Pushpendra Singh Chauhan Posted January 27, 2022 Posted January 27, 2022 (edited) Hi, I was running my website on single server, today I separated Web, DB and Fileserver. Now I have 3web server+1 fileserver+1db(write permission)+1db(read permission). All webserver are added to a load balancer, The problem starts when load balancer switch the webserver after some time, this show banned message for logged in user. If I check User>Member Settings > Ban Setting, sometime this show that my IP is banned (Reason: API.) If I delete this filter everything works fine. Sometime it work after Clearing system Cache from support tool. I am able to access admin panel from all webservers, but getting problem for frontend login, once load balancer switch the server. We (organization) use a common IP that is above in screenshot, every registered member is facing the same problem. For Guest users everything is fine. Could anyone suggest what I am doing wrong here? Edited January 27, 2022 by Pushpendra Singh Chauhan
Marc Posted January 27, 2022 Posted January 27, 2022 How often is it calling the API there? It may be its hitting it excessive times and being banned for that reason
Pushpendra Singh Chauhan Posted January 27, 2022 Author Posted January 27, 2022 (edited) 11 minutes ago, Marc Stridgen said: How often is it calling the API there? It may be its hitting it excessive times and being banned for that reason I am not aware of this. How can I check this, pls suggest? or how can i increase this value? How can i fix this error? Edited January 27, 2022 by Pushpendra Singh Chauhan
Stuart Silvester Posted January 27, 2022 Posted January 27, 2022 I suspect someone in your office (on your local IP) is using the REST API, but they are now using invalid credentials (it could be that they're using the Authorization header to pass the credentials and your new load balancer isn't passing that on to the server)
Pushpendra Singh Chauhan Posted January 27, 2022 Author Posted January 27, 2022 2 minutes ago, Stuart Silvester said: I suspect someone in your office (on your local IP) is using the REST API, but they are now using invalid credentials (it could be that they're using the Authorization header to pass the credentials and your new load balancer isn't passing that on to the server) Yes a mobile App is using REST API to display Files only (for guest users) . but we didn't change the load balancer configuration. We were using 2 webserver by December 21. one of them was corrupted so we decided to add new servers on the same load balancer. Now we have 3 webserver added to same LB. I checked mobile APP too, sometime this display files sometime not. Sometime API works sometime display this error { "errorCode": "1S290\/A", "errorMessage": "IP_ADDRESS_BANNED" } While accessing REST OAuth section i am getting this error I removed ban filter may times. Pls suggest the way that to do ?
Stuart Silvester Posted January 27, 2022 Posted January 27, 2022 You would need to figure out why your app (or anything else from your IP using the REST API) is using invalid credentials. IP Banning after repeated failed authentication attempts is a brute force protected.
Pushpendra Singh Chauhan Posted January 27, 2022 Author Posted January 27, 2022 I checked the app is using the same key that is in rest API section. I am not understanding what invalid is in that? 49 minutes ago, Stuart Silvester said: You would need to figure out why your app (or anything else from your IP using the REST API) is using invalid credentials. IP Banning after repeated failed authentication attempts is a brute force protected.
Marc Posted January 27, 2022 Posted January 27, 2022 Its either not being passed or being passed incorrectly there. We are unable to assist with custom code unfortunately. We can tell you only that is the reason for your issue there
Pushpendra Singh Chauhan Posted January 28, 2022 Author Posted January 28, 2022 (edited) 23 hours ago, Marc Stridgen said: Its either not being passed or being passed incorrectly there. We are unable to assist with custom code unfortunately. We can tell you only that is the reason for your issue there Checked app key there is nothing wrong, also checked with a new api key but the same is happening. Sometimes it works if i clear system cache. Is system cache making problem? I have a question the previous setup was 1 master and 1 slave webserver. Now all 3 webserver are master, a fileserver is mounted on all 3 and 2 DB server (1 read and another with write permission) is linked to each. Is this correct setup? Or should I create a master webserver with 2 slave servers? Edited January 28, 2022 by Pushpendra Singh Chauhan
Marc Posted January 28, 2022 Posted January 28, 2022 The question there is something that would need to be asked of your hosting company, rather than ourselves.. We would not be able to assist with your hosting setup. As I mentioned above, when the key gets to your system, it is incorrect unfortunately. We are unable to help debugging of your application to see why this is the case.
Pushpendra Singh Chauhan Posted January 28, 2022 Author Posted January 28, 2022 38 minutes ago, Marc Stridgen said: The question there is something that would need to be asked of your hosting company, rather than ourselves.. We would not be able to assist with your hosting setup. As I mentioned above, when the key gets to your system, it is incorrect unfortunately. We are unable to help debugging of your application to see why this is the case. I am asking this because when I get access of Server A and make any changes through ACP let say I change guest cache time this is not reflecting in Server B and C. In future if i upgrade IPB version I am afraid I need to upgrade all 3 webservers separately.
Dll Posted January 28, 2022 Posted January 28, 2022 (edited) You'd need to cache to the database or a separate redis server. Then the web servers don't have anything on them other than the PHP files etc. And yes, of course you will need a method to update all of your servers when updating the software. Edited January 28, 2022 by Dll
Marc Posted January 28, 2022 Posted January 28, 2022 46 minutes ago, Pushpendra Singh Chauhan said: I am asking this because when I get access of Server A and make any changes through ACP let say I change guest cache time this is not reflecting in Server B and C. In future if i upgrade IPB version I am afraid I need to upgrade all 3 webservers separately. From the point of the software, it only really cares its all seeing the same database, and seeing the latest files. We cant really answer as to where you have to upload files on your particular setup.
Management Matt Posted January 28, 2022 Management Posted January 28, 2022 We check for a bad key, if we detect this more than once in 5 minutes, then we return a 429 header ('TOO_MANY_REQUESTS_WITH_BAD_KEY', / '1S290/D') We can also return a 403 header 'IP_ADDRESS_BANNED' on subsequent checks if a bad key has been used with this IP address more than 10 times. Using an incorrect API key, \IPS\Api\OAuthClient::accessTokenDetails() failing, or trying to set a scope that doesn't exist/not having any scopes can trigger bad keys being added to the error log. Marc 1
Recommended Posts