Posts

Showing posts from April, 2016

The case for keeping firewalls simple

Internal firewall rules that attempt to analyse anything higher than the network layer can cause huge problems. In this post I'll make the case for keeping your firewall rules simple.


The problem we had
Our team recently encountered an error where an internal web application received a socket timeout when trying to call one of its internally hosted dependencies.  Whilst investigating, we found that the application had made successful HTTP calls to the same service, immediately prior to the error.  


It was puzzling but I ruled out anything Network related in our investigation given:
The application could make some requests absolutely fine.There was nothing seemingly different about the requests and responses.  They were all GET requests that returned a small amount of JSON.There weren't any connection errors.
All signs pointed to the server taking too long to respond, i.e. an application issue. We then found that the system being called had no record of even receiving the failed re…