I have exposed one of my machine to public through Microtik Firewall. I have hosted an API Server on the machine.
As long as the API server is returning 200 response, the Firewall runs fine. but once the API returns and 400 or 4xx error, ERR_CONNECTION_CLOSED appears on the browser for a specific source IP
after 5 minutes things starts working well.
My observations
Microtik is blocking the specific IP for 4xx rule for 5 minutes due to a security serring related to firewall or the whole Microtik ecosystem.
When I change my IP (using VPN) the API server starts responding.
same issue persistes on local ip as well
No, there are no address lists specified to blacklist
Mikrotik firewall is L4 firewall … so it operates up to TCP/UDP - i.e. it blocks traffic passing to/from specific IP address/port combination. It does not look into contents (e.g. HTTP response codes)[*].
ROS might do something about it if you actually managed to (ab)use proxy service on ROS to serve as front-end towards clients. But this doesn’t happen if you only used DST-NAT to expose your server to public.
So before you continue to “bark to this moon” you really should verify that browser doesn’t cache the error responses somehow. Or that there isn’t some transparent proxy on the way (if you’re using “plain” http (as oposed to https), this is quite probable).
[*] actually there is some L7 functionality, but it’s pretty hard to configure and has very limited usability while consuming quite some router’s CPU resources. If you didn’t try real hard to configure it, then it doesn’t affect your case.
@mkx Thank you so much for your detailed explanation!
Just to add a bit more to the situation — when I change my IP (e.g., by using a VPN), the API server starts responding again immediately. This behavior led me to think that some kind of IP-based blocking or restriction might be happening. Same does not happen for 404 requests. it is only triggered with 400 requests. The issue also persists when accessing the API over a local IP routed through firewall too, which made me lean away from browser caching or a transparent proxy.
Based on this, do you think there could be any other mechanism within MikroTik that might cause this behavior, or should I look deeper into the API server or networking path?
(on a high level note, the API server has no issues. i tries sending the traffic through the proxy I have configured in the server.)
Thanks again for your valuable input! i really appreciate it!
You will definitely have to troubleshoot the whole path betwern API client and server. Start by running wireshark on both and compare the captured traffic. If captures are identical on both ends, then it’s entirely between client and server. If they differ, tgen it’s something in between that interferes. ROS comes with traffic analysis/capture tools (e.g. packet sniffer) which should, in case that traffic differs between client and server) help to pinpoint the interfering device.
Mind that if it’s client acting up, you might not see some expected traffic in wireshark capture (even on client side) …
Hello, am experiencing this problem too where am getting the error in browser console. So basically am trying to start a wifi hotspot venture and am using mikrotik 951ui 2hnd v.6.49.1 and using a custom landing page so in the link page a have an external URL to fetch some data i.e payment gateway tio which i have deployed on cloud. So what can i do to solve this issue. Thanks
Hello, encoutering an error “ERR_CONNECTION_CLOSED” in my browser console. So basically am trying to start a wifi hotspot venture and am using mikrotik 951ui 2hnd v.6.49.1 with custom captive portal and in the portal files i have an external URL to fetch some data i.e payment gateway to which i have deployed on cloud. So what can i do to solve this issue. Thanks
.