Im integrating sagepay as a payment gateway into my magento installation. There seems to be some issues with the IP address included on the server however ive contacted sagepay and they've asked me to put some test purchases after changing the POST URL to https://test.sagepay.com/showpost/showpost.asp
is there a simple way to do this?
A 4020 error is a common error which can be resolved.
You need to ensure the IP is a fixed IP for Server or Direct integrations rather than a dynamic IP (an IP that changes).
If you look in My Sage Pay within Transactions>Invalids you will see the error along with the invalid IP. If the IP is not visible in Invalids you can either:
use our Simulator (submit a transaction to Test and if the IP is not detailed in My Sage Pay, you will get a 4020 error and you will be able to see the IP within the Simulator). To register for a Simulator account which is effectively a pre testing account click here).
you can send a Showpost to Sage Pay so that we can confirm the IP we are receiving your transaction from.
Once you know the IP that you are posting your transactions from, enter the IP within My Sage Pay, Settings>Valid IPs.
If you are unable to add additional IPs within My Sage Pay chek the Subnet Mask is not overlapping.
You only need to enter one of the IP addresses if you are entering the Subnet Mask as 255.255.255.248 as this means any IP address which is the same barr the last three digits will be accepted subject to the last 3 digits being less than 248. Example:
IP address 217.194.220.205 and Subnet Mask 255.255.255.248 registered on the Sage Pay account will therefore accept any IP address which starts '217.194.220.' and has the last three digits between '000' to '248'. You therefore do not need to enter the other four IP addresses as you have already covered these within the IP address and Subnet Mask already entered.
If you need any further help from Sage Pay, we're happy to help via 0845 111 4455.
Sage Pay Support
Related
When trying to refund a transaction on MySagePay (test mode, haven't tried live) I keep receiving the following error:
Failed refund attempt via My Sage Pay screens by [redacted]. Error returned was: 4020 : Information received from an Invalid IP address.
Since the information should be being received from Sage's IP addresses, I'm not sure why this is happening or how to fix it.
I've tried adding whitelisting the IP for test.sagepay.com and tried whitelisting my own computer's IP but neither worked.
Is this another case of Sage sending misleading error messages?
If so, what steps can I take to find out the real cause?
If not, what IP addresses do I need to whitelist to make their control panel work?
Found out the answer by looking at a different client's SagePay
For some reason, Sage didn't set its own IP addresses in the valid IPs when they set up the account
Adding the following solved the problem:
10.227.167.3
10.227.177.3
(Subnet Mask: 255.255.255.000)
I have manged to sign up in a service. and this service only authorize with your public address, I gave the my public IP address, and I didn't find out that until It was too late, because some times my Linksys Wag54gs router have some issues and every 24-36 hours it reboots itself. and with that, It gives me a new public IP address, I want now to assign this IP I have to my computer as my Unchangeable IP address so, It'd give me this one every time I connect to a new network and/or my router reboots.
I found a lot of answers to my question by googling, but the problem is that they required giving a new IP address, and then It'd ( the one that they just give me ) be unchangeable, But It's bad for me since I can't 'update' my new IP.
Thanks in advance.
Simple answer: You can't. That's a decision of your ISP to change your IP once in a while (in some countries, they are required to do so by law for privacy reasons).
There are services which update your DNS registration whenever your IP changes, such as dyndns.com or others. They're usually not entirely free, though.
You could also talk to your ISP to give you a static IP, although that costs you some $$$, too, if they offer this service at all.
I'm using Twilio to send and respond to messages. It was working normally, but since we moved to bay area the responding function doesn't work now.
So what happens is when the user send message to us(the IP address of our own computers) from their phones, our server can't receive anything. When we check our Twilio account, we know that the msg was indeed sent to the Twilio server. So we think it's the problem of linking between Twilio server and our IP address. We are suspecting that the IP address is virtual IP address here, which makes Twilio server can't find us. Is our suspection correct? if yes, what should we do? If not, what would be the possible problems?
Apologize for having a description not very clear, but it's pretty much everything of the problem. Please tell me if you need any additional information.
You probably need to use a dynamic dns service. Then you need to find what port Twilio sends the SMSs to the client(your computer), and make sure your firewall is forwarding that port to your computer. Odds are this is a firewall issue, especially since you say everything worked before you moved. Has there been a change in your network setup? You need to be aware of both hardware and software firewalls in your setup.
How is the firewall configured on your router? You need to forward requests to your router to your local IP address. Example: My local ip is 192.168.1.5 my external ip is 245.932.4.3 (This is the value you get from myipaddress.com) Thus you need to set your router (which has ip 245.932.4.3) to forward requests on port x (where x= the twilio outgoing port) to 192.168.1.5
I have a hosted web application, I would like to prevent signup from proxy/VPN/VPS ip address. How do i check whether the users ip address is proxy/vpn/vps syste.
