Enable Ping on HP Cloud Server : Router and Security Group Settings

We Need To Tweak The Router and Security Group Settings By Editing The ICMP Rules For Apache2 or Nginx To Enable Ping on HP Cloud Server. Previously, We Have Published Guides on Router & Subnet Settings and Settings of Ingress Egress Policies For Proper Web Server Setup on HP Cloud. This time, we will enable Ping on HP Cloud Server, which is less documented for a beginner. Beginner means, one who has less than a decades experience on UNIX System and Networking. Working with Router demands practical experience. This settings will work for all types of HP Cloud and for DataStax Enterprise.

Enable Ping on HP Cloud Server : Understanding Ping and ICMP

ICMP stands for Internet Control Message Protocol. This is another Internet Protocol and differs from TCP and UDP. Ping is a computer network software utility used to test the reachability of a host on a network and it is also used to measure the round-trip time for messages sent from the origin to a destination computer.

Without enabling Ping and ICMP, a web server can run quite nicely. Ping can be abused to create denial-of-service attack and Nginx or Apache2 must be configured properly, keeping this basic abuse in mind. We do not recommend to enable Ping or widely open the security settings for ICMP.

ICMP, again can be dependent on IPv4 or IPv6. What we are describing is for IPv4, although for IPv6, the technical steps will be the same. Security settings for IPv4 and IPv6 are different from the OS level Firewall and Router. IPv6, can proved to be a bottleneck of security.

Enable Ping on HP Cloud Server : Configuration For PHP5-FPM and Nginx as Web Server

For a standard PHP5 FPM-Ngnix setup, we need to configure two files for a right Ping response. You need to uncomment ( remove ;) from the /etc/php5/fpm/pool.d/www.conf file :

You do not need to enable status if only Ping is what you want to work it. Opening status widely will invite more trouble. In the Nginx Site specific file (/etc/nginx/sites-available/default) :

Now restart the services :

OPTIONAL STEP

If you have the need and SNMP installed, you need to add this line in /etc/snmp/snmp.conf file :

The above is an optional step and you must know what you are doing. SNMP (Simple Network Management Protocol) is separately discussed as well as the setup of SNMP.

Enable Ping on HP Cloud Server : Router and Security Group Settings

Up to the above step, all can do rightly. Next steps are most important. Create a security group or use an existing one and add a permission for ICMP IP with Custom ICMP Rule with a type and code of -1 against IPv4 as Ingress Policy :

Lot of fields to work with. Create another rule for the same security group and add a permission for ALL ICMP with a type and code of -1 against CIDR as Ingress and Egress Policy separately. We are showing only Ingress :

So much wider settings actually not required. You can tighten it by narrowing down the port. With this settings, you’ll get a proper Ping response (Pong) :

Do not Ping others’ server without any reason. Google does not give importance to Ping result. For security reason, you can keep the Ping to closed. Low end old systems on various websites uses Ping to check online status of the server. Basically you can test with cURL :

If you open this location – https://thecustomizewindows.com/ping on browser, you will get a “pong” page. That we can emulate with cURL :

You will get this – pong%. Thats the right setup. You can use Pingdom like online tools to test. We actually have no real file at that location. See this settings :

Response :

This is happening because they kept the /ping location to deny all;.