Forum does not work from T-Mobile - Airtime Support Discussions on Sourcefabric Forum

muhoo · Post edited by muhoo at 2013-04-09 19:23:52

I have no idea why this is, but this website http://forum.sourcefabric.org does NOT work from T-Mobile. It gets a ERROR GATEWAY 504. Same site from any other network will 200 just fine. Only from T-Mobile will it give the 504 error.

T-Mobile is using some transparent proxy and sniffing traffic, but then so is Comcast and pretty much every ISP and carrier, but this site works fine from all of them except T-Mobile.

Also, no other sites error out on T-Mobile, just this one, consistently, 100% of the time. This makes me suspect that there is either something weird about your webserver, or there's a network connectivity problem between wherever you are and T-Mobile.

FYI.

Albert FR

Quit T-mobile !
doing Man in the Middle for a phone company is really not a good thing...

muhoo

That is not a helpful answer at all.

Micz Flor

Thanks for the info. Is there anything we (sourcefabric.org) need to do to solve this problem?

Albert FR

Micz Flor said:
Thanks for the info. Is there anything we (sourcefabric.org) need to do to solve this problem?

they modify your source code
that's really difficult to prevent that...

muhoo · Post edited by muhoo at 2013-04-13 06:10:11

Is there is anything unusual or different about your web servers?

It is either the network, firewall, the proxy, or the webserver.

I do not believe it is a routing problem, since I can ping:

11.|-- 4.53.200.21                0.0%     9   36.7 274.8 36.5 1075. 417.2
12.|-- 4.69.132.150               0.0%     9 187.9 382.2 183.1 1233. 396.1
13.|-- 4.69.132.158               0.0%     9 198.7 376.9 182.7 1222. 384.0
14.|-- 4.69.153.26                0.0%     9 190.7 370.6 184.3 1230. 377.3
15.|-- 4.69.153.9                 0.0%     9 191.9 404.8 182.5 1540. 468.3
16.|-- 4.69.135.186               0.0%     9 183.4 385.0 183.1 1428. 430.0
17.|-- 4.69.148.38                0.0%     8 184.6 246.2 184.5 653.4 164.7
18.|-- 4.69.134.69                0.0%     8 186.1 241.9 186.1 600.8 145.1
19.|-- 4.69.137.77                0.0%     8 187.6 232.4 180.6 528.1 119.6
    | `|-- 4.69.137.65
20.|-- 4.69.148.186               0.0%     8 189.0 225.4 184.9 466.1 97.3
21.|-- 4.69.140.26                0.0%     8 190.5 220.5 183.9 413.0 78.5
22.|-- 4.69.154.139              57.1%     7 191.7 191.5 188.0 194.9   3.4
23.|-- 195.16.162.254            14.3%     7 206.9 193.4 187.0 206.9   7.6
24.|-- 213.239.240.164           14.3%     7 197.7 200.6 191.1 210.6   7.4
25.|-- 213.239.231.37            14.3%     7 199.6 203.1 197.7 213.5   6.7
26.|-- 5.9.154.18                14.3%     7 201.3 194.5 191.3 201.3   4.0

Also, I have discovered that I can get to the site via https just fine! So that will be my workaround. You have other ports open on that machine, and they are all accessible. So something is firewalling (transparent proxying, no doubt) only port 80, and it's almost certainly T-Mobile's proxies.

As for the proxy, I see this as the response from your front-end proxy (nginx, from another network):

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 13 Apr 2013 09:43:23 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: Vanilla=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: Vanilla=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Cache-Control: no-transform
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Vary: Accept-Encoding

Maybe the proxies T-Mobile is using are getting confused by something non-standard or non-compliant in that header? As I said, no other site I've visited from their network causes their proxies to choke. Only Sourcefabric.org domains are 504 gateway timing out.

My bet would be on something in that header. Perhaps the duplicate cookies? The duplicate Vary header? I confess I'm no expert on cacheing.

Martin Konecny

@Albert,

I believe you are thinking of Verizon. T-Mobile doesn't modify packets AFAIK.

@Muhoo,

We've notified one our of network admins to look into this.

Bill Burton

Hello,

On Tue, Apr 9, 2013 at 7:23 PM, muhoo <<br />airtime-support@lists.sourcefabric.org> wrote:

> I have no idea why this is, but this website http://forum.sourcefabric.orgdoes NOT work from T-Mobile. It gets a ERROR GATEWAY 504. Same site from
> any other network will 200 just fine. Only from T-Mobile will it give the
> 504 error. T-Mobile is using some transparent proxy and sniffing traffic,
> but then so is Comcast and pretty much every ISP and carrier, but this site
> works fine from all of them except T-Mobile. Also, no other sites error out
> on T-Mobile, just this one, consistently, 100% of the time. This makes me
> suspect that there is either something weird about your webserver, or
> there's a network connectivity problem between wherever you are and
> T-Mobile. FYI.

I can confirm very similar results from T-Mobile. Surfed to
http://forum.sourcefabric.org over WiFi successfully, turned off WiFi and
refreshed and got the following error page after a minute or so:

HTTP ERROR: 504

Gateway Timeout

RequestURI=http://forum.sourcefabric.org

Then I tried https://forum.sourcefabric.org. The connection timed out
after about three minutes.

This is with an HTC One S phone running Android 4.0.4.

-Bill

muhoo · Post edited by muhoo at 2013-04-28 17:33:11

@billburton: If you are using the stock HTC Android, it is very likely that they are doing something even more evil: a man-in-the-middle attack against SSL. This is becoming very sadly common with mobile devices!

Basically, the carrier adds an SSL certificate of their own to your browser's certificate chain when they configure your phone, then they transparently proxy SSL by providing their own certificate instead of the one from the server. Your browser happily accepts the malicious certificate. This means your "secure" connection is being snooped by your carrier, and going through their proxy network. That "lock" icon can, and often does, mean nothing when you are using a mobile browser installed by a carrier.

I am using CyanogenMod, a rooted device with an open-source and non-spyware-infected browser.

That might explain why SSL works for me-- the connection is going directly from my browser to forum.sourcefabric.org-- and is not working for you, because it is instead going through T-Mobile's proxies, just like HTTP is.

I am now convinced the problem is either T-Mobile's proxies, or something non-standard in the headers that the sourcefabric.org webservers are serving up.

Lisa Forbes

I found out I can't view the forums either from my Sprint Android phone (Samsung). I don't get an error but I can't get to the forum.

Howdy, Stranger!

Categories

Poll

Top Posters