I'm developing an application on spring boot, however I needed to integrate recaptcha for security purposes on various forms, however the connection always results in a connection timed out, I verified api and the url with postman and it goes through and returns an answer, however on Java code times run out and I get the error java.net.ConnectException: Connection timed out: connect I don't know what I'm doing wrong I use the postman code that provides on "Java OK HTTP". code is the next one.
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://www.google.com/recaptcha/api/siteverify?secret=XX&response=XXX")
.get()
.addHeader("cache-control", "no-cache")
.addHeader("postman-token", "f47548e1-a9e0-9065-7f76-dced294bddcb")
.build();
Response response = client.newCall(request).execute();
However I don't seem to get where the error is, can someone help me?
You have a Connection timed out error, so we can say that:
since this is not an Unknown host error, you must have a DNS that gives an IPv4 or IPv6 address for www.google.com
since this is not a destination unreachable error, you have a route to a gateway and this gateway is a local router that has a default route.
Therefore, the timeout for connect means you have sent a TCP SYN packet to a destination, and this packet has been dropped somewhere in your local network or at the interface between your network and the Internet, in a firewall (since you have not received any ICMP/ICMPv6 packet saying something was wrong - a standard router should have sent you such an information).
The problem is with the first packet (TCP SYN), so your problem can not be relative to your addHeader() calls in your source code. Those headers are never sent, in your case, with this error.
Since www.google.fr has IPv4 and IPv6 addresses, there are two possibilities:
either you have a local IPv6 router that sends RA advertisments, but is not connected to the Internet with IPv6.
Try this to check this case:
replace:
https://www.google.com/recaptcha/api/siteverify?secret=XX&response=XXX
by:
https://[2a00:1450:400c:c04::6a]/recaptcha/api/siteverify?secret=XX&response=XXX
If you continue to get a timeout, this means you have an IPv6 router that is badly configured.
or you have a firewall and need to use a proxy
replace:
https://www.google.com/recaptcha/api/siteverify?secret=XX&response=XXX
by:
https://74.125.206.104/recaptcha/api/siteverify?secret=XX&response=XXX
If you continue to get a timeout, this means you have a firewall and should use a proxy.
Related
I have an exposed GraphDB instance in an ip address and port with http protocol. I want to make it more secure so I decided to expose it through https and a domain (with the port included in it). The problem is when I try to call the instance from Java code with the library rdf4j, if I the ip address and port as repository endpoint the code connects perfectly and adds the statements, nevertheless, if I set the domain as endpoint it returns a timeout. This is the code I am using:
HTTPRepository repository = new HTTPRepository("https://example.com", "repository_name");
RepositoryConnection dataSource = repository.getConnection();
dataSource.add(statements);
This is the thrown exception:
org.apache.http.conn.HttpHostConnectException: Connect to example.com:80 [example.com/"here there is the resolved ip address"] failed: Connection timed out: connect
Rdf4j uses apache http library which supports https connection. However, in the exception the port 80 is shown, that's make my think it is attacking the port without considering the https at the begining of the address.
If more information is required I can add it.
hi I'm trying to create a spring boot application and I need to send a Post request to Foreign server and I want to send all of the requests with a different IP to other requests I really tried to not ask this question but I did not find anything useful for my problem
I tried to get free proxies from this https://api.getproxylist.com/proxy then connect to them this way :
Proxy proxy = new Proxy(Proxy.Type.SOCKS,new InetSocketAddress("Address",port));
return new OkHttpClient.Builder()
.addInterceptor(interceptor)
.proxy(proxy)
.build();
I expect to connect to the proxy server but I'm getting this two error and I really don't know why :
Malformed reply from SOCKS server
java.io.IOException: unexpected end of stream on null
I've looked online, and everything I find shows how to make a separate server to connect to the main server if it's behind a nat or firewall.
But in my case the client is behind the NAT, and the server is on the local network.
So it's set up kinda like below:
Client Actual:10.0.0.1 -> Client NAT:100.0.0.2:1111 <--> Server 10.0.0.0:1099
The Java code I use to connect to the server is as below:
String serviceUrl = "service:jmx:rmi:///jndi/rmi://10.0.0.0:1099/jmxrmi";
String[] credentials = new String[] {"username", "password"};
String objectName = "org.apache.activemq:type=Broker,brokerName=test";
JMXServiceURL url = new JMXServiceURL(serviceUrl);
Map<String, String[]> env = new HashMap<String, String[]>();
env.put(JMXConnector.CREDENTIALS, credentials);
JMXConnector jmxc = JMXConnectorFactory.connect(url, env);
conn = jmxc.getMBeanServerConnection();
broker = MBeanServerInvocationHandler.newProxyInstance(conn, new ObjectName(objectName), BrokerViewMBean.class, true);
And the error it throws is:
java.rmi.ConnectException: Connection refused to host: 10.0.0.0; nested exception is:
java.net.ConnectException: Connection timed out: connect
So my question is, how do I make this client behind NAT connection work?
