We’re in the process of upgrading our website. We’ve been promising customers a new site for at least two years now, but it looks like we’re actually going to make good on the promise soon.
We hired out an Indian firm to program our site. So far they’ve been moderately good – at least in terms of security of the site. Since we’re hosting things in house, and I’m in charge of security, I want to make sure that no one can get past our setup.
One of our security measures is a one-armed proxy. A one-armed proxy is pretty much the same thing as a full proxy, except that the proxy’d servers are still on the same subnet (and thus still accessible directly) as the rest of the servers.
Unfortunately this means I have to keep track of multiple IPs in the same subnet. Say we’re using 172.16.31.0/24 – we’d have a public IP pointing to a virtual IP and that virtual IP points to the server. So, 4.2.2.2 is a public IP, and it points to 172.16.31.2, which is a virtual IP (proxy) for 172.16.31.20 which is the real server. See?
Anyway, these guys are testing their work, but they end up hardcoding a lot of different IPs into the websites – which is a definite no-no in my opinion. So when you browse to http://4.2.2.2 and it forwards to 172.16.31.2, they have on the site some images (img src) pointing to 172.16.31.20. That means it works internally just fine, but when someone externally tries to view the same page… well it tries to load a non-routable IP address.
Explaining this to them is somewhat easy.
They’ve fixed roughly 99% of the hardcoded code, but ocassionally a piece will pop into place that still has the wrong information. Take today for example:
“When we load this site internally the javascript loads just fine, but when we load it externally there seems to be something blocking it from loading”.
Gee, let’s think about it for a second:
1.) It works internally
2.) It doesn’t work externally
I wonder what the problem is.
View source code on the site and search for 172.16.31.2 and what do I see? Yes! The culprit has been found! I rock!