https://images.weserv.nl/?url= returning 404 not found

[DineshSivasamy]

When trying to fetch the image image.weserv it is suddenly throwing 404 error whereas the image is available when we try to access seperately. eg: https://images.weserv.nl/?url=ssl:farmzonn.com/static/media/buy_adv_banner_1.f13b31b1.png this error also happens when i try to use some http url like https://images.weserv.nl/?url=http://xx.xx.xx.xx:3000/static/media/buy_adv_banner_1.f13b31b1.png

Any help would be very much appreciable.

[kleisauke]

It looks like the resolved IPv4 address of farmzonn.com is unreachable by our servers, which may indicate that there is a blockage on their side.

# Never spend more than 5 seconds to connect and 15 seconds to receive an image
$ curl -fsSL -o /dev/null --connect-timeout 5 --max-time 15 -w "%{http_code}\n" https://farmzonn.com/static/media/buy_adv_banner_1.f13b31b1.png
curl: (28) Connection timed out after 5000 milliseconds
$ ping -w 5 farmzonn.com
PING farmzonn.com (156.67.218.160) 56(84) bytes of data.

--- farmzonn.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4097ms

There is not much we can do about this. A complete list of the IPs we use for outgoing traffic can be found here: https://images.weserv.nl/ips.txt

[DineshSivasamy]

Thanks for looking into the issue team, but now i'm able to ping the site and I have checked with my server team also and they have confirmed that the site is accessible from all locations.

`C:\Users\sidinesh>ping farmzonn.com

Pinging farmzonn.com [156.67.218.160] with 32 bytes of data: Reply from 156.67.218.160: bytes=32 time=69ms TTL=52 Reply from 156.67.218.160: bytes=32 time=80ms TTL=52 Reply from 156.67.218.160: bytes=32 time=74ms TTL=52 Reply from 156.67.218.160: bytes=32 time=66ms TTL=52

Ping statistics for 156.67.218.160: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 66ms, Maximum = 80ms, Average = 72ms`

Please let me know if we need to whitelist the ips that you have shared in https://images.weserv.nl/ips.txt

[andrieslouw]

Could you send a traceroute -A from your side to fsn.weserv.nl? We end up stuck/lost after AS57731:

traceroute to farmzonn.com (156.67.218.160), 30 hops max, 60 byte packets
 1  100.90.185.129 (100.90.185.129) [*]  0.861 ms  0.817 ms  0.846 ms
 2  core23.fsn1.hetzner.com (213.239.245.41) [AS24940]  2.682 ms core24.fsn1.hetzner
.com (213.239.245.45) [AS24940]  0.796 ms core23.fsn1.hetzner.com (213.239.245.41) [
AS24940]  0.628 ms
 3  core1.fra.hetzner.com (213.239.203.153) [AS24940]  5.259 ms  5.256 ms core1.fra.
hetzner.com (213.239.229.77) [AS24940]  5.247 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  153.92.2.233 (153.92.2.233) [AS47583]  164.868 ms  162.620 ms  160.890 ms
12  153.92.2.195 (153.92.2.195) [AS47583]  162.513 ms  162.595 ms  164.038 ms
13  217.21.75.131 (217.21.75.131) [AS57731]  160.507 ms  163.938 ms  162.374 ms
14  * * *

I get the same result when I try a TCP traceroute on port 443. It just blackholes after 217.21.75.131.

[DineshSivasamy]

