Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Web server simply returns nothing

Hey *, since last week I've been getting absolutely no response from the web server on my 4230 sensor. Previously it worked (not 100%, but if you were patient, you could get in), and the only thing I changed since then was I validated the certificate. So I went and removed that, but it had no affect (predictably), and now I'm stuck with a box that won't answer https requests. At least I don't think it will. I can't sniff the VPN to it....

I am using "https://1.1.1.1" to get to it. When I connect I get no messages or anything else, just a blank white screen. I rebooted the web server, then the whole server, nothing works. While staring at the white web page I sshd into the box and found:

>w

10:16pm up 24 min(s), 1 user, load average: 0.00, 0.01, 0.06

User tty login@ idle JCPU PCPU what

netrangr pts/1 9:58pm 18 w

So I'm guessing that the thing isn't even paying much attention. Netstat -a says it's listening but no connection is registered:

*.443 *.* 0 0 24576 0 LISTEN

ps -efa gives this:

root 248 1 0 21:53:18 ? 0:14 /usr/nr/idsRoot/bin/cidwebserver -d

(The irony of running the IDS' web server as root is not lost on me)

Any help is appreciated, this is making me look a little stupid upstairs.

1 REPLY
Community Member

Re: Web server simply returns nothing

Using sysconfig-sensor, verify that the networking parameters are correct (which is likely, given your description, since it appears that you are able to SSH into the sensor just fine). Verify in particular that the access control list (menu choice 5) allows connections from the network containing your web browser. In menu choice 11, verify that IDM is enabled.

Now, from your web browser, try the following URL:

https://1.1.1.1/logged_out.html

This page is pretty basic and requires no authentication, so it should load.

Check that your web browser is configured to use either SSLv3 or TLSv1. If your browser has SSLv2 enabled, disable it.

If you still get no response from the web server, and you enjoy using vi, then edit the file /usr/nr/idsRoot/etc/cidwebserver.conf and change to "ports=80" and "tlsEnabled=0". Save and exit.

Then do a "cidServer stop", "cidServer start" and try the same URL without SSL/TLS:

http://1.1.1.1/logged_out.html

We do not recommend disabling TLS for obvious reasons, but this exercise will help discern between an error involving networking and an error involving encryption. If you are able to get back into IDM without TLS log in and go to Administration > Diagnostics > Run Diagnostics. Collect the output and contact the TAC. They may request you send in the diagnostics file output.

Tell your friends upstairs that the engineers at Cisco appreciate everything you're doing! :)

115
Views
0
Helpful
1
Replies
CreatePlease to create content