I keep getting a 520 error when trying to load s3 files via my code. It all works fine locally but when I upload the changes to my production server which is behind cloudflare I get a 520 error. Im using IIS 7.5 with asp classic code, here is my test page which is call everytime I want to download a file from s3.
https://www.gbca.org.au/aws_test.asp?fileID=9450&hash=688254C6503507FDDF8CF5D5CD113212&type=pam
It doesnt make sense and cloudflare doesnt provide any error messages.
' #########################################
function downloadFile()
Server.ScriptTimeout = 30000
set http = Server.CreateObject("Chilkat_9_5_0.Http")
http.UnlockComponent("BLUESIHttp_MHoP0vyTTL3e")
http.AwsAccessKey = AWS_ACCESS_KEY
http.AwsSecretKey = AWS_SECRET
if bucketType = "not-secure" then
http.AwsEndpoint = "s3.ap-southeast-1.amazonaws.com"
http.AwsRegion = "ap-southeast-1"
bucketLocale = AWS_BUCKET_ASIA
else
http.AwsEndpoint = "s3.ap-southeast-2.amazonaws.com"
http.AwsRegion = "ap-southeast-2"
bucketLocale = AWS_BUCKET_SECURE
end if
s3FileBytes = http.S3_DownloadBytes(bucketLocale, objectName)
If (http.LastMethodSuccess <> 1) Then
Response.Write "<pre>" & Server.HTMLEncode(http.LastErrorText) & "</pre>"
Response.End
End If
'response.write("AWS_BUCKET_ASIA: " & AWS_BUCKET_ASIA & "<br />")
'response.write("objectName: " & objectName& "<br />")
'response.write("s3FileBytes: " & ubound(s3FileBytes) & "<br />")
''response.write("s3FileBytes: " & filetype & "<br />")
''response.end()
Response.Clear
Response.AddHeader "Pragma", "no-cache"
Response.AddHeader "Content-Disposition", "attachment; filename=""" & filename & """"
Response.AddHeader "Content-Length", ubound(s3FileBytes)
Response.AddHeader "Connect", "close"
Response.ContentType = filetype
Response.BinaryWrite s3FileBytes
set AWS = nothing
'-- log the file access
'SQLLine = "INSERT INTO download_history (fileID, who, etc) VALUES (" & fileID & ")"
'DBCC.execute(SQLLine)
end function
https://www.gbca.org.au/aws_test.asp?fileID=9450&hash=688254C6503507FDDF8CF5D5CD113212&type=pam
Error 520 is essentially a catch-all response when something unexpected happens or when the origin server incorrectly interprets or does not tolerate a request due to a protocol violation or an empty response.
Besides reviewing your server logs, I recommend contacting Cloudflare support to review logs on their end as well. Unless you're on Enterprise Plan and explicitly requested to enable 100% logs, keep in mind they only keep 1% anonymized sampled logs for a limited time, so the logs might not be available if you contact them too late.
I've seen cases where nginx error upstream prematurely closed connection while reading response header from upstream was observed, upstream in this case means the origin server. This indicates that the origin server or the path along which it travelled was having issues during this period which caused Cloudflare to generate those 520 errors. Correlating the timestamp with your server's logs will give you better picture as to what the root cause could possibly be.
Related
After adding the following adaptive authentication script, if the username is not according to the format I should be getting the custom status message saying, Access Denied, invalid username format. But instead I get the default status message, Something went wrong during the authentication process. Please try signing in again.
function onLoginRequest(context) {
executeStep(1, {
onSuccess: function(context) {
var user = context.currentKnownSubject;
if(user!= null && user.username != null && !user.username.equals('')) {
Log.info("username: " + user.username);
} else {
sendError('',{'status':'AUTHENTICATION USERNAME ERROR', 'statusMsg': 'Access denied, invalid username format.'});
}
}
});
}
In addition, I get the following error in the wso2carbon.log file as well.