Below is the traceroute from my server to fsn.weserv.nl

traceroute to fsn.weserv.nl (116.202.232.14), 30 hops max, 60 byte packets 1  217.21.75.131 (217.21.75.131)  0.111 ms  0.031 ms  0.027 ms
 2  153.92.2.234 (153.92.2.234)  0.247 ms  0.232 ms 153.92.2.233 (153.92.2.233)  0.127 ms
 3  10.13.128.45 (10.13.128.45)  0.895 ms  0.901 ms te0-0-0-11.nr01.b019922-0.sin01.atlas.cogentco.com (154.18.3.17)  0.976 ms
 4  te0-0-0-11.agr02.sin01.atlas.cogentco.com (154.24.61.73)  1.876 ms 10.15.63.194 (10.15.63.194)  0.168 ms te0-0-0-23.agr01.sin01.atlas.cogentco.com (154.24.75.125)  2.237 ms
 5  xe-0-0-7-1.a01.sngpsi03.sg.bb.gin.ntt.net (192.80.16.61)  0.841 ms be2080.ccr31.sin01.atlas.cogentco.com (154.54.88.17)  1.376 ms be2082.ccr31.sin01.atlas.cogentco.com (154.54.88.21)  1.199 ms
 6  * * be2919.ccr32.mrs02.atlas.cogentco.com (154.54.87.214)  138.514 ms
 7  ae-8.r21.vienat02.at.bb.gin.ntt.net (129.250.4.181)  155.518 ms be2864.rcr21.mil01.atlas.cogentco.com (154.54.74.166)  141.772 ms  151.095 ms
 8  ae-0.r21.mlanit02.it.bb.gin.ntt.net (129.250.3.157)  145.334 ms  163.858 ms ae-0.r20.vienat02.at.bb.gin.ntt.net (129.250.7.12)  158.836 ms
 9  ae-1.r20.frnkge13.de.bb.gin.ntt.net (129.250.7.35)  162.005 ms  162.405 ms ae-6.r21.frnkge13.de.bb.gin.ntt.net (129.250.3.183)  211.691 ms
10  ae-8.r01.frnkge13.de.bb.gin.ntt.net (129.250.6.51)  152.253 ms be2995.rcr21.nue01.atlas.cogentco.com (154.54.58.194)  160.556 ms  169.371 ms
11  be3161.nr71.b040138-0.nue01.atlas.cogentco.com (154.25.14.46)  161.439 ms  163.338 ms  163.821 ms
12  149.6.158.186 (149.6.158.186)  164.338 ms  161.854 ms  164.390 ms
13  ex9k1.dc15.fsn1.hetzner.com (213.239.245.42)  165.589 ms core23.fsn1.hetzner.com (213.239.245.10)  173.931 ms ex9k1.dc15.fsn1.hetzner.com (213.239.245.46)  173.819 ms
14  ex9k1.dc15.fsn1.hetzner.com (213.239.245.42)  168.440 ms *  169.611 ms15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

[DineshSivasamy]

