Investigating incoming IP connection Stripe webhook issues on Ubuntu VPS - laravel

I'm investigation some issues with Stripe webhooks not reaching our test server.
According to their docs they submit requests from the following IPs: https://stripe.com/docs/ips#webhook-notifications
I have added these IPs to the iptables:
I'm not an iptables expert, but looking at this it seems that it's only matching 54.187.216.72. Other requests from Stripe will fail with a timeout error, which I'm assuming are coming from other IPs.
I can see the only working IP in my apache logs. I think I can rule out ufw / firewall issues because I have tried to temporary disable that as well during testing.
My question: How do I investigate this issue further? Is my iptables setup correct? Is there anything else here that could block IPs other iptables and ufw?
Stripe could not tell me which IP was used on their requests.
I hope I'm providing the correct information here, if not please let me know!
Thanks a lot!

The problem is that you do not have information from network diagnostic tools and cannot get it. When you see in the Stripe dashboard a timeout error this cannot mean only that your server blocks incoming requests or does not respond. Such error messages are generated by the Stripe backend, not network tools. Where are the packets lost? Are they really lost? Quite possible that Stripe has strict time intervals to resolve Promises and just rejects them despite of result.
You can't run traceroute from their IPs. Those IPs doesn't respond to ping. You can talk to your hosting provider and get "no problem here" response. You can turn off the firewall and still have errors. I'm pretty sure your filter rules are not the root of this issue.
P.S.: We had the same one. Without any filtering rules our endpoint was accessible from around the world except those IPs. The problem appeared without making any changes in the configuration. The problem disappeared without any changes in the configuration. Neither Stripe nor the hosting provider had problems found.

Related

Laravel-websoket - broadcasts nothing if the backend is on another port

My laravel works like restapi. Front and back on different ports, nginx proxies requests to the back or front.
I can connect from the browser to the web socket on port 6001 without any problems, as can be seen in the statistics, there are no errors in the console. The statistics itself is also available on port 6001, i.e. the web socket is working fine.
But Laravel broadcasts no events on the working server, in statistics and console it is empty.
Nothing blocks traffic, the firewall is disabled.
I spent half a day, but still did not understand what the problem was.
Any thoughts ...
Friends, as always, the answer was simple. In the production process, I did not fix the .env log on the pusher (((

Issues setting up SMTP server

I have read numerous articles and done everything recommended to setup a mail server in windows 2008R2
I am simply trying to send messages from my server from certain websites that I host.
I queued mail for delivery then got this back....
4.4.7 Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
For reference, I followed the instructions here...
How to setup an SMTP server
Is there something I am missing?
While I am not familiar with Windows mail servers, I have encountered a similar issue. If this only happens with some destinations, the receiving mail server could be simply refusing the connection.
For example, mail servers often refuse connections from IP addresses that ISPs hand out to "regular" (non-business) customers. Another common reason to reject mail is if the reverse DNS entry for your IP doesn't match the hostname in the HELO (or EHLO) command. (However, in that case, you probably wouldn't get "unable to connect" errors.)
You could try online tools like mxtoolbox to help diagnose the problem.

Why Sagepay notification reaches some of our servers but not the others

Currently we have a few test servers which connect to test.sagepay.com to process transactions. However, on 2 of the servers, we could successfully register transactions on sagepay, but then we didn't receive any sagepay notification coming back at all. However, on different servers (running on different IP addresses), it is working perfectly fine.
I've got the error code "5006 - Unable to redirect to Vendor's web site. The Vendor failed to provide a RedirectionURL". It used to work perfectly fine on those servers, and only stopped working since last Thursday although we are sure that we didn't touch those servers during that period of time at all. Besides, we do see a few occasional notifications coming in from sage which we believe are the REPEAT notifications, not the original ones. We could see all those transactions registered on our accounts, but of course all of them are failed due to the fact that we haven't got any notification coming back.
And we also do make sure that our firewall is opened for the whole range 195.170.169.* from which we expect to receive the sage notification
So my questions are:
Does Sagepay have some sort of mechanism to block some IP addresses and stop sending back notification?
Is the Sagepay-serer which sends out original notifications different from the one that sends out Repeat notifications?
I've faced the very same issue. Our script was handing https:// address over to SagePay as a NotificationURL, but https was not setup, hence the notification script could not be reached. Once I changed to http and ensured that the notification script response is correct it worked.
Also it seems that when SagePay could not reach RedirectURL it tried 8 more times.
I'm not exactly answering your questions, but perhaps it will help. I'd add this as a comment, but I can't...

HTTP GET requests work but POST requests do not

Our Spring application is running on several different servers. For one of those servers POST requests do not seem to be working. All site functionality that uses GET requests works completely fine; however, as soon as I hit something that uses a POST request (ex. form submit) the site just hangs permanently. The server won't give any response. We can see the requests in Tomcat Manager but they don't time out.
Has anyone ever seen this?
We have found the problem. Our DBA accidentally deleted the MySQL database files on that particular server (/sigh). In our Spring application we use GET requests for record retrieval and the records we were trying to retrieve must have been cached by MySQL. This made it seem as if GET requests were working. When trying to add new data to the database, which we use POST requests to do, Tomcat would wait for a response, which never came, from MySQL.
In my experience if you're getting a timeout error it's almost always due to not having correct ports open for your application. For example, go into your virtual machine's rules and insure port 8080, 8443 or 80, 443 are open for http and https traffic.
In google cloud platform: its under VPC networking -> firewall rules. Azure and AWS are similar.

Ping to APNS not returning

I am trying to connect to Apple's Push Notification servers and push some notifications. All connections attempts are timing out. Tried pinging the server gateway.sandbox.push.apple.com and gateway.push.apple.com and they are not reachable. Are these servers alive and reachable? Can any body validate that they are reachable? Is it a regional problem?
I posted this question on the Apple forums but did not get any response. But, I figured it out myself after lot of experiments. Any requests to APNS, whether ping or connection requests, that are routed through proxies are filtered out in the transit and will never reach the APNS. This is probably done due to security concerns by the Apple guys. This means that any requests from your machines at your work locations will never go through as they are always routed through a proxy server. Any requests that sent through a direct internet connection without any intermediate proxies make it to APNS.
To test this you can tether your mobile 3G connection and share it with your PC/Laptop and then try connecting or pinging APNS and it should succeed. Your mpobile 3G connection is a direct internet connection. To get it working at your work locations ask your IT for a direct connection.
Update: It happened to be a firewall issue. Resolved after configuring the firewalls to allow connections to APNS range of IPs.

Resources