Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted March 4Mar 4 I am getting the following error when trying to use the API on my new server.Array ( [errorCode] => 2S290/8 [errorMessage] => IP_ADDRESS_NOT_ALLOWED ) However, I am not making calls from any new IP address that wasn't already in my Allowed IP Addresses list. In other words, I am making calls from the same IP address as I was before I changed servers. Let's say Server A was the older server, and Server B is the new server. Before, my forum was installed on Server A and I was making calls from Server A, everything worked. Now I am making calling from Server A (the old IP) to Server B (the new forum install), and I'm getting this error. Edited March 4Mar 4 by NAWAC
March 4Mar 4 Community Expert Are you using CloudFlare or a proxy on the new server? If so, you'd need to trust proxy IP addresses in ACP -> System -> Advanced Configuration.Is the IP address allowed on the API key? Is the IP address banned in ACP -> Members -> Ban Settings?
March 4Mar 4 Community Expert You can read about this error at the following guide:https://invisioncommunity.com/developers/rest-api/index/
March 4Mar 4 Author Are you using CloudFlare or a proxy on the new server? If so, you'd need to trust proxy IP addresses in ACP -> System -> Advanced Configuration.No. Not using CloudFlare Is the IP address allowed on the API key?Yes. It's in the Allowed IP addresses. Is the IP address banned in ACP -> Members -> Ban Settings?No. It's not banned. You can read about this error at the following guide:https://invisioncommunity.com/developers/rest-api/index/The IP is in Allowed IP addresses.
March 4Mar 4 Community Expert You will want to double check it then as it sounds like either the IP address has changed or something is wrong in the configuration.
March 4Mar 4 Author I've double checked. Everything in the ACP is the same as it was before, and I'm making calls from the same exact IP I was before. Nothing is different, except for the new server that I'm making the calls to; but it doesn't appear as though that makes any difference, according to the setup of the API system.
March 4Mar 4 Community Expert I am getting the following error when trying to use the API on my new server.Another reason for this happening might be that the access is not allowed for your server IP.
March 4Mar 4 Community Expert Turn API logging on for the endpoint you're attempting to reach and check the API logs to see if the IP address is being logged correctly. If not, you'll need to check your server configuration.
March 4Mar 4 Author Turn API logging on for the endpoint you're attempting to reach and check the API logs to see if the IP address is being logged correctly. If not, you'll need to check your server configuration.API logging is on and the call is reaching the API system, it is giving the 403 Forbidden response code in the API log. Edited March 4Mar 4 by NAWAC
March 4Mar 4 Check your Apache or nGinX configuration. I had this issue since I was using nGinX. The config that worked for me was: location /api/ { # Pass the Authorization header to PHP set $http_authorization $http_authorization; proxy_set_header Authorization $http_authorization; # Serve existing files or route to index.php try_files $uri $uri/ /api/index.php; # PHP processing for the API location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Pass the HTTP_AUTHORIZATION header to PHP fastcgi_param HTTP_AUTHORIZATION $http_authorization; include fastcgi_params; } }I spent WAY too long to figure that out, don't ask... Just played until it worked.
March 4Mar 4 Community Expert API logging is on and the call is reaching the API system, it is giving the 403 Forbidden response code in the API log.Is the IP address given there though the correct IP address?
March 4Mar 4 Author It's definitely seems to be an error with the API system and not the server (Apache). When I choose, "No, allow any IP address to make API calls using this key" in the API settings, it works fine. When I try to be more restrictive and select, "Yes, I will specify which IP addresses can make API calls using this key" and add the IP address, it does not work and fails. Edited March 4Mar 4 by NAWAC
March 4Mar 4 Community Expert Is the IP address given there though the correct IP address?Please be sure to answer this question as if the API log is logging a different IP address, this is not an issue with the API system but the server passing the IP address.
March 4Mar 4 OH YEAH!!! I saw that message too, which started me down the whole rabbit holw there... I had to do this which my scripts:def post_to_forum(title, content): """Posts a job listing to the Invision forum as a new topic.""" api_url = f"{IPS_API_URL}?key={IPS_API_KEY}" payload = { "forum": IPS_FORUM_ID, "title": title, "post": content, "author": 1, "author_name": "Jessica Brown", } logging.info(f"Sending POST request for job: {title}") try: response = requests.post(api_url, data=payload) response.raise_for_status() post_url = response.json().get("url", "URL not found") logging.info(f"Post created successfully: {post_url}") return True except requests.RequestException as e: logging.error(f"Failed to create post for {title}: {e}") return FalseNot sure if you are a Python developer or not but let me explain...The API URL needs your API KEY in the URL so IPS can process it.POST https://codenamejessica.com/api/?key=abcdef1234567890 Content-Type: application/x-www-form-urlencoded forum=42 title=New Job Posting post=We are hiring a Linux Administrator! author=1 author_name=Jessica Brown
March 4Mar 4 Author Is the IP address given there though the correct IP address?That was it! The remote server I am calling from has an IP address of, for example, 12.34.56.79, but the API logs show it as 12.34.56.77, notice it's slightly different. So, it appears as though there is some sort of proxy on the remote server that I'm making the calls from, because 12.34.56.79 is the actual IP of my remote server making the calls, but it is showing up as 12.34.56.77 in the logs. I added the 12.34.56.77 to the allowed IPs and it worked.I still don't understand why it would show up as a different IP, but it worked. I just hope they don't switch the IP again.Can you put in a wildcard, like 12.34.56.* in the allowed IPs? Edited March 4Mar 4 by NAWAC
March 4Mar 4 Author Apparently, many machines have multiple IPs configured in the network interfaces. Each virtual host is listening to a specific IP. If there is any networking related action performed by PHP, for example a cURL call, the default IP is used every time. If I set CURLOPT_INTERFACE manually in my PHP script, the correct IP for my virtual host will being used in the call instead of the server's default.For example, you can set the IP by coding in curl_setopt($curl, CURLOPT_INTERFACE, 'xx.xx.xx.xx'); before sending your cURL call to the server. Which is the correct IP address for my website.I guess you could also do curl_setopt($curl, CURLOPT_INTERFACE, $_SERVER['SERVER_ADDR']); which seems to resolve to the IP of the actual website that PHP is running on in lieu of the default IP of the network interface.This allows the IP settings in the API to always agree with the server making the call to prevent it from possibly being changed to the network interface IP. Edited March 4Mar 4 by NAWAC
