Hello, Ipfire connections.cgi is impacted by FastFlux detection: accessing PORT information from connections.cgi page gives me this message: The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://isc.sans.org/port_details.php?port=443 Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster Logs (cause) show that isc.sans.org is blocked by FastFlux detection /var/log/squid/cache.log:Feb 27 10:44:47 squid-asnbl-helper[9343] WARN: Destination ‘isc.sans.org’ resolves to IP addresses ‘108.138.17.118’ without corresponding ASN, probably selectively announced
While I understood the underlying issue here, I cannot currently reproduce it with 108.138.17.118 (which isc.sans.org resolves to): [root@maverick ~]# location version Wed, 02 Mar 2022 05:46:50 GMT [root@maverick ~]# location lookup 108.138.17.118 108.138.17.118: Network : 108.138.16.0/21 Country : United States of America Autonomous System : AS16509 - AMAZON-02 Anycast : yes Is the faulty behaviour still observable in your system?
Good morning Peter, I believe this is a side effect of the bug #12783 (https://bugzilla.ipfire.org/show_bug.cgi?id=12783) After solving bug #12783 the problem (fast flux detection) disappeared - currently my boxes run the patched version of connections.cgi. May I suggest to link this bug with #12783 and also check the patch from #12783? Hope it helps!
Late info: since I am in another part of the world, I get different IPs for isc.sans.org: Non-authoritative answer: Name: isc.sans.org Address: 13.225.80.99 Name: isc.sans.org Address: 13.225.80.19 Name: isc.sans.org Address: 13.225.80.77 Name: isc.sans.org Address: 13.225.80.98 Above belong to same AS16509 as you Ip belongs. location lookup 13.225.80.99 13.225.80.99: Network : 13.225.80.0/21 Country : United States of America Autonomous System : AS16509 - AMAZON-02 Anycast : yes [root@ipfire-x86-64 ~]# location version Tue, 01 Mar 2022 05:32:08 GMT But isc.sans.edu is resolved with different IP addresses Non-authoritative answer: Name: isc.sans.edu Address: 45.60.31.34 Name: isc.sans.edu Address: 45.60.103.34 And this belongs to different AS: location lookup 45.60.103.34 45.60.103.34: Network : 45.60.103.0/24 Country : United States of America Autonomous System : AS19551 - INCAPSULA So, I believe that solution from bug #12783 also solved this one...
Solved by solution for bug #12783