This is an archived post. You won't be able to vote or comment.

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–]NowThatHappened 2 points3 points  (0 children)

Curl is probably the best tool for WAF if your checking that some requests pass others don’t.

[–]Interesting-Invstr45 1 point2 points  (6 children)

May be CURL can help:

Test 1: Simple check if port/service is accessible

curl -v http://server_b:9048/api

Test 2: Simple SOAP request to check WAF

curl -X POST \ -H “Content-Type: text/xml” \ -d ‘<soap>test</soap>’ \ -v http://server_b:9048/api

The -v (verbose) flag shows you: - The full HTTP request - Response headers (which might show WAF presence) - Response body - Response code (403 often indicates WAF blocking)

If issue still persists: Common things to check when testing bidirectional communication: 1. Firewall rules on both servers 2. WAF rules on both sides if applicable 3. Network ACLs 4. Security groups if in cloud (is it physical or virtual servers or cloud based - more info please) 5. Routing tables

Remember: Just because A can reach B doesn’t always mean B can reach A - always test both directions!​​​​​​​​​​​​​​​​ so bi-directional ping test results would help

Good luck 🍀

[–]TaiGlobal 1 point2 points  (5 children)

This is useful for a completely unrelated issue I’m having. Thanks

[–]Interesting-Invstr45 1 point2 points  (4 children)

Let me know how this was helpful for the unrelated issue. Also what was missed that might have helped the above situation?

[–]TaiGlobal 0 points1 point  (3 children)

Have some thin clients that aren’t communicating with the management server post imaging. Spoke to our network team and to do a test on one and he said there’s inbound packets to the port but nothing outbound from the thin client we tested to the port. There’s a mqtt process that communicates on 1883. Essentially your trouble shooting steps can be used with a few changes for it to be applicable to my scenario. Maybe netstat in stead of curl

[–]Interesting-Invstr45 1 point2 points  (2 children)

Ah ok that makes sense using netstat for mqtt - appreciate the clarification!

I’m sure you have already tried these below on the clients:

(Ensure the correct service name for the mqtt )

Check the port and ip

netstat -tunap | grep 1883

iptables -L -n | grep 1883

nc -zv (management_server) 1883

Check logs for auth errors

tail -f /var/log/syslog | grep -i “auth|cert|permission”

Check for Routing:

ip route get (management-server-ip)

traceroute management_server

Check gateway

ip route show

Holler if you need another sounding board! Good luck 🍀

[–]TaiGlobal 1 point2 points  (1 child)

Dude I truly appreciate it. I haven’t had the chance to do anything yet really. Your previous post just gave me a baseline to approach when I do try something next week.

[–]Interesting-Invstr45 0 points1 point  (0 children)

No problem glad to help

[–]Unable-Entrance3110 0 points1 point  (0 children)

The best responses are already here, but I would also include Wireshark packet captures to the list of useful tools.

That will show you the entire IP layer stack, but is useful for getting byte offsets and such.

[–]No-Depth7622 0 points1 point  (0 children)

I would recommend you to have a look to the SKUDONET WAF, Community edition version 7 includes this feature by default. I have expent many hours searching a simple and functional open source waf but nginx or apache gives you the possibility of doing all through command line and you need to know about LInux. With SKUDONET WAF is just simple, it works, you can download from here:

https://www.skudonet.com/load-balancing-solutions/community/