Support Board
Date/Time: Tue, 04 Mar 2025 06:56:32 +0000
Post From: Issue with conecction to historical stock data
| [2021-11-21 19:35:50] |
| Agent Orange - Posts: 40 |
|
OK, thanks for confirming that. I'm guessing that until recently (sometime last week), you were routing that traffic from barchart.com through one of your servers, and now you're going to them directly. (Well, actually, it probably was a change you made in a recent update to Sierra Chart which began to affect me after I upgraded to 2328 last week.) For the sake of anyone else having any related firewall issues, I add the following: 1) The documentation should be updated to include that domain. 2) As far as I can tell, that barchart.com site is being hosted by AWS (Amazon Web Services) and therefore the IP addresses are subject to change. This can complicate matters for setting firewall rules. For example, my firewall is running pf on openbsd, which can use domain names in lieu of hard coded IP addresses, but the DNS lookups only occur when a ruleset is first loaded. So suppose your firewall rules allow ds01.ddfplus.com through and the actual IP address of that domain changes after pf is running --- then the new IP address will not get through the firewall but whatever is at the original IP address will still get through. I plan to work around this by writing some code that "frequently" does DNS lookups on domains specified by name and reloads the ruleset when changes are detected, thereby forcing pf to do new DNS lookups. Note that none of that is necessary when traffic you want to allow is always coming from a fixed set of IP addresses. Then you can just specify the IP address ranges by actual number in your firewall ruleset. I've been doing that for years, but as more and more companies move to the cloud for hosting their sites, it seems their IP addresses are subject to frequent changes. I guess it's possible they still have specific IP ranges assigned by their cloud provider, but I'm not sure about that. One more point: perhaps enterprise firewalls already handle this sort of thing, so maybe this is not an issue for people working from behind company firewalls, i.e., maybe they always work from domain names instead of hard coded address ranges, but given the security weaknesses of DNS, it sounds a little "scary" to me. I apologize for the length of this, but maybe someone will benefit from the "work" I had to put into this. Finally, if you are more expert on firewalls than I am (I am strictly self taught for my own needs) and you know of simpler ways to manage this sort of thing, by all means point me in a better direction. Thanks. Date Time Of Last Edit: 2021-11-21 19:39:45
|