TID: [-1234] [authenticationendpoint] [2022-10-05 15:44:12,715] [37951f7d-8240-48d4-ad4f-1d4c8a6a3ec4] ERROR {org.wso2.carbon.identity.application.authentication.endpoint.util.AuthContextAPIClient} - Sending GET request to URL : https://dev.wso2istemp.com/api/identity/auth/v1.1/data/AuthenticationError/0b0efc37-819d-4b39-85b2-517126c3c9cb, failed. java.io.IOException: Server returned HTTP response code: 401 for URL: https://dev.wso2istemp.com/api/identity/auth/v1.1/data/AuthenticationError/0b0efc37-819d-4b39-85b2-517126c3c9cb
...
org.wso2.carbon.identity.application.authentication.endpoint.util.AuthContextAPIClient.getContextProperties(AuthContextAPIClient.java:70)
at org.apache.jsp.retry_jsp._jspService(retry_jsp.java:194)
...
org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
...
org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:190)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
...
The <IS_HOME>/repository/conf/deployment.toml configurations for [server] are as follows.
[server]
hostname = "dev.wso2istemp.com"
node_ip = "127.0.0.1"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
What is the reason for the following issue in the wso2carbon.log and why the custom status message is not shown properly?
When the adaptive authentication script is running, the values are passed to the Identity Server(IS) encrypted. In above case, the encrypted data chunk is passed to the IS,
https://dev.wso2istemp.com/api/identity/auth/v1.1/data/AuthenticationError/24e56d99-9494-4989-a3e2-4008b73ebd9b
with the last segment of the URL is being the data chunk. When the server tries to get that data chunk with a GET request, java.io.IOException: Server returned HTTP response code: 401 for URL which is the code for unauthorized is thrown. Since that data chunk is not properly received, the default status message is shown instead of the custom status message. The steps to resolve this are given below.
First clarify whether the dev.wso2istemp.com which you were using is not mapped with the localhost in /etc/hosts file.
Go to <IS_HOME>/repository/conf/deployment.toml file and check for the following configuration [identity.auth_framework.endpoint] and check whether the mutual SSL is set to false via mutual_ssl_manager_enabled=false
If so, enable that by commenting the mutual_ssl_manager_enabled=false, since using mutual SSL is recommended for IS. If you go to the <IS_HOME>/repository/resources/conf/default.json file, you can notice that the default value for mutual_ssl_manager_enabled is true
In a multi-node situation, the above error can occur if the mutual SSL is not enabled, If that does not resolves the issue, then you have to check whether the internal_hostname has been set properly so that the internal API calls are being sent properly.
To do that, if you have not added the following configuration to <IS_HOME>/repository/conf/deployment.toml file, you can check whether it has been properly applied to the <IS_HOME>/repository/conf/identity/identity.xml by checking for <ServerHostName>localhost</ServerHostName>
[server]
internal_hostname="localhost"
If you are using a multi-node deployment, this localhost value should be added to the SAN for the certificate when the certificate is generated (-ext SAN=dns:localhost)
keytool -genkey -alias newcert -keyalg RSA -keysize 2048 -keystore newkeystore.jks -dname "CN=dev.wso2istemp.com, OU=Is,O=Wso2,L=SL,S=WS,C=LK" -storepass mypassword -keypass mypassword -ext SAN=dns:localhost
But if you are using a single node you can add the following configuration to the deployment.toml and check whether it resolves things. (In single node case the internal_hostname should be similar to hostname)
[server]
hostname = "dev.wso2istemp.com"
internal_hostname = "dev.wso2istemp.com"
If that is not working[https://github.com/wso2/product-is/issues/11878] then go to <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml and uncomment the following commented snippet.
<!--context-param>
<param-name>AuthenticationRESTEndpointURL</param-name>
<param-value>https://localhost:9443/api/identity/auth/v1.1/</param-value>
</context-param-->
This might route the internal_hostname being reflected on the request since the internal API calls are blocked when hostname of the server being replaced instead of the internal_hostname for the internal API calls(https://dev.wso2istemp.com/api/identity/auth/v1.1/data/AuthenticationError/24e56d99-9494-4989-a3e2-4008b73ebd9b).
