2015/09/30

Allow webapps to make outgoing requests

I was experiencing a pretty bad slowdown while trying to use the admin pages of a WordPress site recently. The load on the machine was quite low, so I began to suspect that it was trying to call out to external services (facebook, pinterest, etc) that might have been blocked by CSF (configserver firewall).

I started playing around with tcpdump and friends and then realized that the information I was looking for (blocked outgoing requests) was already being logged in /var/log/kern.log on our Ubuntu system (same on Debian).

Here’s the little pipeline I used to look up the hostnames of the requests that were blocked:

grep -F 'TCP_OUT Blocked' /var/log/kern.log | awk '{print $13}' | cut -c 5- | sort -u | while read ip; do echo "$ip"; nslookup $ip | grep name | expand -1; done

1	grep -F 'TCP_OUT Blocked' /var/log/kern.log \| awk '{print $13}' \| cut -c 5- \| sort -u \| while read ip; do echo "$ip"; nslookup $ip \| grep name \| expand -1; done

It could be formatted nicer, but at least it gave me what I wanted. After removing an erroneous firewall entry using csf -dr IP[/CIDR|NETMASK], all was snappy once again.

Allow webapps to make outgoing requests is original content from devolve.

Tags:command line, data wrangling, Linux, networking, security, sysadmin

About The Author

Charlie Herron

Denizen of Portland, Maine; tech jack; lover / hater / whatever; philosophical dabbler. http://twitter.com/realgeek