Tips, Tricks, Tools & Techniques

for Internet Business, Life, the Universe and Everything

RSS Feed



WordPress behind a firewall

30 August, 2007 (16:21) | WordPress | By: Nick Dalton

Later versions of WordPress has a tendency to talk to itself. This is not a sign of loneliness, but rather an efficient design for trackbacks, pings and other asynchronous events. After you publish a post, or at a predetermined time for a future posts, WordPress sends a URL request to itself. Normally this works as designed and is totally transparent to the blog owner. But with some firewall configurations this mechanism fails.

In a simple web server setup your domain name resolves to the IP address of the web server.
$ nslookup www.yourdomain.com
Name: www.yourdomain.com
Address: 217.68.70.69
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:1B:43:85:7F
inet addr:217.68.70.69 Bcast:217.68.70.255 Mask:255.255.255.0

But with a firewall or a load balancer in front of the web server the domain name resolves to the IP of the firewall (or load balancer) which then forwards requests to the web server.
$ nslookup www.otherdomain.com
Name: www.otherdomain.com
Address: 64.27.14.2
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:1B:43:85:7F
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0

With a firewall you need to explicitly permit traffic for each source and destination. The default configuration for a Cisco PIX firewall for one major hosting company allows web traffic from the outside world through to the web server, but the default rules prevent any traffic from internal servers to internal servers. This is generally a good setup. However, this creates a problem when WordPress tries to access a URL on its own domain. The domain name resolves to the firewall, so the request is sent from the web server to the firewall. The firewall realizes that the request is coming from an internal server so it blocks it.
$ wget www.otherdomain.com/index.php
--21:43:11-- http://www.otherdomain.com/index.php
=> `index.php'
Resolving www.otherdomain.com... 64.27.14.2
Connecting to www.otherdomain.com|64.27.14.2|:80...
^C

There are at least two ways to resolve this problem:

1. Create a new rule in the firewall that allows traffic from the IP address of the web server to itself.

If you don’t have access to the firewall configuration or you don’t want to mess with the rules, then another option is:

2. Add a line to /etc/hosts for each domain served by the web server:
10.0.0.1 www.otherdomain.com

There is a slight performance benefit to this latter approach since requests don’t have to go through the firewall. The drawback is that you have to remember to add a line to /etc/hosts for each new domain.

As far as I can determine WordPress does not show any error messages for the trackbacks and pings that fail. My blog was broken in this regard until I figured this out. And I just thought that other bloggers were ignoring or deleting my trackbacks. :-(

It also turns out that WordPress queues all the failed pings and trackbacks. So if you suddenly received a trackback to your blog from an old post here, that’s the reason why.

Write a comment