For example clixsense.com site, users can't create account, it shows cannot access from proxy/vpn/vps ip address.
Thanks in advance.
Clixsense.com may pay someone who knows that certain sites are proxy/vpn/vps sites and are then able to block those sites. Short of that, there is nothing special about an IP address that would tell you that one is a proxy address vs. an actual endpoint address.
For example, network address translation (NAT) is a common form of "proxying". Your typical cable/DSL router makes it possible for more than one person to connect to the internet from your house. You're all sharing the same ISP IP address. The router stores a table of IP address to port numbers that it uses to establish outgoing communications. When a reply from the internet is received, the router performs a lookup and routes the traffic appropriately. From the viewpoint of the server on the internet, it came from that one single IP address that your router is "connected" to from your house, even though your computer has one IP address and your spouse's computer has a different IP address.
HTH.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Does anyone have a complete list of all IP addresses used by the Apple Push Notification Service?
I know that Apple uses a content delivery network to spread out these requests, and DNS lookups will return servers close to the requestor's location - the problem I have is in locating all of these servers that handle content for the United States.
For example:
$ nslookup gateway.push.apple.com
Non-authoritative answer:
canonical name = gateway.push-apple.com.akadns.net.
Address: 17.172.238.216
Address: 17.172.238.224
Address: 17.172.238.226
etc.
This list changes every time I query DNS - but all of the addresses seem to be in the same 17.172.238.x range - but there's no guarantee that tomorrow or next week I'll see a different range.
For the test push server, however, I already get results in different subnets. Sometimes I get one set of addresses:
$ nslookup gateway.sandbox.push.apple.com
Non-authoritative answer:
canonical name = gateway.sandbox.push-apple.com.akadns.net.
Address: 17.149.34.66
Address: 17.149.34.65
and other times, I'll get these addresses:
Address: 17.172.233.65
Address: 17.172.233.66
My server that will use the Apple Push Notification Service will be behind a corporate firewall, and I'll need to open up ports 2195 and 2196 for the production and test gateways -- however, my firewall team requires specific IP Addresses instead of host names.
I'm worried that if I just ask the firewall team to allow the IP Addresses I've seen so far, then my server will simply stop working a day or a week from now when the DNS server decides to serve up a different range.
If anyone has a comprehensive list for both the production and test environments, I'd appreciate it.
Update: I've tried asking the firewall team to open Apple's entire IP block (17.0.0.0/8), but they won't do that for me -- I need to narrow down the addresses a little bit.
Final update - 10/16/2016
Even though this question is closed, I thought I'd add a note explaining my final solution - and it is not what anyone looking for an answer wants to hear. I could never get ahead of the constantly changing addresses used by the CDN, so I finally gave up and leased an external server from Rackspace. I got the smallest server possible, and the only thing running on it is a port-forwarder that listens on 2195 and 2916 and sends the connections to Apple.
I used a simple iptables configuration on the Rackspace server to only allow connections on 2195/2916 from my corporate gateway, and then had my firewall team open a path to the static IP address on the external server. The firewall team is happy, with implementing a single path, and the external server can connect to the entire 17.0.0.0/8 range used by Apple.
From Apple's documentation (emphasis on the interesting bit added):
Push providers, iOS devices, and Mac computers are often behind firewalls. To send notifications, you will need to have TCP port 2195 open. To reach the feedback service, you will need to have TCP port 2196 open. Devices and computers connecting to the push service over Wi-Fi will need to have TCP port 5223 open.
The IP address range for the push service is subject to change; the expectation is that providers will connect by hostname rather than IP address. The push service uses a load balancing scheme that yields a different IP address for the same hostname. However, the entire 17.0.0.0/8 address block is assigned to Apple, so you can specify that range in your firewall rules.
17.0.0.0/8 is CIDR notation for 17.0.0.1 to 17.255.255.254.
The official answer is, unfortunately, that there is no official answer :) -- unless you consider Apple's rather sloppy approach of simply allowing all traffic to 17.0.0.0/8. Apple developer support provided the same link to the documentation as vcsjones in the first answer.
For my particular situation, I have narrowed the IP addresses down to these ranges after checking DNS regularly for the last couple of weeks. Keep in mind that these are only valid for the midwest portion of the United States, since Apple's CDN will return a set of addresses closest to the server making the query.
For gateway.push.apple.com, I'm opening ports 2195 and 2196 on my firewall for:
17.149.35.0 / 24
17.172.238.0 / 24
For gateway.sandbox.push.apple.com, I'm opening ports 2195 and 2196 on my firewall for:
17.149.34.66
17.149.34.65
17.172.233.65
17.172.233.66
Since these addresses are obviously subject to change, I've built in some monitoring for my application to detect when the APNS servers are no longer reachable (and fall back to these address ranges instead of using DNS). It's not the ideal solution, but it will have work for now until I can work out a solution with my corporate network / firewall teams...