Problem loading images from habr dot com (a popular IT site)

I have a web proxy working. Everything seems to be fine, but when I go to the site habr.com (a popular IT site), the pictures on this site do not load. And the site seems to have loaded, but it still loads in the window tab. Can anyone help with this problem? Here, I have attached all the photos. Also photos






of my settings.

Trying to load a image directly, using the address, gives β€˜service unavailable’ ( without any blocking messages in IPFire!).
Seems to be a problem with the site.

https://habrastorage.org/getpro/habr/upload_files/381/d01/371/381d01371b27e9fbcbcd9702749fab51.jpg

nslookup habrastorage.org

Non-authoritative answer:
Name:    habrastorage.org
Addresses:  2a01:4f9:3b:48e8::4115:7879
          2a01:4f9:4a:2897::5fd9:6b0c
          45.120.177.159

Β―\_(ツ)_/Β―

Best Regards

1 Like

when im using another proxy everything works good and everything is fine with the pictures.
I cant find solution for my problem. Do you have ideas?

As @tphz showed, it is a problem of a β€˜hostile’ IP. Access is dropped by the firewall option β€˜Drop packets from and to hostile networks’.

BTW: popularity is no measure for security. :wink:

1 Like

Looking up the IP indicates that it is part of an autonomous system number that is known to support hostile activities such as hacking, spamming and various criminal activities. As also shown by @tphz this means that it is listed in the Hostile Networks list.

location lookup 45.120.177.159
45.120.177.159:
  Network                 : 45.120.176.0/23
  Country                 : Netherlands
  Autonomous System       : AS44477 - STARK INDUSTRIES SOLUTIONS LTD
  Hostile Network safe to drop: yes

Here is an article about Stark Industries.

https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

Basically habr dot com are using a hosting provider that is considered in that article to be

Hummel said when he considers the worst of all the hosting providers out there today, Stark Industries is consistently near or at the top of that list.

4 Likes

Maybe this will help:

1 Like

the problem is solved, you just need to add exceptions to iptables for this ip
iptables -I HOSTILE_DROP_OUT -p tcp -d 45.120.177.159 --dport 443 -j ACCEPT
iptables -I HOSTILE_DROP_IN -p tcp -s 45.120.177.159 --sport 443 -j ACCEPT

1 Like

As per the documentation

https://www.ipfire.org/docs/configuration/firewall/firewall-local

it is recommended not to modify the default iptables chains (which can be dangerous if there is any error or the rules work differently compared to expected) and to edit the extra custom chains as those pass packets before going through the rest of the ruleset.

5 Likes