Forum Moderators: open
My assumption is that we have banned an IP that they depend on, such as at their ISP or elsewhere downstream, but I don't know if that would be the answer.
In any case, can anyone in this forum suggest how we might track down which banned IP on our server is interferring with our client's user's ability to see their site?
Thanks!
N
mine provide the following:
"client denied by server configuration"
thanks for the suggestion. i did the tracert from his machine to our server (see below) and then checked all the IPs identified to see if any are blocked on our server, but none were blocked.
in one case (Level3) we have blocked another IP associated with them, but not any of the IPs mentioned below.
Any other ideas?
------------------
here is the trace info:
1 <1 ms <1 ms <1 ms 10.110.1.1
2 <1 ms <1 ms <1 ms 10.110.1.3
3 7 ms 8 ms 5 ms 10.10.43.254
4 3 ms 3 ms 3 ms r1-ca-rwc-bsr.nextweb.net
[209.172.111.229]
5 15 ms 22 ms 11 ms 64-186-173-225-cust.nextweb.net
[64.186.173.225]
6 8 ms 7 ms 6 ms r1-ca-paix-cr2.nextweb.net
[209.172.123.1]
7 4 ms 13 ms 7 ms r1-ca-paix-cr1.nextweb.net
[64.186.160.145]
8 6 ms 5 ms 4 ms ge-9-0-301.hsa3.SanJose1.Level3.net
[4.79.59.9]
9 6 ms 6 ms 5 ms so-2-1-0.bbr1.SanJose1.Level3.net
[4.68.114.153]
10 19 ms 8 ms 7 ms ae-34-89.car4.SanJose1.Level3.net
[4.68.18.134]
11 41 ms 67 ms 35 ms gblx-level3-te.sanjose1.Level3.com
[4.68.111.162
]
12 92 ms 99 ms 91 ms
HURRICANE-ELECTRIC-LLC-New-York.TenGigabitEthern
et1-3.ar5.NYC1.gblx.net [64.209.92.98]
13 130 ms 129 ms 126 ms 10gigabitethernet2-3.core1.ash1.he.net
[72.52.92
.86]
14 86 ms 89 ms 88 ms equinixdirect-pri.lore.net
[206.51.36.58]
we checked the logs and sure enough there was a block code mentioned for the blocked IP, but it didn't seem to give any other valuable information, such as the actual IP that was blocked.
this is a pretty frustrating problem. there must be a simple solution but i can't see it right now.
thoughts?
N
N
we checked the logs and sure enough there was a block code mentioned for the blocked IP, but it didn't seem to give any other valuable information, such as the actual IP that was blocked.
my sites are hosted.
The following with IP obfuscated and page address omitted
[Sun Jan 27 03:17:11 2008] [error] [client zz.zzz.zzz.zzz] client denied by server configuration:
end of quote
thus client IP should at least provide you with a direction.
In the event the IP denied is not listed in your error logs than the only alternative would be to note the time in the error logs and chase that time in your visitor logs (looking for a 403).
I am thinking that perhaps the IP of a proxy server could be the IP that is blocked. Would that be possible?
This seems to be a common misconception by many.
A visitor may be able to provide a phony IP range when visiting a website, however retrieval of data using a phony IP is next to impossible. (A proxy server would at least provide the proxy IP).
As a result, the only benefit of a phony IP would be in log spamming.
The denied IP you have docmented is likley accurate.
Your left with determing the cause of the denied IP. (your original inquiry).
If so, how do you identify the IP of the network proxy server?
Just do an ARIN (or other Whois) on the IP range.
Should it be your desire to determine the actual IP of the visitor behind the proxy server?
Don't believe that's possible.
There are some web pages that list active proxy servers, most of which are spam related.
in one case (Level3) we have blocked another IP associated with them, but not any of the IPs mentioned below.
Haven't done tracerts in quite a while.
Believe the first few are realated to your own IP (perhaps all the Level3 references).
A tracert on one of the IP's in your example (Hurricane) and from my own machine provides seven lines of tracerts that are related to my own internet provider.
The remaining ones Global Crossing and Hurricane Electric offer IP ranges that many have denied access.
The last provider in your tracert (line 14) is a colo with a global share and their customers could come from anywhere.
