AWS-ELB -> GEOIP -> MAXMIND -> Laravel - amazon-web-services

Were trying to serve people from multiple countries the right language on our Website. We have added GeoIP in Laravel and also the maxmind package.
Whatever we try we get everytime issues as Error 500:
The IP address '10.2.1.211' is a reserved IP address
We first tried to make in apache a redirect X_FORWARDED_FOR but it isn't working still.
Can someone assist us and tell us exactly how to solve it?
Our Envoirements:
AWS: Cloundfront, ELB, Ec2, Laravel 5.5, Maxmind (for GeoIP)

It would appear that you can configure Cloudfront to provide an http header CloudFront-Viewer-Country which will contain the ISO country code for your visitor. This will be faster and simpler to use than Maxmind.
e.g. $visitorCountryCode = isset($_SERVER['CloudFront-Viewer-Country']) ? $_SERVER['CloudFront-Viewer-Country'] : '';
Is your error 500 is during testing only? If testing with devices directly connected to your site/intranet then try accessing via a browser connected through an Internet Service provider instead (a "direct" or intranet connection could well have a "reserved" IP address).

You should be able to get the public IP address of traffics from X_FORWARDED_FOR variable.
https://aws.amazon.com/premiumsupport/knowledge-center/log-client-ip-load-balancer-apache/
You should print out the variable from Apache and see if you could receive the value correctly. Anything with 10.x is a private address.

Related

FusionPBX Creating SIP trunk or Gateway

I have created fusionpbx instance using aws. Able to do internal calls between two extensions created. Now i would like to make external call to VOIP server when a particular extension is dialed. To do this i understand that we need to create a sip trunk between two machines i.e fusionpbx server and Voip server.
As of now i created a gateway without using username and password and added external Voip server ip address in CIDR block. But still cant start the gateway and it just refreshes page. No host name is given while configuring.
I have referred many documents available over internet but couldn't find any proper reference. Appreciate if anyone can help me here.
Finally figured this out, i am posting here so that it may help for someone facing same issue.
By changing config key Profile value from external to internal resolved this issue for me.
Key points here to note while configuring gateway is, keep Register to false and if it kept false then don't give any username and password, leave those fields blank. Configure proxy address as shown in below reference and don't forget to add and allow access control (CIDR is your voip server address) under advanced settings of fusionpbx.
Here is the screenshot of gateway configuration for reference.

Google: Permission denied to generate login hint for target domain NOT on localhost

I am trying to create a Google sign-in and getting the error:
Permission denied to generate login hint for target domain
Before you mark this a duplicate, this is not the same as the question asked at Google sign in website Error : Permission denied to generate login hint for target domain because in that case the questioner was on localhost, whereas I am getting this error on the server.
Specifically, I have included the url of the server in the Authorized Javascript Origins, as in the following image:
and when I get the error, the request shows that the same url was sent, as in the following image:
Is there something else I should be putting in my Restrictions page? Is there any way to figure out what is going on here? Is there a log at the developer console that can tell me what is happening?
Okay, I figured this out. I was using an IP address (as in "http://175.132.64.120") for the redirect uri, as this was a test site on the live server, and Google only accepts actual urls (as in "http://mycompany.com" or "http://localhost") as redirect uris.
Which, you know, THEY COULD HAVE SAID SOMEWHERE IN THE DOCUMENTATION, but whatever.
I know this is an old question, but it's the first result when you look for the problem via Google, so I'll share my solution with you guys.
When deploying Google OAuth service in a private network, namely some IP that can't be accessed via the Internet, you should use a magic DNS service, like xip.io that will give you an URL that your browser will resolve to your internal IP. You see, Google needs to be able to reach your authorized origin via your browser, that's why setting localhost works if you're serving it on your computer, but it won't work when you're deploying outside the Internet, as in a VPN, intranet, or with a tunnel.
So, the steps:
get your IP address, the one you're deploying at and it's not a public domain, let's say it's 10.0.0.1 as an example.
add http://10.0.0.1.xip.io to your Authorized Javascript Origins on the Google Developer Console.
open your site by visiting http://10.0.0.1.xip.io
clear your cache for the site, if necessary.
Log in with Google, and voilĂ .
I got to this solution using this answer in another question.
If you are using http://127.0.0.1/projects/testplateform, change it into http://localhost/projects/testplateform, it will work just fine.
If you testing in your machine (locally). then dont use the IP address (i.e. http://127.0.0.1:8888) in the Client ID configuration , but use the local host instead and it should work
Example: http://localhost:8888
To allow ip address to be used as valid javascript origin, first add an entry in your /etc/hosts file
10.0.0.1 mydevserver.com
and then add this domain mydeveserver.com in Authorized Javascript Origins. If you are using some nonstandard port, then specify it with your domain in Authorized Javascript Origins.
Note: Remove your cache and it will work.
Just ran across this same issue on an external test server, without a DNS entry yet. If you have permission on your local machine just edit your /etc/hosts file:
175.132.64.120 www.jimboweb.com
And use use http://www.jimboweb.com as an authorized domain.
I have a server in private net, ip 172.16.X.X
The problem was solved with app port ssh-forwarding to my localhost port.
Now I am able to use deployed app with google oauth browsing to localhost.
ssh -N -L8081:localhost:8080 ${user}#${host}
I also add localhost:8081 to "Authorized URI redirect" and "Authorized JavaScript sources" in console.developers.google.com:
google developers console
After battling with it for a few hours, I found out that my config in the Google Cloud console was all correct and similar to the answers provided. Due to caching issues or something, I had to recreate a OAuth Client ID and then it suddenly started working.
Its a pretty old issue, but I encountered it and there wasn't any helpful resource, as such I am posting my solution.
For me the issue was when I hosted my web-app locally, a using google-auth for logging in.
The URL I was trying to hit was :- http://127.0.0.1:8000/master
I just changed from IP to http://localhost:8000/master/
And it worked. I was able to log in to the website using Google Auth.
Hope this helps someone someday.
install xampp and run apache server,
put your files (index and co) in a folder in the xampp dir (c:\xampp\htdocs\yourfolder).
Type this in your browser url - http://localhost/yourfolder/index.html

