I use a VPN to access services in an AWS VPC. I also use this VPN as a gateway to my local internet. The strange thing is that when I'm connected to the VPN, I can't browse amazon.com or amazon.co.uk I can get to the home page and it displays correctly, but whatever I try to do, I get an error 503 - Service Unavailable:
"We're sorry
An error occurred when we tried to process your request.
We're working on the problem and expect to resolve it shortly. Please note that if you were trying to place an order, it will not have been processed at this time. Please try again later.
We apologise for the inconvenience."
Again, this is Amazon's retail/shopping website.
It works fine with the VPN disabled.
What can I do to get this fixed?
Thanks!
It appears that amazon.com prevents access to the IP address range used by Amazon EC2 instances. This is possibly done to prevent scraping of information.
I accessed a page via an EC2 instance and noticed this message as a comment in the beginning of the HTML page:
To discuss automated access to Amazon data please contact api-services-support#amazon.com.
For information about migrating to our APIs refer to our Marketplace APIs at https://developer.amazonservices.com/ref=rm_5_sv, or our Product Advertising API at https://affiliate-program.amazon.com/gp/advertising/api/detail/main.html/ref=rm_5_ac for advertising use cases.
In fact, I have seen this behaviour on many websites.
While this does not assist with your use-case of sending traffic via your VPN connection to the Internet, at least it explains why it is occurring.
Related
I am evaluating Dialogflow ES Trail and created an agent, with fulfillment to explore the features.
For that, I have configured the application service in the Dialogflow console in fulfillment and specified the application endpoint URL for the service that is hosted on our secure network and environment. When a specific intent matches that have the fulfillment enabled it will invoke the service that is configured, but there is a failure "Dialogflow fulfillment error: Webhook call failed. Error: DEADLINE_EXCEEDED." since this request is getting blocked on our firewall.
Please note we are not hosted on the google cloud platform and using other cloud services and also we are using a different firewall that has custom rules.
I'm seeking assistance with whitelisting the IP addresses or DNS from which Google Dialogflow fulfillment is sending the traffic since this seems to be dynamic and changing every time the requests are getting blocked on our firewall.
I went through this documentation and tried allowing the IP Address ranges specified, but the IP addresses from which Google is sending the traffic are different. Also, it seems like this is more specific to Google Cloud Platform
https://cloud.google.com/vpc/docs/access-apis-external-ip#config
Also configuring the dynamic IP addresses ranges from these files goog.json and cloud.json hosted on the internet which keeps on updating daily seems to be difficult to handle in our firewall
https://cloud.google.com/vpc/docs/access-apis-external-ip#ip-addr-defaults
Can anyone please help me with How I can whitelist dialogflow.cloud.google.com traffic to our firewall since their IP Address and DNS is dynamic?
I recommend you to forgive this solution and to accept the traffic! Ok, surprising, let me explain.
If you whitelist the Dialogflow URL or IP, all the users that use Dialogflow will be authorized on your firewall. And because anyone can use Dialogflow, you will open the firewall to everybody.
Thus, don't waste time with that. "Don't trust the network" as Google say, but trust the authentication of the request. You can set, at least a static "API Key" on your webhook calls, it's much better than IP Filtering (even if not so strong, it's still better).
I recommend you to focus on this solution instead.
I'm trying to find a solution for my below explained scenario i.e.
I created an aws ec2 instance for the running my MERN app, but I want to run both front-end and back-end with same ip i.e. on same ec2 instance, so to do that I create security group with different ports and my app started working
but I started facing a issue with creating a subdomain for those ip+port e.g. xx.xxx.xx.xxx:3000 for running backend as shown below, the dns setting says I cannot create a subdomain with ip+port I can create it with ip only (that I have create for my front-end and it's running)
I wanted to create a subdomain for my back-end as to give it the access for google oauth2, because if I use the ip+port e.g. 0.0.0.0:3000, to be given access in google console it doesn't allow to do that as shown below
I searched so many article and blogs for the solution but didn't find anything helpful related to the topic, but I got some mentions of htaccess configurations with which I can host multiple website using same ip, I don't know about it even I'm very new to the server setup doing it first time by myself, need some guidance or solution to this, if anyone can provide me any solution or reference to any solution, it will be very helpful for me, thanks in advance
I am a developer trying to help a customer who has lost their root access information. I have full access except for root access. I have developed a webhook that communicates between a catalog sales site and their CRM site.
It was working fine, until suddenly it started getting 500 error codes. I tracked down that it was because the SSL certificate has expired. How do I find out what SSL certificates exist and how to fix this problem.
One difficulty is that in order to request technical help, I must upgrade the support plan, which I am willing to do, but can only do this from the root access account. In addition, I can't ask a question about how to reset the root account access unless I have the support plan.
We have the account number, BTW. We are running an EC2 instance on an AWS Linux server. Pointers to how to either get paid help or reset root access would be appreciated.
SSL certificates will be in one of 2 places:
ACM for either CloudFront Distributions or Elastic Load Balancers.
Locally on an EC2 Server if you connect directly to server.
If you need to connect to the EC2 server you will need to be able to connect via SSH or RDP depending on OS.
Regarding getting root access, you will need to attempt account recovery via AWS support. You'll be expected to provide proof that you own the account before they can reset these credentials for you.
Found out destination needed to purchase a new certificate and all was well. I thought the problem was on the sending end, but it was actually on the receiving.
I want to connect Google Cloud Platform Hosting to my Domain and Have tried everything.
I installed Wordpress from the Marketplace, then enabled Google Cloud DNS API, then also Cloud DNS from Network Services, and also changed the dns name from my domain name provider but my domain name does not open.
When I put my URL in the search bar, I see API request and CPU usage - https://prnt.sc/n7d5av . But My site does not open. It shows this - http://prnt.sc/n7d601
Please help me, I am stuck from past 12 hours and now my head feels like it will burst out. I did the exact process five times and nothing helps.
It looks pretty much like the firewall is blocking your port 80.
Make sure you add a firewall rule allowing to access your particular IP to everyone as it is described here.
This other documentation of Bitnami is quite clear as well.
I have just started playing around with AWS and I've been reading the docs as I go but I have run across a strange problem that I cannot explain and I was hoping someone experienced in AWS would be able to answer.
Certain websites return a 503 http response from my EC2 node, yet others do not. For instance: Canadian Company Capabilities returns a 503 via lynx and other tools yet Government Login does not.
Is one being blocked from outside of Canada or not? How can I diagnose the root cause of the 503?
EDIT
I should mention I am using a standard CentOs, free tier ec2 instance. The rest of the pipeline is out of the box AWS free-tier as well.
EDIT 2 I have connected through a VPN in the states and it works fine as well which leads me to believe it's something I am missing with AWS.
How can I diagnose the root cause of the 503
You contact the site's administrator.
This won't be an AWS issue. AWS does not block, screen, scan, filter, modify, or otherwise manipulate Internet traffic that you initiate. It's possible for your own misconfiguration to block traffic entirely, but 503 is an HTTP error, which implies that you're making a connection to the distant end.
The exception to the above is outbound TCP port 25, which is not blocked but is very aggressively rate-limited unless you take the necessary steps to remove the block... but I mention this only for thoroughness; it of course would not be relevant to the issue at hand.