I have a custom API running on http://127.0.0.1:8080 and I have my own chainlink node running on http://127.0.0.1:6688. I get the error saying "Connections to local/private and multicast networks are disabled by default for security reasons: disallowed IP" when sending requests.
I guess maybe we can enable it by modifying the env file, but I don't know which configuration should I change. Does anyone know if we can enable these local/private connections? and how to do that?
Per the chainlink docs on the http task:
allowUnrestrictedNetworkAccess (optional): permits the task to access a URL at localhost, which could present a security risk. Note that Bridge tasks allow this by default.
ie:
my_http_task [type="http"
method=PUT
url="http://chain.link"
requestData="{\\"foo\\": $(foo), \\"bar\\": $(bar), \\"jobID\\": 123}"
allowUnrestrictedNetworkAccess=true
]
You can also use this flag in JSON
Related
I'm trying to use internal service DNS for service-to-service HTTP communication.
If I try to curl a pod from another deployment pod it is working but unable to use it in golang net/http service
2023/01/27 15:48:37 oauth2.go:90: oauth2 url http://hydra-admin.microservices.svc.cluster.local:4445/oauth2/auth/requests/login/accept
2023/01/27 15:48:37 oauth2.go:101: Unable to make http request Put "http://localhost:4445/admin/oauth2/auth/requests/login/accept?login_challenge=b569006c8b834a298cf1cd72e2424953": dial tcp [::1]:4445: connect: connection refused
hydra-admin.microservices.svc.cluster.local is resolved to localhost when the API call is made
but curl works as you see below
/ # curl -X PUT http://hydra-admin:4445/admin/oauth2/auth/requests/login/accept?login_challenge=6f51146e49c54b739de8a37b25a72349
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Unable to decode body because: EOF"}
What am I missing here?
Per my comment, depending on how you are building your go executable will have an effect on how it behaves within a k8s environment. Are you using a scratch image or a CGO_ENABLED=1 image?
From the dns package docs there's a caveat on DNS behavior
By default the pure Go resolver is used, because a blocked DNS request
consumes only a goroutine, while a blocked C call consumes an
operating system thread. When cgo is available, the cgo-based resolver
is used instead under a variety of conditions:
... when /etc/resolv.conf or /etc/nsswitch.conf specify the use of features
that the Go resolver does not implement, and when the name being
looked up ends in .local or is an mDNS name.
So I would suggest - to maximized your success rate for both external & internal DNS requests - building your go executable for k8s like so:
CGO_ENABLED=1 go build -tags netgo
I need to connect and send request for websocket from different IPs in jmeter to my singalR server. How can I do it. I know in case of HTTP request we can do that in jmeter by creating multiple IP addresses alias on the machine as mentioned in the link https://www.blazemeter.com/blog/how-to-send-jmeter-requests-from-different-ips.
How this process will work for websockets.?
Thanks.
It will not as the possibility to set outgoing IP address needs to be present in the WebSocket plugin you're using.
Currently available solution is to allocate as many machines as IP addresses you need and run JMeter in distributed mode. If a single machine is powerful enough you can kick off several JMeter slave processes there, keep in mind that:
you need to have these IP addresses (or aliases) defined at OS level
you need to bind the slaves to different ports
If you can do Java programming you can add it yourself, the project lives at https://github.com/ptrd/jmeter-websocket-samplers, somewhere here
If you cannot - you can ask the plugin developer to add this feature either via GitHub or try reaching out to him via JMeter Plugins Support Forum
Problem:
Not able to allow multiple host names for one single NiFi node.
Description:
I have an internal NiFi server with internal computer name 'nifi-1'. nifi.properties has the following:
nifi.web.https.host=0.0.0.0
nifi.web.https.port=9443
This works fine when I hit "https://nifi-1:9443/nifi/" internally.
I have another dns name - "nifi-1.company.com" (both names must be supported) that is routed to the same nifi node. The nifi node rejects with the following error messages when I hit "https://nifi-1.company.com:9443/nifi/":
System Error
The request contained an invalid host header [nifi-1.company.com:9443] in the request [/nifi]. Check for request manipulation or third-party intercept.
