I have an issue on our home PC where some users (namely our kids) cannot load HTTPS sites. Instead, they run into a ERR_TIMED_OUT. Weird enough, if I start Fiddler to trace what's going on, HTTPS works. Once I close Fiddler, it's back to the timeout.
There was once the kid monitoring software "KidsWatch" installed on the computer, which allowed to disable port 443. I had once disabled 443, then re-enabled it, then uninstalled KidsWatch.
Now I'm wondering where to look. It's clearly not a firewall issue, as the use with fiddler shows. Are there any registry keys I should look at?
Thanks and best regards
Simon
Related
This server worked not too long ago (I don't have a specific date). We use it for testing and had successfully deployed a few applications. Upon returning to the project I could no longer access the applications chrome saying the site cannot be reached when I netstat -an | grep 'LISTEN'.
I can see the unsecured port but the SSL port is missing in action. I asked the networking team if the ports were being blocked and they said no. I tried to force the application to use the secure port by disabling the unsecured port, restarting the managed server but the it fails to start with this configuration.
Any thoughts? SSL is not really my area of expertise (this is my first exposure). When googling the title I didn't see any results that matched the problem I am having, or at least I did not realize they did...
The server will restart if I enable the unsecured port.
# Gerardo Arroyo, yes this seems to be the issue. I assumed that this server used the same certs as other servers in the test system but it seems I was wrong. I will request a new cert from the networking team. Thank you
I downloaded the app Charles Proxy, I added the certificate and I can confirm that the Charles certificate is in my certlm (Certificate Manager) in the "Trusted Root Certification" folder, I had also enabled SSL Proxying to include this location: "*:443" which I believe means that I want to see all data coming in.
I'm not sure what the problem is, but whenever I open up Charles Proxy, it doesn't allow me to access any websites, all the data coming in Charles is coming in as status: "Blocked"
I'm using Windows 10 if that helps. I didn't have this issue on MacOS, Help is appreciated!
Here was the solution to my problem:
First quit Charles. Then go to the Internet Options in your Control Panel. Go to the Connections tab. Click on the LAN Settings. You’ll see a Proxy panel. Uncheck the Use a Proxy checkbox. Click OK until you’ve closed the Internet Options.
Then opened up Charles Log, go to Tools -> Allow List and make sure "Enable Allow List" is unchecked.
I suggest you check Windows proxy settings as your applications are most probably trying to communicate on a wrong IP/port proxy address matching.
Open cmd (Windows+R, cmd, Enter).
Execute:
rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,4
Click on LAN settings, then check Use a proxy server for your LAN.
Click Advanced button near Address and Port labels.
Define your addresses and ports here. I once had a task that required me to check all incoming and outgoing HTTP/HTTPS connections from my machine, so I set on HTTP field the address 127.0.0.1 with port 8888 and checked the option "Use the same proxy server for all protocols". If you want a finer control, you leave this option unchecked set different ports to handle FTP and Socks connections. Those ports are used by Charles. Check those settings in Charles Proxy as well!
Click Ok, then click Ok again.
On Charles, in Proxy-Proxy settings, make sure the port numbers are the same for the relative protocols as you set up before in the Windows proxy page.
I personally have never used Charles on a Windows machine but it sounds like your browser isn't configured to run through the proxy. Firefox use to have an add-on for Charles but now you have to manually enter the proxy ip to intercept the data. I'm not sure if you can use any other browsers on Windows with Charles, but use Firefox and go to Preferences > Network Settings > Manual Proxy Configuration and add your machine's ip address and the default Charles port 8888. Also make sure to check the checkbox to allow HTTPS. Save these changes and you should be good to go.
I don't have a Windows machine to try any of this out, but I've always found the documentation helpful.
There may be something that you've overlooked in the configuration, ssl proxying or ssl certificates sections.
