Anatomy of a Shutdown

"Critical"The government re-enabled the Amber Alerts informational website, amberalert.gov, in response to complaints after being disabled due to the government shutdown.

The amberalert.gov webserver IP address is 149.101.16.16. These ten websites are hosted via the webserver running on this machine:

  • www.amberalert.gov
  • www.nij.gov
  • www.espanolforlawenforcement.gov
  • www.crimevictims.gov
  • www.smart.gov
  • www.ojp.usdoj.gov
  • www.namus.gov
  • www.ovc.gov
  • www.reentry.gov
  • www.ojp.gov

After the government shutdown, most of these URLs redirected to an “unavailable” page, also on 149.101.16.16, announcing “Due to the lapse in federal funding, this Office of Justice Programs (OJP) website is unavailable.”

These three URLs still worked: www.crimevictims.gov, www.ojp.usdoj.gov (marked “critical to public safety”), and www.namus.gov (also “critical”).

If you went to the raw IP address (http://149.101.16.16/) you would see the ojp.usdoj.gov website.

In other words, this machine was reconfigured to render some websites temporarily inoperational. All these websites were on the same machine, obviously drawing power and connected to the internet. The files were still there. But now some of them could not be reached.

The webserver was Apache, so the redirects were done with a 301 “Moved Permanently” status, most likely configured via a .htaccess file at the web root. This couldn’t be done with the www.ojp.gov site, though, because it was hosting a “unavailable” page being redirected to by other websites. Since putting in a .htaccess redirect would have taken the “unavailable” page down too, the index.html file at the webroot was replaced with another copy of the “unavailable” page.

This means that all of the www.ojp.gov site except that one page is still available if you know any of the other URLs, such as http://www.ojp.gov/programs/aiana.htm

But www.ojp.usdoj.gov also hosted the “unavailable” page that the www.amberalerts.gov website redirected to. People started noticing that if you took the /unavailable/ off the URL of that “unavailable” URL, you got a fully functioning site, assuming that was the Amber Alerts site.

To prevent this, someone replaced the index.html file at www.ojp.usdoj.gov with the “unavailable” page, which had the side-effect of bringing down the www.ojp.usdoj.gov site, previously marked “critical to public safety.” However, just like www.ojp.gov, the site is still there if you know the URL of any of the sub-pages, such as http://www.ojp.usdoj.gov/programs/juvjustice.htm

Due to public outcry, the www.amberalert.gov site was brought back up, almost certainly by removing or editing the .htaccess file. It was explained that it was placed behind a firewall to prevent hacking in the absense of web admins to oversee the site.

But this machine was never blocked by a firewall. The machine’s webserver was continuously available to the internet, receiving and sending web traffic, parsing requests, and delivering web pages… just not very useful ones.