Valid host headers are [empty] or:
127.0.0.1
127.0.0.1:9443
localhost
localhost:9443
[::1]
[::1]:9443
nifi-1
nifi-1:9443
10.0.1.82
10.0.1.82:9443
0.0.0.0
0.0.0.0:9443
Question:
How to resolve this problem? Any solutions? (Thanks!)
Another way to phrase the question is how I may add more host names into the list of "valid host headers" as the above.
This issue was pointed at in NiFi 1.5 NIFI-4761. To resolve this issue, whitelist the hostname used to access NiFi using the following parameter in the nifi.properties configuration file :
nifi.web.proxy.host = host:port
Its a comma-separated list of allowed HTTP Host header values to consider when NiFi is running securely and will be receiving requests to a different host[:port]. For example, when running in a Docker container or behind a proxy (e.g. localhost:18443, proxyhost:443). By default, this value is blank, meaning NiFi should allow only requests sent to the host[:port] that NiFi is bound to.
original answer source: how to use nifi.web.proxy.host and nifi.web.proxy.context.path?
I am using pybliometrics, a Python interface to the Scopus API, to download the abstracts of some papers.
Unfortunately Scopus only works inside the network of the university that subscribed to it. I am currently at home and whenever I try to download something using pybliometrics it gives me the following error:
pybliometrics.scopus.exception.Scopus401Error: The requestor is not authorized to access the requested view or fields of the resource
I need to use my university's proxy in order to enter the internet with the IP address of my university. The proxy has a WPAD configuration file available, but I fail to realize how to use it with pybliometrics. The pybliometrics documentation says to add a block in the configuration file like this:
[Proxy]
ftp = socks5://127.0.0.1:1234
http = socks5://127.0.0.1:1234
https = socks5://127.0.0.1:1234
But this proxy requires authentication. How can I specify the proxy username and password?
EDIT: I have tried setting up the block in config.ini like:
[Proxy]
ftp = http://username:password#proxy.thing.it:8080
http = http://username:password#proxy.thing.it:8080
https = http://username:password#proxy.thing.it:8080
but it still fails with the following error message:
requests.exceptions.ProxyError: HTTPSConnectionPool(host='api.elsevier.com', port=443): Max retries exceeded with url: /content/abstract/scopus_id/84983158344?view=META_ABS (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 407 Proxy Authentication Required')))
From our perspective the API will work via a proxy as long as the proxy is configured correctly. I would suggest you speak to the provider of the proxy to see if they can help.
We don't have specific instructions on how to use APIs with a proxy (as there are many potential different versions and potential configurations); however, the general instructions are here:
https://service.elsevier.com/app/answers/detail/a_id/29026/supporthub/elsevieraccess/
To me your new proxy block looks suspicious. It funnels ftp and https requests through the http as well. Maybe try ftp and https as protocols in the corresponding sections.
The other solution is to ask Scopus Integration Support for an InstToken, which you use instead of a proxy. You then specify the InstToken in the configuration file as well.
The problem was that my proxy requires DigestAuth rather than BasicAuth.
I discovered OpenSIPS and all the possibilities a few days ago. I would just use it as a simple SIP proxy to get started. Proxy between my designated UAC and my UAS (asterisk, not natted). The goal is to use a proxy to prevent bot attacks on my UAS.
After installing OpenSIPS, I tried to configure my XLITE (natted) by simply adding the proxy URL in the configuration. It works, I register and I can see in my UAS peers my extensions with proxy IP. But when I make a call, I got a forbidden error. In debug mode, the log does not talk to me, I see a lot of information but nothing about this error.
I did not make any changes to the default configuration script. Is this behavior normal?
I also tried with VM on public IP as UAC (so not named), same thing.
Thank you for your help.
Olivier
Most likely, your SIP INVITE is hitting this block:
if (!is_myself("$rd")) {
send_reply("403", "Relay Forbidden");
exit;
}
What this means is that your OpenSIPS does not consider itself responsible for the domain (or IP) that your SIP UA has placed in the Request-URI and is trying to route towards. To fix this, just whitelist the Asterisk IP as a local (recognized) domain using the alias statement:
listen = udp:*:5060
alias = 1.1.1.1