Below is the traceroute -A result,

traceroute to fsn.weserv.nl (116.202.232.14), 30 hops max, 60 byte packets 1  217.21.75.131 (217.21.75.131) [AS57731]  0.100 ms  0.021 ms  0.021 ms
 2  153.92.2.233 (153.92.2.233) [AS47583]  0.191 ms 153.92.2.234 (153.92.2.234) [AS47583]  0.122 ms 153.92.2.233 (153.92.2.233) [AS47583]  0.147 ms
 3  10.13.128.45 (10.13.128.45) [*]  0.867 ms te0-0-0-11.nr01.b019922-0.sin01.atlas.cogentco.com (154.18.3.17) [*]  0.888 ms 10.13.128.45 (10.13.128.45) [*]  0.862 ms
 4  te0-0-0-11.agr02.sin01.atlas.cogentco.com (154.24.61.73) [*]  1.699 ms 10.15.63.194 (10.15.63.194) [*]  0.167 ms 10.15.62.202 (10.15.62.202) [*]  0.811 ms
 5  be2082.ccr31.sin01.atlas.cogentco.com (154.54.88.21) [AS174]  1.532 ms be2080.ccr31.sin01.atlas.cogentco.com (154.54.88.17) [AS174]  1.187 ms  1.215 ms
 6  be2919.ccr32.mrs02.atlas.cogentco.com (154.54.87.214) [AS174]  138.738 ms be2914.ccr31.mrs02.atlas.cogentco.com (154.54.87.210) [AS174]  151.602 ms *
 7  ae-7.r20.mlanit02.it.bb.gin.ntt.net (129.250.7.9) [AS2914]  157.601 ms be2864.rcr21.mil01.atlas.cogentco.com (154.54.74.166) [AS174]  150.957 ms ae-8.r21.vienat02.at.bb.gin.ntt.net (129.250.4.181) [AS2914]  158.427 ms
 8  be2195.ccr51.zrh02.atlas.cogentco.com (154.54.61.81) [AS174]  147.920
ms  148.085 ms ae-0.r20.vienat02.at.bb.gin.ntt.net (129.250.7.12) [AS2914]  152.716 ms
 9  ae-6.r21.frnkge13.de.bb.gin.ntt.net (129.250.3.183) [AS2914]  153.924
ms ae-1.r20.frnkge13.de.bb.gin.ntt.net (129.250.7.35) [AS2914]  181.692 ms  181.703 ms
10  ae-5.r01.frnkge13.de.bb.gin.ntt.net (129.250.6.34) [AS2914]  155.344 ms ae-8.r01.frnkge13.de.bb.gin.ntt.net (129.250.6.51) [AS2914]  152.026 ms
be2995.rcr21.nue01.atlas.cogentco.com (154.54.58.194) [AS174]  160.247 ms
11  213.198.82.130 (213.198.82.130) [AS2914]  184.970 ms be3161.nr71.b040138-0.nue01.atlas.cogentco.com (154.25.14.46) [*]  170.326 ms 213.198.82.130 (213.198.82.130) [AS2914]  185.087 ms
12  149.6.158.186 (149.6.158.186) [AS174]  164.305 ms  164.379 ms core23.fsn1.hetzner.com (213.239.252.38) [AS24940]  162.956 ms
13  core23.fsn1.hetzner.com (213.239.245.10) [AS24940]  166.274 ms core24.fsn1.hetzner.com (213.239.245.54) [AS24940]  166.320 ms core23.fsn1.hetzner.com (213.239.245.10) [AS24940]  166.306 ms
14  ex9k1.dc15.fsn1.hetzner.com (213.239.245.46) [AS24940]  172.738 ms *
165.781 ms
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

[andrieslouw]

I've tried a few looking glasses, but keep getting dropped after 217.21.75.131. Which seems to have been announced by AS57731 (DiViNetworks Israel), but is now AS47583 (Hostinger Singapore). Somehow the routing goes weird somewhere. Are there more reports at Hostinger with connections to/from Hetzner?

[DineshSivasamy]

Hostinger investigated and itseems like no more reports in their end. And they are asking to whitelist the hostinger ip in weserv end.

[andrieslouw]

We don't have any firewall for outgoing or internal connections (not in software, not in hardware). The only whitelist we have is for Cloudflare, for when the client (you) is having problems with our rate-limiting and reaching https://images.weserv.nl/ , I double checked, but adding you on this whitelist didn't do anything. You're probably also having no difficulties accessing images.weserv.nl from the server behind farmzonn.com.

I just checked from a range of servers in Hetzner and Scaleway networks, and only cdg.weserv.nl (CDG, Scaleway) and fsn.weserv.nl (FSN, Hetzner) are unable to reach anything in 156.67.208.0/20. It seems like our IP's ( https://images.weserv.nl/ips.txt ) are blocked at or after the router 217.21.75.131. Other servers in Hetzner or Scaleway (even within the same /24) are perfectly able to reach farmzonn.com and other addresses in the block 156.67.208.0/20.

Servers FSN and CDG can access other IP-ranges in AS47583, but the whole 156.67.208.0/20 block is dark to them. FSN (Hetzner) and CDG (Scaleway) operate at completely different hardware, networks, switches, routers and physical locations, so it must be something blocking or failing at Hostinger Singapore.

You're sure there is no firewall in front of the server behind farmzonn.com? Are you able to visit https://fsn.weserv.nl or https://cdg.weserv.nl from the server om farmzonn.com? It should respond with a page with IP's.

As a workaround: Could you enable IPv6 on farmzonn.com? Maybe this will solve the issue. IPv4 in Asia is increasingly under stress.

[kleisauke]

@DineshSivasamy Were you able to make any progress with this?

[kleisauke]

Closing due to inactivity. Please feel free to re-open if there's still a problem.