This is odd: "Allow HTTP traffic" and "Allow HTTPS traffic" unchecked, yet I can get in

[James Lampert]

I've got a VM instance. The "VM instance details" page show, "Allow HTTP traffic" and "Allow HTTPS traffic" unchecked, under "Firewalls," and yet I can easily reach the Tomcat server running on it.

I will note that under "Network tags," it lists two strings that show up as firewall rule names (and as the targets of those rules) on the "Firewall rules" page of "VPC network."

The funny thing is that, although I haven't touched this thing in over a month, I don't remember doing this, and neither is there anything about it in my notes, but there IS something very specific in my notes about checking those two boxes.

Looking at another VM instance, I see something vaguely similar, only without the exact match between the network tag and the VPC firewall rule name (although there IS an exact match with the "target" on the rule).

Did something get changed internally, without anybody telling me, to generate this?

--

JHHL

[Justin Reiners]

James, keep in mind someone might have created a rule external to that page, check out VPC Network -- Firewall rules to see if you see an 80, its pretty easy to create 80 open to all instances from there.

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/8912d8e3-416e-4de8-a04f-93a8c06f1501%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Justin Reiners]

I tried it myself, it only works where a rule allows it.

On Thu, Jun 28, 2018 at 3:23 PM, Justin Reiners <jus...@hotlinesinc.com> wrote:

James, keep in mind someone might have created a rule external to that page, check out VPC Network -- Firewall rules to see if you see an 80, its pretty easy to create 80 open to all instances from there.

On Thu, Jun 28, 2018 at 3:15 PM, James Lampert <jam...@touchtonecorp.com> wrote:

I've got a VM instance. The "VM instance details" page show, "Allow HTTP traffic" and "Allow HTTPS traffic" unchecked, under "Firewalls," and yet I can easily reach the Tomcat server running on it.

I will note that under "Network tags," it lists two strings that show up as firewall rule names (and as the targets of those rules) on the "Firewall rules" page of "VPC network."

The funny thing is that, although I haven't touched this thing in over a month, I don't remember doing this, and neither is there anything about it in my notes, but there IS something very specific in my notes about checking those two boxes.

Looking at another VM instance, I see something vaguely similar, only without the exact match between the network tag and the VPC firewall rule name (although there IS an exact match with the "target" on the rule).

Did something get changed internally, without anybody telling me, to generate this?

--

JHHL

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.

To post to this group, send email to gce-dis...@googlegroups.com.

[James Lampert]

I know I was the only one who could have done it from here.