Faculty of Engineering and Mathematical Sciences 
Not logged in (login)

help4407


This forum is provided to promote discussion amongst students enrolled in Open Source Tools and Scripting (CITS4407).
 
Options:
RSS cloud
Jump to:

Problems reaching teaching.csse.uwa.edu.au - use the VPN

1 of 390 articles shown, currently no other people reading this forum.
photo
From: Christopher M.
Date: Wed 29th Apr 2020, 3:31am
THE PROBLEM NOW APPEARS TO BE FIXED!

As many of you have seen, and reported, access to teaching.csse.uwa.edu.au has been very intermittent over the past 24 
hours.  Unfortunately, this is not a problem that I, or other CSSE staff, can fix because the host is managed by our 
Faculty's IT group, and many people have already informed them of the problem.  Glacial.

The most obvious symptom is observed when trying to access a URL on teaching.csse.uwa.edu.au using a web-browser - it most 
likely hangs for 60seconds, before your browser gives up and reports that the service (not the host) is unreachable.

However, the host is still running, and can be accessed from *inside* UWA's network.
So use UWA's UniConnect/Pulse Secure VPN service

   (download from https://www.it.uwa.edu.au/it-help/access/uniconnect/connecting)

and you'll be able to see teaching.csse.uwa.edu.au content again.
It suggests that HTTP traffic via port 80 is being delivered 'on-campus', but not off-campus.

The other symptom, evident for about a week, is that something, somewhere is re-writing delivered content - URLs commencing 
with just h-t-t-p are being rewritten to commence with https, perhaps as some simplistic, and wrong, security measure.  
This should not be confused with protocol redirection that may be being performed by your browser, see:

  https://security.stackexchange.com/questions/185683/security-benefit-of-browsers-automatically-rewriting-http-to-https
  https://scotthelme.co.uk/hsts-the-missing-link-in-tls/

In that case, attempting to access teaching.csse.uwa.edu.au using the default or implied unencrypted protocol results in 
your browser trying the same hostname, but with the encrypted https protocol.  The host teaching.csse.uwa.edu.au does not 
have an https server (been requested) and so your browser will again hang for 60 seconds and report failure.

But no, we're observing something more sinister, where the *content* of webpages is being rewritten.
If you're visiting UWA using the VPN, the content is not, cannot, be rewritten because it's encrypted until it reaches your 
browser.

So let's try it without our browser, to see what's happening.
With the VPN enabled, execute the command:

  curl -s https://secure.csse.uwa.edu.au/images/testfile.html | grep URL

and you should see no re-writing:

  This URL is accessed via port 80, sent unencrypted - http://hostname.com/try.html
  This URL is accessed via port 443, sent encrypted - https://hostname.com/try.html

(then again, you're viewing the above 2 lines with your browser, so, hmmmm)

Now, disable the VPN, re-run that curl command, and you'll see the re-writing:

  This URL is accessed via port 80, sent unencrypted - https://hostname.com/try.html
  This URL is accessed via port 443, sent encrypted - https://hostname.com/try.html

Even when the content is being encrypted with https before being delivered, it is being rewritten.
All annoying, confusing, and wrong to manipulate content in this way.
And no-one has owned up to it, yet.
This Page


Program written by: [email protected]
Feedback welcome
Last modified: 11:27am Sep 21 2020