How to design a web service exclusively for multiple LANs?

Lets say I have three independent LANs and a central server somewhere. I want to offer a service exclusively to users on those LANs (via internet ofc). And a slightly different service to different LANs: users on LAN "A" should recieve content "A" and only "A". Can this be achieved by some sort of IP filtering on the server side (like checking the source address) and how secure is that? Or with RSA (or something) keys: can a router (on a LAN) be configured so it can communicate with the server in a secure way?
Basically I want my server to only be visible for users that connect to internet through certain routers (LANs), and for each LAN offer a slightly different service.
I would greatly appreaciate any advice on how to achieve this, since I'm not an expert :)
Also I hope that this kind of a question is ok to ask here, since it is not strictly a programming one.
Regards, Petar
I will try to answer this
Basically I want my server to only be visible for users that connect
to internet through certain routers (LANs)
As far as I know, once you make your server public (set public/live IP & register yout domain), it will be visible on the web for anyone who know your web address.
But you can give a "limitation" like who will be able to see your private content. Here is my simple steps :
You need to know the public address of the 3 "green" router which will be allowed to see your private content.
Use this php function $_SERVER['REMOTE_ADDR'] to check your incoming (client) ip address.
If the client's IP address is listed as one of your "green" router's IP address, then display your content, and if not the display a page that says "You are not allowed to this page" or something like that.
So for conclusion..
Can this be achieved by some sort of IP filtering on the server side
(like checking the source address)
Yes it can by doing the steps above.
I hope this can help you.

WSO2 API Manager - Displaying correct IP in UI

Have installed the API manager 1.4.0 on a single machine and got everything running. However have found the IP address shown within the management console and store sites are incorrect. For instance in the mgnt console home page the 'Host' and 'Server URL', also on an api's page in the store (both the URLs provides in the overview and the ip used in the 'try it' feature).
Looking into this it seems my network adapter is supplying a privately accessible ip, instead of public (this cannot be changed). This value is then propagated around the API manager on startup between components but also to provide links to access the services externally.
Have looked into the configuration and changed some values, however cannot get all IP's in the UI to display correct. Settings I've changed include..
repository\conf\carbon.xml HostName, MgtHostName, ServerURL
repository\conf\api-manager.xml APIGateway-->APIEndpointURL (also updated APIKeyManager-->ThriftServerHost)
Is there any way to solve this? In particular, is there a way to set an IP that will be published for external access without changing any configuration used for communications within the host?
Instead of an IP address, I would use a domain name, and add it first to your hosts file like:
192.168.1.2 apimanager.example.net
Then edit some carbon.xml parameters to look like:
<HostName>apimanager.example.net</HostName>
<MgtHostName>apimanager.example.net</MgtHostName>
<ServerURL>https://apimanager.example.net:${carbon.management.port}${carbon.context}/services/</ServerURL>

Connecting a DD-WRT router to a Squid proxy running on AWS

I am trying to get a Linksys router with the latest DD-WRT (v24-sp2) in my house connected, via Comcast, to an external Squid (v3) proxy that I am running on AWS. When I connect over the WiFi to the DD-WRT router, it connects to the Squid proxy, but I get the nasty message (abbreviated here to show relevant part):
While trying to retrieve the URL: /
Note the backlash. I get this when I go to a root domain, like www.cnn.com. If I go to a page under a site, like www.cnn.com/today (fake link used for example only), that returns and error like:
While trying to retrieve the URL: /today
Again, notice the "/today", as if the root domain has been removed, and the string to the right of the domain name is being searched on.
For some background, I have installed Squid as generally as possible, and have done it on two servers with the same results. I get this same error no matter what domain I go to. Also, if I switch my network on my Mac to use this Squid proxy, it works fine. Only the connections from the DD-WRT give this error.
I have tried the instructions on the DD-WRT site with no luck. Others seem to have gotten this working well, so I assume I am making a configuration mistake.
Any clues for me? TIA...