Common Connectivity Problems and Solutions

3 min read Web Security Fundamentals

Common Connectivity Problems and Solutions

Website accessibility issues often stem from overly restrictive firewall rules or misconfigured allow lists. Understanding typical scenarios helps identify problems quickly.

Legitimate Users Blocked: This common issue occurs when firewall rules are too aggressive or when legitimate traffic triggers security filters. Users might see connection timeouts, "Access Denied" messages, or experience intermittent connectivity:

# Diagnostic commands for blocked users
# Check if specific IP is blocked
iptables -L -n -v | grep "192.168.1.100"
fail2ban-client status | grep "Banned IP list"

# Check recent blocks in logs
tail -f /var/log/syslog | grep "DROPPED\|REJECTED"
tail -f /var/log/ufw.log | grep "BLOCK"

# Test connectivity from user's perspective
# Using curl with verbose output
curl -v https://example.com
curl -I https://example.com  # Headers only

# Check specific ports
nmap -p 80,443 example.com
nc -zv example.com 443

When legitimate users are blocked, implement temporary fixes while investigating:

#!/usr/bin/env python3
# Emergency unblock script
import sys
import subprocess
import logging

logging.basicConfig(level=logging.INFO, 
                   format='%(asctime)s - %(message)s')

def unblock_ip(ip_address, reason="Emergency unblock"):
    """Safely unblock an IP address across multiple systems"""
    
    unblock_commands = [
        # iptables
        f"iptables -D INPUT -s {ip_address} -j DROP",
        f"iptables -D INPUT -s {ip_address} -j REJECT",
        
        # fail2ban
        f"fail2ban-client set sshd unbanip {ip_address}",
        f"fail2ban-client set apache-auth unbanip {ip_address}",
        f"fail2ban-client set nginx-http-auth unbanip {ip_address}",
        
        # UFW
        f"ufw delete deny from {ip_address}",
        
        # ipset
        f"ipset del blacklist {ip_address}"
    ]
    
    results = []
    for cmd in unblock_commands:
        try:
            result = subprocess.run(cmd.split(), 
                                  capture_output=True, 
                                  text=True)
            if result.returncode == 0:
                results.append(f"Success: {cmd}")
                logging.info(f"Unblocked {ip_address} via: {cmd}")
        except Exception as e:
            results.append(f"Failed: {cmd} - {str(e)}")
    
    # Log the action
    with open("/var/log/emergency_unblock.log", "a") as f:
        f.write(f"{datetime.now()} - Unblocked {ip_address} - Reason: {reason}\n")
    
    return results

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: emergency_unblock.py <ip_address> [reason]")
        sys.exit(1)
    
    ip = sys.argv[1]
    reason = sys.argv[2] if len(sys.argv) > 2 else "Emergency unblock"
    
    results = unblock_ip(ip, reason)
    for result in results:
        print(result)

Geographic Restrictions Gone Wrong: Geographic blocking can inadvertently affect legitimate users using VPNs, traveling, or accessing from unexpected locations:

# Debug geographic restrictions
# Check GeoIP database accuracy
geoiplookup 8.8.8.8  # Should show US

# Test specific country blocks
# Create test script
cat > test_geo_block.sh << 'EOF'
#!/bin/bash
# Test access from different geographic locations

LOCATIONS=(
    "US:8.8.8.8"
    "UK:81.92.204.172"
    "JP:202.12.29.210"
    "AU:139.130.4.5"
)

for loc in "${LOCATIONS[@]}"; do
    IFS=':' read -r country ip <<< "$loc"
    echo "Testing from $country ($ip):"
    curl -H "X-Forwarded-For: $ip" -I https://example.com
    echo "---"
done
EOF

chmod +x test_geo_block.sh
./test_geo_block.sh