In my logs. I'm getting a large number of connections from a local IP address (which changes every time I restart my application. Is this anything to worry about or should I just block internal IPs from making requests to my server
Turns out it's because Heroku uses an internal routing system meaning that connections appear to the server as if they had originated from an internal, private ip address
Related
For security reasons, I want to know whether all of my endpoint addresses can be accessed by anyone with access to the (home) address and port numbers?
Assuming you are running your application on a server or PC that can be accessed from the internet, and the port it is running on is opened - as opposed to running locally on your local network/PC - then yes, any client that knows (or guesses) your IP and the port on which the application is running can attempt to access any endpoint in your application.
Note that although the client will not have a full list of endpoints that can be accessed, a common attack vector is to repeatedly attempt to guess endpoints - for example /admin or /debug. Due to automation, it is practically guaranteed that if your server running the flask application is open to the internet, requests will be made to try to access endpoints by third-parties.
Due to this, it is essential to lock down any sensitive information behind security, be that IP white-listing, or by login mechanisms such as those provided by the flask-login module.
I have a Heroku application that has a domain moarcatz.tk. It listens for non-HTTP requests using Python's socket.
The documenatation states that if I bind a socket to an empty string as an IP address, it will listen on all available interfaces. I kept getting empty requests from various IP addresses, so I assume that setting the socket to only listen for connections to moarcatz.tk would fix the problem. But I don't know how to bind a socket to a domain name.
I tried 'moarcatz.tk' and gethostbyname('moarcatz.tk'), but both give me this error:
OSError: [Errno 99] Cannot assign requested address
What's up with that?
You can't control this via your code, but you can control this via Heroku.
Heroku has a pretty nifty DNS CNAME tool you can use to ensure your app ONLY listens to incoming requests for specific domains -- it's part of the core Heroku platform.
What you do is this:
heroku domains:add www.moarcatz.tk
Then, go to your DNS provider for moarcatz.tk and add a CNAME record for:
www <heroku-app-name>.herokuapp.com
This will do two things:
Point your DNS to Heroku.
Make Heroku filter the incoming traffic and ALLOW it for that specific domain.
I am hosting a http server on Python using BaseHTTPServer module.
I want to understand why it's required to specify the IP on which you are hosting the http server, like 127.0.0.1/192.168.0.1 or whatever. [might be a general http server concept, and not specific to Python]
Why can't it be like anybody who knows the IP of the machine could connect to the http server?
I face problems in case when my http server is connected to two networks at the same time, and I want to serve the http server on both the networks. And often my IP changes on-the-fly when I switch from hotspot mode on the http server machine, to connecting to another wifi router.
You must specify the IP address of the server, mainly because the underlying system calls for listening on a socket requires it. At a lower level you declare what pair (IP address, port) you want to use, listen on it and accept incoming connexions.
Another reason is that professional grade server often have multiple network interfaces and multiple IP addresses, and some services only need to listen on some interface addresses.
Hopefully, there are special addresses:
localhost or 127.0.0.1 is the loopback address, only accessible from local machine. It is currently used for tests of local services
0.0.0.0 (any) is a special address used to declare that you want to listen to all the local interfaces. I think that it is what you want here.
Try running it on 0.0.0.0, this accepts connections from all interfaces. Explicitly specifying the IP is a good practice in general (load balancing, caching servers, security, internal netwrok-only micro services, etc), but judging by your story this is not a production server, but some internal LAN application.
I wrote this code for finding google ip in python
import socket
print socket.gethostbyname('google.com')
.
.
173.194.39.0
but if we use command prompt and ping command for finding google ip result is:216.58.208.36
why there is difference between two results?
Both of those IP addresses resolve to Google.com. We can verify this from the command line with the unix whois command.
$ whois 216.58.208.36
NetRange: 216.58.192.0 - 216.58.223.255
CIDR: 216.58.192.0/19
NetName: GOOGLE
$ whois 173.194.39.0
NetRange: 173.194.0.0 - 173.194.255.255
CIDR: 173.194.0.0/16
NetName: GOOGLE
I ran into this same issue and the cause was that the first command that required an IP address was using a cached DNS entry (because the DNS entry's time to live (TTL) hadn't expired yet) and then by the time the second command was issued the TTL had expired on the cached entry so a new DNS request was made for the domain therefore grabbing a new IP address from the DNS server which happened to be different because the domain had a lot of IP addresses just like Google.com.
Python just relies on the Operating System's DNS resolver (or whatever daemon is running) and as far as I know the socket module doesn't give you the ability to clear the DNS cache before it tries to resolve an address. If you want more control over this functionality you can use DNSPython or something similar. If you are using a daemon for DNS on your operating system (like on Linux, for example) then usually restarting the daemon will force a flush of DNS cache and you find both addresses to the be same (unless you run into the timing issue as described above with the TTL's expiring).
Hostnames are translated to IP addresses through something called a DNS server. When you type a name into a web browser or use a program such as ping, the hostname that you provide (google.com) eventually reaches an authoritative DNS server for that domain-separate from the server that you correspond with for the actual content.
google.com has multiple different servers that can respond to data requests. Depending on the implementation of the different programs you are using to generate the request and other factors such as the network traffic at the time that you make the request, multiple requests from the same host may be directed to different servers by the authoritative DNS server. This is accomplished by returning different IP addresses to your machine.
FWIW, both ping and socket.gethostbyname() for google.com resolve to 216.58.217.14 on my machine, running OS X Yosemite.
I've setup an XML-RPC server/client communication under Windows. What I've noticed is that if exchanged data volume become huge, there's a difference in starting the server listening on "localhost" vs. "127.0.0.1". If "127.0.0.1" is set, the communication speed is faster than using "localhost". Could somebody explain why? I thought it could be a matter on naming resolving, but....locally too?
Every domain name gets resolved. There is no exception to this rule, including with regards to a local site.
When you make a request to localhost, localhost's IP gets resolved by the host file every time it gets requested. In Windows, the host file controls this. But if you make a request to 127.0.0.1, the IP address is already resolved, so any request goes directly to this IP.