First of all: there is nothing special in with regard with network configuration for ActiveMQ to work. ActiveMQ's protocol is single port, and can be easily routed just like most other TCP/IP protocol.
Therefore, given that the server is properly listening on its TCP port and that a client can successfully connect to it locally, then this problem can be analyzed as if it was any other network-related problem.
Can the client machine ping the server machine? It is difficult from the IP address scheme that you present to properly understand your network, but as it is presented right now, the client machine will simply assume that the server is on the local network and therefore send an ARP request asking for the MAC address of "10.0.0.0" (which will timeout because there is no such machine to answer the request) rather than forward the request to its NAT gateway. If that is indeed the problem you have, then there are three possible solutions: a) modify the network layout (have the client use a different IP scheme), b) setup a static route for the server's IP on the client machine to force its routing through the gateway, or c) add a port redirect on the gateway and have the client connect to the IP address of the gateway instead. Now solution a is not very practical, unless your setup is barely a lab configuration. Solution b is a possibility, but a really bad one. Solution C, that is setting up port redirection on the gateway, is the most common solution to this kind of problem.
Use hostnames on both sides, by setting the same -Djava.rmi.server.hostname=XXX. Be sure that hostname is resolvable on both sides. You can have a look at http://docs.oracle.com/javase/8/docs/technotes/guides/rmi/faq.html#nethostname
I am using httpclient 4.1.2. If I do a connect to a particular host XYZ and keep
the client program running for more than 5 to 6 hr, connects to the same host XYZ starts giving:
org.apache.http.conn.ConnectTimeoutException: Connect to XYZ timed out
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:377)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
If I connect to a different host, it will succeed. The problem goes away once
I restart my client program. Connecting to the same host through browser will succeed.
Server is a tomcat 6. Both client and server are running on JRE 5. I have set connection timeout = 20000 and socket timeout = 60000. I am using DefaultHttpClient with SingleClientConnManager.
I've seen similar connectivity problems in these cases:
When the programmer does not completely empty the http response object after every request. In particular when you receive an unexpected response code (e.g. 500) - you must still empty the response object.
When there is a firewall/loadbalancer between the client and the server and the request is not being passed to the server. You could look at the number headers you are passing and make sure this is not too high and discard those that are unnecessary.
NOTE: I would consider these timeout values to be extremely high. In general you would expect the server to respond in a couple of seconds rather than tens of seconds.
The wire level logging can be useful in debugging such issues.
I have been haunted for some time now trying to get my custom proxy to properly handle when the browser sends a CONNECT request. In order to keep it simple let me explain how I handle the process. Maybe at that point someone can help clarify what I'm doing wrong.
Create server with ServerSocketChannel on port 8080.
Bind that ServerSocketChannel to a Selector which essentially allows for non-blocking while the server waits for a request from port 8080.
As soon as I set my browser to port 8080 and send the request https://google.com it notifies the selector something sent to port 8080.
I get that request and see its a CONNECT so i immediately create a response "Connection Established" (request and response i send and receive are below)
Request from browser:
CONNECT google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 GTB7.1
Proxy-Connection: keep-alive
Host: google.com
Response I send back to browser over my normal socket:
HTTP/1.1 200 Connection established\r\nProxy-connection: Keep-alive\r\n\r\n
Now I wait for something to be sent from browser I was assuming at this point a SSL request would be sent but nothing ever gets sent. I'm starting to think its because I have not established a SSL handshake with the browser so its not going to send a SSL message over that default created socket. Do you think I need to close that socket over port 8080 and establish a new SecureSocket on port 8080 right before I send the connection established response back to browser? This is my next step.I know that the browser needs to send me more data after the initial CONNECT. I don't have enough data with just the CONNECT to go to server yet. I'm thinking it than needs to send me another request something like the following in SSL:
GET /
Host: google.com
Once I get something like that then I can go establish my secure socket connection with the server and get back the response to send back to browser.
What you think on the right track? Its just that I get no additional message after i send connection established.
I get that request and see its a CONNECT so i immediately create a
response "Connection Established"
That's wrong for a start. You shouldn't send "Connection Established" until you have established the connection upstream. You're lying to your client!
I'm starting to think its because I have not established a SSL
handshake with the browser
Irrelevant. Once you have done so, the next thing you will get from the client is binary as far as you are concerned. All you should be doing from this point forwards is copying bytes.
Do you think I need to close that socket over port 8080 and establish
a new SecureSocket on port 8080
No.
Once I get something like that then I can go establish my secure
socket connection with the server
Wrong. Once you get some data from the client you should send it transparently over your existing plaintext connection with the upstream server. You don't have to engage in SSL yourself.
I don't have enough data with just the CONNECT to go to server yet.
Yes you do. You should form the upstream connection when you are told to do so, and tell the client that you have done so when you have actually done so, and not before.
What you think on the right track?
No.
Its just that I get no additional message after I send connection established.
That would suggest that you haven't actually sent anything yet. NIO code is tricky. What was the return code of the write() API?