server only and configured it to set the source IP to 66.51.156.71.
>>
>> I am still getting these log messages.  Can you check your logs again to
>> make sure my firewall is forwarding on the correct IP address now?
>>
>> Thanks
>>
>> Ken
>>
>> Thu Dec 12 11:03:31 2013 (1396): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/acadiau/aaleksejevs/Assignment
>> 6.page</font>
>>
>> Thu Dec 12 11:03:32 2013 (1396): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/PDI520 membrane
>> potential_Auto_Cleaned_Up.problem.meta</font>
>>
>> Thu Dec 12 11:03:32 2013 (1399): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/PDI520 membrane
>> potential_Auto_Cleaned_Up.problem</font>
>>
>> Thu Dec 12 11:03:33 2013 (1399): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/PDI520 membrane
>> potential_Auto_Cleaned_Up.problem</font>
>>
>> Thu Dec 12 11:03:36 2013 (1394): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>> font>
>>
>> Thu Dec 12 11:03:37 2013 (1394): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Cat -
>> acetaminophen.problem.meta</font>
>>
>> Thu Dec 12 11:03:37 2013 (1393): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Cat -
>> acetaminophen.problem</font>
>>
>> Thu Dec 12 11:03:37 2013 (1393): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Cat -
>> acetaminophen.problem</font>
>>
>> Thu Dec 12 11:03:38 2013 (1394): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
>> Adderall.problem.meta</font>
>>
>> Thu Dec 12 11:03:38 2013 (1395): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
>> Adderall.problem</font>
>>
>> Thu Dec 12 11:03:38 2013 (1395): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
>> Adderall.problem</font>
>>
>> Thu Dec 12 11:03:43 2013 (1397): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
>> Adderall.problem</font>
>>
>> Thu Dec 12 11:03:43 2013 (1397): <font color="blue">WARNING: LWP get: 403
>> Forbidden: /home/httpd/html/res/msu/hegg/Calc 1 - pills/Dog -
>> Adderall.problem</font>
>>
>>
>> On Thu, Dec 12, 2013 at 9:22 AM, Stuart Raeburn <raeburn at msu.edu> wrote:
>>
>>  Hi,
>>>
>>> You are seeing 403 (Forbidden) responses when attempting to replicate
>>> resources from other servers in the LON-CAPA network because of a
>>> mismatch
>>> between the IP address advertised by the LWP request originating from
>>> your
>>> server, and the IP address resolved from the hostname for your LON-CAPA
>>> server provided in the authoritative list of LON-CAPA member servers.
>>>
>>> Your server is: lhsalc.lhsa.com which resolves to: 66.51.156.71
>>>
>>> However, the requests originating from your server are identified as
>>> originating from your firewall.
>>>
>>> Reverse look-up for 66.51.156.76 reports that this IP is a pointer to:
>>> firewall.lhsa.com
>>>
>>> The Apache error log files on the remote server contain entries such as:
>>>
>>> [error] access to /raw/msu/msu-domainconfig/domlogo/msu.gif failed for
>>> 66.51.156.76, reason: Unable to find a host for 66.51.156.76
>>>
>>> The handler routine in /home/httpd/lib/perl/Apache/lonracc.pm on the MSU
>>> side which limits access to URLs beginning /raw/ to only those servers
>>> known to belong to the LON-CAPA network is returning a FORBIDDEN (403
>>> return code) from the following code:
>>>
>>> my $reqhost = $r->get_remote_host(REMOTE_NOLOOKUP);
>>> my @hostids= &Apache::lonnet::get_hosts_from_ip($reqhost);
>>>
>>> This occurs in cases where $reqhost is not the IP address of a known
>>> LON-CAPA server.
>>>
>>> In this case, $reqhost -- from $r->get_remote_host(REMOTE_NOLOOKUP) --
>>> is
>>> 66.51.156.76, which does not correspond to a known server, since
>>> 66.51.156.71 is the expected IP for (which resolves to: lhsalc.lhsa.com
>>> ),
>>> hence the message "Unable to find a host".
>>>
>>>
>>> Stuart Raeburn
>>> LON-CAPA Academic Consortium
>>>
>>>
>>>
>>> Quoting Ken Hoegeman <ken.hoegeman at gmail.com>:
>>>
>>>  When browsing published resources I get file not found messages and my
>>>
>>>> lonnet.log is full f these lines:
>>>>
>>>> The folder structure is there on our server, just non of the files
>>>>
>>>> Any suggestions would be appreciated.
>>>>
>>>> Thanks
>>>>
>>>> Ken Hoegeman
>>>>
>>>> Wed Dec 11 14:35:05 2013 (22753): Trying to reconnect lonc for msul1 (
>>>> s10.lite.msu.edu)
>>>>
>>>> Wed Dec 11 14:35:11 2013 (22743): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>>> font>
>>>>
>>>> Wed Dec 11 14:35:13 2013 (22744): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>>> font>
>>>>
>>>> Wed Dec 11 14:35:15 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>>> font>
>>>>
>>>> Wed Dec 11 14:35:16 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden: /home/httpd/html/res/msu/msu-domainconfig/domlogo/msu.gif</
>>>> font>
>>>>
>>>> Wed Dec 11 14:35:17 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sc/gblanpied/courses/chemistry/
>>>> thedump_chemistry.sequence.meta</font>
>>>>
>>>> Wed Dec 11 14:35:17 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sc/gblanpied/courses/chemistry/
>>>> thedump_chemistry.sequence.meta</font>
>>>>
>>>>
>>>> Wed Dec 11 14:35:17 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>>>
>>>> bondtype2.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:18 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>>> bondtype2.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:18 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>>>
>>>> lecture/set4/E.N.pairs.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:19 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>>> lecture/set4/molecular.geom.I.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:19 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>>> lecture/set4/E.N.pairs.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:19 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>>> ionformula.problem.meta</font>
>>>>
>>>>
>>>> Wed Dec 11 14:35:19 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/msu/ciskepau/CHEMISTRY/chap6/
>>>>
>>>> ionformula.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:20 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/lecture/set4/bond.
>>>> classification.problem.meta</font>
>>>>
>>>> Wed Dec 11 14:35:20 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/lecture/set4/bond.
>>>> classification.problem.meta</font>
>>>>
>>>>
>>>> Wed Dec 11 14:35:20 2013 (22745): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>>> lecture/set4/molecular.geom.II.problem.meta</font>
>>>>
>>>>
>>>> Wed Dec 11 14:35:20 2013 (22746): <font color="blue">WARNING: LWP get:
>>>> 403
>>>> Forbidden:
>>>> /home/httpd/html/res/sfu/batchelo/chem111/problems/
>>>> lecture/set4/molecular.geom.II.problem.meta</font>
>>>>
>>>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lon-capa.org/pipermail/lon-capa-admin/attachments/20131212/ff95658f/attachment.html>