Netgate Website issues
-
@nimrod said in Netgate Website issues:
Im super curious now what the problem might be and how is is this even possible.
well If I find out - be happy to share, I do find it very odd.. I could see maybe if he was a netgate guy, actually on the netgate network then ok.. But I am pretty sure that is not the case ;)
-
@johnpoz To confirm, I am not on the Netgate LAN, I am a university student. I would love to program for Netgate one day, again I am just a student not a Netgate guy. Is a freeBSD Jail connecting/container connecting at times for updates? Just a one off while its VPN(ing) in ? Is there a CPUID to check for containers like bit 31 used for virtual hosts in assembly code that can check? Example of bit 31 use in action below.
I wrote some code at Sacramento State to check CPUIDs again I am also searching for something that would provide signatures what containers are running. Here is my assembly code program in action.
(CPUID 1)
(CPUID 1 EDX)
(CPUID 7 and CPUID 0x40000000)I wanted to share how you can check for Virtual software, again there has to be something to check for containers running in the accelerator cache and force a purge if it finds invasive containers based on a "cpuid" command in assembly code. Containers are a major issue when they are used to abuse.
Keep in mind my program is running inside of the educational system. They have to a CPUID for signature detections of instances of running containers. Currently CPUID only checks to see if your virtualized that I know of. With that in mind containers or FreeBSD Jails can get on the accelerator cache if your using dynamic cache as you have to set max items to GBs for it to work with caching Windows updates. It could in theory be set to auto purge when a signature shows, that is if "if" there is a CPUID for containers.
-
@johnpoz Just a theory. Considering we're passing through a proxy on the client side and i would presume a proxy on the forum side, the XFF header is being passed through. Its the only reason i can come up with how the real IP is being seen. Could be wrong.
-
@michmoor I have no insight into how the forum is setup, or if behind a proxy or load balancer, etc. While yeah I would assume its prob behind something.. If that is what is happening should be fixed, because that is not a good config - anyone could then just do that on purpose and pass whatever IP they want to be logged by the forum, etc.
-
Hmm, curious.
It can only be Squid including the original source IP in the http header and the forum using that somehow. I'm not aware how you might actually do it though....
getverdict.com appears to be a legit service for shopify that we are using. However it should not be blocking you from Sacramento! Assuming that's where you're coming from.
-
@stephenw10 yes I am Sacramento Metro area. But on a smart phone right now, I changed it to transparent. That is weird.
-
If you're still seeing that blocked when using a public IP that's in the US let me know and I'll ping our admins.
-
@stephenw10 X-forwarded header mode set to transparent fixed the issue.
I can add items to the cart and browse the website again without blocking the getverdict service.
-
@jonathanlee Sounds like my theory was a bit true. Still don't know why XFF would affect this.
-
@michmoor I set it to transparent and it's good to go. I kept thinking maybe a container or FreeBSD jail was running that connected to something. But the transparent mode fixed it.