I am in the process of setting up Kerberos on a CentOS7 (more specific: the Hortonworks HDP 2.3 sandbox) running in a VirtualBox VM. My problem is that kinit seems to be unable to reach my KDC, the answer is "Resource temporarily unavailable while getting inital credentials" if I add an address in my /etc/hosts file and if I leave that file as is I get the message "could not contact any host for realm mycompany while getting initial credentials".
The KDC is running (can find it with ps plus the service starts with an "okay" message), same for kadmin.
As a guide for setting up kerberos I followed these two guides:
CentOS guide
Guide 2
My config files:
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
[libdefaults]
default_realm = MYCOMPANY.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MYCOMPANY.COM = {
kdc = kerberos.mycompany.com
admin_server = kerberos.mycompany.com
}
[domain_realm]
.mycompany.com = MYCOMPANY.COM
mycompany.com = MYCOMPANY.COM
kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88,750
[realms]
MYCOMPANY.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
kadm5.acl
*/admin#MYCOMPANY.COM *
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.96.140 sandbox.hortonworks.com sandbox ambari.hortonworks.com
192.168.1.3 mycompany.com kerberos.mycompany.com
I get the "Resource..." error if I have any address in the third line of the hosts file, if that line is missing I get the "could not contact..." error.
I could trace the kinit command with something along the lines of krb5_trace or something (unfortunately I can't find the link I got it from any more nor remember the exact command) to the address specified in the host file so kinit seems to contact the fitting address, its just that the KDC does not listen there.
Netstat shows that the KDC is listening on the ports specified in the kdc.conf
Any help would be appreciated
Okay so it does work now. Things I did to fix it:
/etc/resolv.conf
mycompany.com 127.0.0.1
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.96.140 sandbox.hortonworks.com sandbox ambari.hortonworks.com
127.0.0.1 mycompany.com kerberos.mycompany.com
And, most embarrassing: I used kinit mycompany/admin for the principal user/admin#mycompany.com which is of course wrong.
The right call is of course kinit user/admin
I am using the Zehon FTP utility on a ColdFusion 9 server. When I am FTP'ing files, it creates one directory, transfers about 16 files, then gives the message :
com.zehon.exception.FileTransferException: org.apache.commons.vfs.FileSystemException: Could not connect to FTP server on "ftpservername.com".
Here's the code:
<cfscript>
//FTP server information
host = "#getSiteList.TMS_FTPADDRESS#";
username = "#getSiteList.TMS_USERNAME#";
password = "#getSiteList.TMS_PASSWORD#";
/* sendingFolder = Folder whose content is to be uploaded recursively
* to the FTP server.
*/
sendingFolder = "#local_Folder#";
/* Forward slash / = root dir of FTP server.
* if you wish to FTP to privateDir under the root, for example,
* then set destFolder to "/privateDir"
*/
destFolder = "/#parent_Folder#";
FTP = createObject("java", "com.zehon.ftp.FTP");
thisBatchTransferProgressDefault= createObject("java", "com.zehon.BatchTransferProgressDefault").init();
FileTransferStatus = createObject("java", "com.zehon.FileTransferStatus");
try {
status = FTP.sendFolder(sendingFolder, destFolder, thisBatchTransferProgressDefault, host, username, password);
if(FileTransferStatus.SUCCESS is status){
writeOutput(sendingFolder & " got ftp-ed successfully to folder " & destFolder);
}
else if(FileTransferStatus.FAILURE is status){
writeOutput("Failed to ftp to folder " & destFolder);
}
} catch (any e) {
writeOutput(e.message);
}
</cfscript>
I tried this on two different servers and the same issue. If I use FileZilla or CFFTP, I can transfer all my files (CFFTP is having issues creating subfolders, which is why I moved away from that, and we want our customers to use their web app to FTP files, not a client). Has anyone else experience this? If so, was a solution discovered? Thanks
I'm using the following project for enabling APNS in my project:
https://github.com/stephenmuss/django-ios-notifications
I'm able to send and receive push notifications on my production app fine, but the sandbox apns is having strange issues which i'm not able to solve. It's constantly not connecting to the push service. When I do manually the _connect() on the APNService or FeedbackService classes, I get the following error:
File "/Users/MyUser/git/prod/django/ios_notifications/models.py", line 56, in _connect
self.connection.do_handshake()
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]
I tried recreating the APN certificate a number of times and constantly get the same error. Is there anything else i'm missing?
