-2

Let's say a web server administrator has configured his web server to deny traffic from my IP address or address range and throws an http 403 forbidden when I hit the site. (In this scenario I am trying to access the server over the Internet and he knows the external address of the network my traffic originates from.)

Is there a way to prove that he is blocking my IP address/range aside from exhaustively showing (which is impossible) that I can successfully access the site from other IP ranges? Assume I am unable to communicate with the maintainer of the system.

Howiecamp
  • 495
  • 2
  • 9
  • 17
  • Just ask the maintainer of the system. – EEAA Feb 27 '14 at 01:29
  • I updated the question to say that I am unable to communicate with that person. I am looking for a technical answer. – Howiecamp Feb 27 '14 at 01:32
  • 1
    There is no way to *prove* anything unless you have access to the server logs and configuration. This is really a user question, not a sysadmin question. – EEAA Feb 27 '14 at 01:33
  • Could you post that as an answer? I don't agree about user vs sysadmin question. Lets say I changed the problem statement to say the remote admin configured ACLs on his Internet router/firewall to deny my range. In that case you could prove this conclusively by using network tools. I felt it was worth asking this question to see if there were options. In other words, the fact that the answer to the question in this scenario is "no" doesn't invalidate the question or make it a user question. – Howiecamp Feb 27 '14 at 01:40
  • Actually, yes, this is an end user question. – Michael Hampton Feb 27 '14 at 02:21

1 Answers1

1

Nothing can be proven without access to server logs and configuration.

Even in your second example of a network ACL, you still cannot conclusively prove anything with any amount of network tools without either access to the firewall config or at the very least, the ability to nab packet captures directly outside and inside the firewall.

If you're not the administrator of the system, all you can do is make educated guesses as to what's going on.

EEAA
  • 109,363
  • 18
  • 175
  • 245