0

We run a SaaS serving a widget which is embedded in customer websites. The service includes static javascript code hosted on Amazon S3 and a dynamic part hosted on EC2 with Scalr (using Scalr name servers).

We received some feedback from users behind corporate firewalls that they cant access our service (while they can access the sites including the widget). This does not make sense to me since the service is using normal http calls on port 80 and our URL is quite new without any reason to be banned by firewalls.

My questions are: 1. Why is the service is not accessible and what can I do about it? 2. Is it possible that one of the following is blocked by corporate firewalls: Amazon S3, the dynamic IP address provided by Amazon, Scalr name servers.

Any other possible reasons, way to check them and remedies for this?

Thanks!

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Niro
  • 1,371
  • 3
  • 17
  • 35

1 Answers1

4

Ah, multiple reasons...

  • The firewall blocks them. Point. Some policy saying these domains are not accessible. Happens.
  • Same but using HTML inspection and actively blocking WS payloads.

Corporate firewalls sometimes suck. it is very possible some higher up domains (amazon s3) are just blocked.

Checking: no, go to customer. I mean, seriously, many companies do that manually, so how can you check them.

Remedies? Customers need to talk to their security department and get your domains whitelisted.

This is the joy of living behind a corporate firewall.

TomTom
  • 50,857
  • 7
  • 52
  • 134
  • I'm afraid my explanation wasnt clear. My customers are website owners who embedded my widget. Their users (the general public) is the problem. when their user visit their website from behind corporate firewall, they see my customer websites but without my widget. So I need the general public to be able to access my widget, not only my customers – Niro Mar 09 '10 at 14:50
  • 3
    This is clear. The general public, as far as it is behind a coroporate firewall, needs to fix that on the end of the corporate firewall. Your statement does not change anything. If I go to a website and my firewall blocks the widgets on it, there is nothing the widget provider can do. – TomTom Mar 09 '10 at 14:52
  • Fixing it can be done in one of two ways: either the general public will change something in their firewalls, which is obviously not going to happen, or I will change something in the widget or its infrastructure.My question is regarding the 2nd option. The widget isn't popular enough to be blocked for its own merit. there is something more general that is causing it to be blocked (for example being hosted on Amazon S3/Ec2 or using Scalr name servers or whatever. I'm looking for indormation in that direction. – Niro Mar 09 '10 at 17:12
  • Definitely put it onto your own full domain. – TomTom Mar 09 '10 at 18:43
  • Niro, @tomtom is right. If a resource is being blocked then that is pretty much that. There's no sure way to guarantee your web app is not being blocked - you can reduce the chance of it being blocked by "accident" as part of a block of something else by hosting it yourself, but there's really not much else you can do beyond that. – Rob Moir Nov 16 '11 at 16:35