I'm using the endpoints gateway.push.apple.com and gateway.sandbox.push.apple.com for connecting to the service. Is there anything else I should look into for this? I have read the following:
Apns php error "Failed to connect to APNS: 110 Connection timed out."
Converting PKCS#12 certificate into PEM using OpenSSL
Error Using PHP for iPhone APNS
Turns out Apple changed ssl context from SSL3 to TLSv1 in development. They will do this in Production eventually (not sure when). The following link shows my pull request which was accepted into the above project:
https://github.com/stephenmuss/django-ios-notifications/commit/879d589c032b935ab2921b099fd3286440bc174e
Basically, use OpenSSL.SSL.TLSv1_METHOD if you're using python or something similar in other languages.
Although OpenSSL.SSL.SSLv3_METHOD works in production, it may not work in the near future. OpenSSL.SSL.TLSv1_METHOD works in production and development.
UPDATE
Apple will remove SSL 3.0 support in production on October 29th, 2014 due to the poodle flaw.
https://developer.apple.com/news/?id=10222014a
I have worked on APN using python-django, for this you need three things URL, PORT and Certificate provided by Apple for authentication.
views.py
import socket, ssl, json, struct
theCertfile = '/tmp/abc.cert' ## absolute path where certificate file is placed.
ios_url = 'gateway.push.apple.com'
ios_port = 2195
deviceToken = '3234t54tgwg34g' ## ios device token to which you want to send notification
def ios_push(msg, theCertfile, ios_url, ios_port, deviceToken):
thePayLoad = {
'aps': {
'alert':msg,
'sound':'default',
'badge':0,
},
}
theHost = ( ios_url, ios_port )
data = json.dumps( thePayLoad )
deviceToken = deviceToken.replace(' ','')
byteToken = deviceToken.decode('hex') # Python 2
theFormat = '!BH32sH%ds' % len(data)
theNotification = struct.pack( theFormat, 0, 32, byteToken, len(data), data )
# Create our connection using the certfile saved locally
ssl_sock = ssl.wrap_socket( socket.socket( socket.AF_INET, socket.SOCK_STREAM ), certfile = theCertfile )
ssl_sock.connect( theHost )
# Write out our data
ssl_sock.write( theNotification )
# Close the connection -- apple would prefer that we keep
# a connection open and push data as needed.
ssl_sock.close()
Hopefully this would work for you.
I want to use wamp as my development server and I'm trying to send email via my email => gmail, hotmail, yahoo. I'm trying to implement a simple email php application.
Is it possible to do it in wamp?
Is it possible to do it without changing php.ini and instead use ini_set();
I have tried changing my php.ini
using my yahoo mail
SMTP = smtp.mail.yahoo.com
; http://php.net/smtp-port
smtp_port = 587
auth_user = me#yahoo.com
auth_pass = password
and got this error message "Warning: mail() [function.mail]: SMTP server response: 530 authentication required - for help go to http://help.yahoo.com/help/us/mail/pop/pop-11.html in C:\wamp\www\9dot_disc_alt\abc.php on line 12"
using gmail
SMTP = smtp.gmail.com
; http://php.net/smtp-port
smtp_port = 587
auth_user = me#gmail.com
auth_pass = password
SMTP server response: 530 5.7.0 Must issue a STARTTLS command first. pc6sm6631754pbc.47 in C:\wamp\www\9dot_disc_alt\abc.php on line 12
Here's my current code:
$to = "me#yahoo.com";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "me#my.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
Sir/Ma'am your answers would be of great help and be very much appreciated. Thank you++
When you use wamp, your SMTP must be your FAI, for example if you have free :
=>SMTP = smtp.free.fr (or .com)
EDIT : You can try this : http://glob.com.au/sendmail/, i's a simple windows console application that emulates sendmail's for wamp for example ;)
I found an online article that allows me to send emails using wamp + php mailer
http://nikunj-solutions.blogspot.com/2011/08/send-email-using-wamp-server.html