I use my home network (ATT U-Verse) to serve my ASP .NET website on a Windows 8.1 Pro machine with IIS 8.5. Because Chrome requires https for doing audio recording, I want to move to https. I followed the instruction video at https://www.netometer.com/blog/?p=1758 , and everything corresponds (IIS showing that I have a certificate in the bindings and an entry for port 443) until I test the actual https link in a browser (on the server itself, on an other machine on the home network, or externally via my phone with data), which gives me a "This page can’t be displayed" or equivalent message. I added port 443 to the Norton firewall rule I already had. The http access still works, however. Netmon 3.4 shows no TLS or SSL traffic. I also tried disabling the Norton firewall temporarily. This leads me to believe that the problem is that either the ATT NVG510 router I have is blocking port 443, or that ATT itself is blocking it. Looking at the router settings on the Packet Filter page, it seems none of the default "Drop" rules are enabled, and there is an "Enable Packet Filters" button. Do I specifically have to set up a "Pass" rule?
Does anyone have any ideas on what I could do? Can I actually do https on my home server? My web site is www.jtlanguage.com . Sorry if this is the wrong place to put this. I'm a programmer trying to do some IT.
Thanks.
-John
Turns out I wasn't doing port forwarding. For NVG510 users this is done by going to the router page in the browser to firewall->NAT/Gaming page and adding a hosted application referencing the HTTPS service and the web server machine name.
I've got an abuse message from Spamhouse with following:
The host at this IP address is currently being used to distribute malware.
Malware distribution located here:
http://xxx.xx.xx.xxx:8080/get/get.php
Where http://xxx.xx.xx.xxx is our domain.
We've found that any request to port 8080 returns Malware.
We use Apache 2 on server. But there are now any setting on port 8080.
Just looing for ideas how to fix that bug?
At the moment we closed port 8080. But there are still some malware inside.
Will appreciate for any suggestions.
Pull that server offline now.
Deploy new server.
Ensure all relevant OS and application updates are applied.
Double check security configuration.
Restore your data from a verified backup.
Then investigate the original server logs/etc. for clues as to how you were infected in the first place.
I have recently switched from mac development environment to windows development environment. I was used Chrles proxy extensively to capture network traffic, requests and response details. Right now I have installed Charles proxy version 3.7 in windows 8. How ever I have observed that the website on which I am working is not opening at all with Charles proxy ON. It is showing below exception message. And it is working perfectly for all other websites.
Charles Error Report
Failed to connect to remote host
Charles failed to connect to the remote host. Check that your Internet
connection is ok and that the remote host is accessible. Maybe your
network uses a proxy server to access the Internet? You can configure
Charles to use an external proxy server in the External Proxy
Settings.
The actual exception reported was:
java.net.ConnectException: Connection timed out: connect Charles
Proxy, http://www.charlesproxy.com/
Research that I have done before coming to SE:
I have searched in google with the keyword "Charles Error Report-Failed to connect to remote host". I got couple of links which are related to the above issue.
First link says to check for external proxy setting. I have checked, there are no external proxy settings in my computer.
Second link says open the url in browser and close charles proxy and reopen it. I did that. Still no luck.
How to overcome this issue?
Do you get the same problem with other proxies like Fiddler? If so, it's probably not related to Charles but either a network problem or inability of your application to work with a proxy.
Other causes may be using HTTPS (which can cause certificate errors) or using the loopback address (localhost or 127.0.0.1) which may or may not be ignored by the proxy.
UPDATE
In IE10+ Enhanced Protection Mode prevents untrusted applications from accessing local resources. Pages and sites that are not in the Trusted Zone are considered unstrusted, so they can't connect to any local proxy. Fiddler includes a configuration button to configure Windows 8 to bypass this. You can find a very good explanation of what happens and why here.
In Windows 8, EPM is enabled only for Metro IE. In 8.1 it is enabled by default even for Desktop IE.
You may be able to make Charles work again simply by adding your site's address to the Trusted Zone in IE's security settings, or you can download the EnableLoopBackUtility mentioned in Configure Fiddler for Windows 8 Metro-style applications to allow IE to connect to your site through the local proxy
I have experienced this as a timing or caching related gremlin. For me, in most cases, this is resolved by doing force-reload a few times in the browser. Doing so is slightly different on each platform. In Mac/Chrome, holding down Command + Shift + R for a couple of seconds does the trick. In Win/IE, holding Shift and clicking the reload icon in the address bar a couple of times does it - in theory, Shift + F5 should do the same thing, but it does not work as well.