ObtainAuthToken fails with 404 when using local network IP - django

I'm trying to connect an Android device to my ObtainAuthToken endpoint from the django-rest-framework.
If I just call it with http://localhost/api-token-auth it works fine:
[21/Dec/2017 16:04:34] "POST /api-token-auth HTTP/1.1" 400 68
But if I change that to http://192.168.1.4/api-token-auth my dev server throws me a 404, like so:
[21/Dec/2017 16:05:00] "POST /api-token-auth HTTP/1.1" 404 0
I've tried adding my IP number 192.168.1.4 to ALLOWED_HOSTS but no dice. Trying to Google this issue just brings up a bunch of unrelated stuff.
Anyone knows what might be causing this?

I had a similar issue which I resolved by running the Django project on 0.0.0.0 rather than localhost.

Related

What do I put for 'ALLOWED_HOSTS' in django settings when deployed using a proxy server?

I got my React/Django website running on an AWS EC2 instance using Nginx and Supervisor. I'm trying to do a proper deployment rather than just put up my development environment.
When I set DEBUG to False in Django's settings.py, the supervisor logs give me the error "CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False." However, every combination I've tried so far has given me errors. I know that Nginx is essentially sending every request I get through my IP to localhost on the server (right?) so I figured just having 'localhost' would work but that gives me 404 errors when trying to retrieve the static files. Then I tried using my domain (currently just my public DNS from AWS since I haven't connected the domain yet) and that gives me a 400 (Bad Request) error. Using both also gets me a 404. Then I tried the wildcard ('*') since I figure Nginx is handling the traffic anyway but I STILL get a 404.
TL;DR table
ALLOWED_HOSTS value Result
-----------------------------------------------------
['localhost'] 404 (Not Found)
-----------------------------------------------------
['http://....amazonaws.com/'] 400 (Bad Request)
-----------------------------------------------------
['localhost', 404 (Not Found)
'http://....amazonaws.com/']
-----------------------------------------------------
['*'] 404 (Not Found)
-----------------------------------------------------
all three 404 (Not Found)
-----------------------------------------------------
['34.xxx.xx.xx'] 400 (Bad Request)
-----------------------------------------------------
I don't know what else to try. Any direction would be greatly appreciated.

Django hello world page not found on virtual machine OPENSTACK

The problem is that I test the django helloworld on two virtual (ubuntu server) machine.
one's virtual ip is xxx.xxx.xxx.xxx(example 123.4.5.6),
physical ip is yyy.yyy.yyy.yyy(example 9.87.6.5),
another is xxx.xxx.xxx.xxx(example 123.4.5.7)
physical ip is yyy.yyy.yyy.yyy(example 9.87.6.4),
all these are static "virtual ip"
and static ip
The problem is,
while loading the page of the first django helloworld, everything is fine
(these two helloworld are same coded and are independent to each other),
but when I try building the second django helloworld and connect to the server it said
Page not found (404)
Request Method: GET
Request URL: http://9.87.6.4/http:/9.87.6.4/
{'path': 'http://9.87.6.4/'}
You're seeing this error because you have DEBUG = True in your Django
settings file. Change that to False, and Django will display a
standard 404 page.
and the server debugger said
Performing system checks...
System check identified no issues (0 silenced).
November 30, 2017 - 12:13:18
Django version 1.11.7, using settings 'helloworld.settings'
Starting development server at http://123.4.5.7:80/
Quit the server with CONTROL-C.
Not Found: /http:/9.87.6.4:80/
[30/Nov/2017 12:13:19] "GET http://9.87.6.4:80/ HTTP/1.1" 404 1666
Notice that there's an extra http:/9.87.6.4/
in the Request URL
I have tried reinstall the apache2
(but most likely it is not related to apache2 but to the virtual machine I think)
and it still didn't work.
my virtual machine is based on OPENSTACK.
since sometimes the django-debugger even print things like
[30/Nov/2017 12:37:58] "GET http://nova.clouds.archive.ubuntu.com/ubuntu/dists/xenial-updates/multiverse/binary-amd64/Packages HTTP/1.1" 400 61127
Invalid HTTP_HOST header: 'windowbox.me'. You may need to add 'windowbox.me' to ALLOWED_HOSTS.
or
[30/Nov/2017 12:37:58] "GET http://google.com HTTP/1.1" 400 61127
Invalid HTTP_HOST header: 'google.com'. You may need to add 'google.com' to ALLOWED_HOSTS.
when I visit the google page using the physical machine(not the virtual one) after visit the problem virtual machine,
so I am thinking maybe there's some false setup on my second virtual machine.
By the way, if I use lynx from my first virtual machine to visit the helloworld page in the problem virtual machine, EVERYTHING IS FINE. there's no http 404 and no duplicate URL

How do I prevent access to my Jetty server from unwanted URLs

How do I prevent access to my Jetty server from unwanted URLs
10.34.6.67 - - [20/Jan/2015:13:04:05 +0000] "GET /pulse?authon&user=BB493827B64FD8B696FD0B600FA05429&url_heartbeat=1,0,156,156,0&db_conn=1,0,0,0,0 HTTP/1.1" 404 283
In order to determine if a requested URL is valid or not, the connection still needs to occur, and the request still needs to be sent.
The access log line you pasted shows that Jetty returned 404 (not found) for it.
Looks like it did the job with no further effort on your part.

How can I configure http basic auth in a web service accessed through Talend Open Studio?

As an example, I have an About web-service, which only method getVersion return the application version.
I can easily call it through SoapUI :
But, accessing it through a Job in Talend seems impossible.
I tried the simplest one :
Configured with authentication checked and admin/**** as user/password.
however, each time I run my job, it ends with the following error
Démarrage du job About a 14:04 18/10/2013.
[statistics] connecting to socket on port 4025
[statistics] connected
Exception in component tWebService_1
org.apache.ws.commons.schema.XmlSchemaException: Server returned HTTP response code: 401 for URL: http://localhost:8080/digital-express-soap/AboutService?xsd=1
at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:710)
at org.apache.ws.commons.schema.SchemaBuilder.resolveXmlSchema(SchemaBuilder.java:706)
at org.apache.ws.commons.schema.SchemaBuilder.handleImport(SchemaBuilder.java:538)
at org.apache.ws.commons.schema.SchemaBuilder.handleSchemaElementChild(SchemaBuilder.java:1513)
at org.apache.ws.commons.schema.SchemaBuilder.handleXmlSchemaElement(SchemaBuilder.java:659)
at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:540)
at org.talend.webservice.helper.ServiceDiscoveryHelper.getSchemaCollection(ServiceDiscoveryHelper.java:363)
at org.talend.webservice.helper.ServiceDiscoveryHelper.init(ServiceDiscoveryHelper.java:130)
at org.talend.webservice.helper.ServiceDiscoveryHelper.<init>(ServiceDiscoveryHelper.java:90)
at org.talend.webservice.helper.ServiceInvokerHelper.<init>(ServiceInvokerHelper.java:98)
at test_lct.about_0_1.About.tWebService_1Process(About.java:300)
at test_lct.about_0_1.About.runJobInTOS(About.java:559)
at test_lct.about_0_1.About.main(About.java:425)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8080/digital-express-soap/AboutService?xsd=1
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:772)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:235)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:284)
at org.apache.ws.commons.schema.XmlSchemaCollection$2.run(XmlSchemaCollection.java:738)
at org.apache.ws.commons.schema.XmlSchemaCollection$2.run(XmlSchemaCollection.java:737)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.ws.commons.schema.XmlSchemaCollection.parseDoPriv(XmlSchemaCollection.java:736)
at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:705)
... 12 more
[statistics] disconnected
So it appears my server don't accept the provided auth. What is really strange, given that debugging my realm reveals that some authenticated calls are made. However, it also seems the last call is unauthorized. Why ?
EDIT
I did some more tests by enabling HTTP logging in Glassfish, then perform one test for each tool.
Using soapui, I get
"127.0.0.1" "NULL-AUTH-USER" "07/Nov/2013:10:45:51 +0100" "POST /digital-express-soap/AboutService HTTP/1.1" 401 1069
"127.0.0.1" "admin" "07/Nov/2013:10:45:51 +0100" "POST /digital-express-soap/AboutService HTTP/1.1" 200 247
And using Talend Open Studio for Data Integration 5.3.1, I get
"127.0.0.1" "NULL-AUTH-USER" "07/Nov/2013:11:03:27 +0100" "POST /digital-express-soap/AboutService HTTP/1.1" 401 1069
"127.0.0.1" "admin" "07/Nov/2013:11:03:27 +0100" "POST /digital-express-soap/AboutService HTTP/1.1" 200 247
which, as far as I know, is exactly the same. So the order in which queries are made to my server is the same, but the way the client interprets it change.
So my question can now be changed to "why Talend can't interpret correctly the 401 return from server when soapui can, considering both are based upon similar open-source web-services stacks ?"

Can't log in to django

I've just installed my app on a new server to test something out. Setup all went smoothly, app is running fine with a local mysql database behind it which is fully synced up. The only problem is I can't log in.
I've tried logging in via my frontend, and via the admin. For both, if I enter incorrect details it shows an error message. If I enter correct details it doesn't, but still throws me back to the login page.
There is nothing in the logs to suggest what's going on, all I get in a runserver log is something like:
[26/Jun/2013 15:09:31] "POST /account/login/ HTTP/1.0" 302 0
[26/Jun/2013 15:09:31] "GET /dashboard/ HTTP/1.0" 302 0
[26/Jun/2013 15:09:31] "GET /account/login/?next=/dashboard/ HTTP/1.0" 200 2537
I'm clearly logging in ok, being redirected to the dashboard, then bounced straight back to login.
I'm stumped as to where to start looking to debug this problem. The same setup is running fine elsewhere. Can anyone give me any clues as to where to start looking?
You might check the value of SESSION_COOKIE_SECURE. If set to True, the admin login form will simply redirect to itself. Also check that SESSION_COOKIE_DOMAIN is correct. I don't know how many times I've done this inadvertently in development :)