I am trying to access the endpoint and WSDL for QAComplete on company premises using the company server url. Unfortunately I am receiving a url error. Please see the example below, have I missed something obvious?
Example:
Endpoint: http://yourserver/psws/psws.asmx
Company server:
Endpoint: http://app2.qacomplete.smartbear.com/Common/psws/psws.asmx
Best regards,
AmiK
Answered my own query. Was using the wrong URL.
Correct REST API address for SaaS clients is https://qacomplete.smartbear.com/rest-api/service
Related
to give some context I am for the first time trying to participate in a BugBounty program and I found out which cloudfront URL is serving content to a website and the content being served is in json format.
Each time I try to access the information through the url of the website I get the next message:
{"error":"You need to sign in or sign up before continuing."}
If I try to access the Cloudfront url(xxxxxxx.cloudfront.net) I get:
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront) and a request id
I would like to know if somebody know a good article that explains how to bypass those 403 or 401 messages and obtain the JSON output
Thank you very much for all the information provided in advance.
I am trying to log into my WSO2 management console. It is containerized and hosted in an AWS EC2 instance. I can navigate to the console login page, but when I try to login I get a 403 Forbidden message.
Navigation to login page is okay
Forbidden error
I know that the cause of this issue is that my login page is not posting the X-CSRF-Token.
Example of the form data posted in my "bad" request:
The console of my WSO2 instance prints an error like this:
WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:IP_ADDRESS, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)
Example of the form data posted in a "good" request in a local WSO2 instance:
What I have tried:
I have tried turning compression "off" as suggested by this post: wso2 api manger carbon page gives 403 Forbidden
I am not using JDK 1.8.0_151 which is labeled as a version with a bug.
I am able to circumvent the issue if I disable the csrfguard in Owasp.CsrfGuard.Carbon.properties but this is a security risk.
I have sticky sessions enabled
Any ideas on why the posting to the login_action.jsp page would return a 403?
EDIT
I failed to mention in the post that I am using TLS termination with an AWS load balancer. I am almost certain that my issue has something to do with that. This line from my console output details what my error is:
Referer domain https:LOAD_BALANCER_URL/carbon/admin/login.jsp does not match request domain: http://LOAD_BALANCER_URL/carbon/admin/js/csrfPrevention.js
You can see that the referer is using https but the request is using http. I believe that I want the request domain to be https, but I'm not sure how to do that. I think that the first page is making a call to login.jsp with https and the login.jsp page is making a call to the csrfPrevention.js page but changing the protocol to http.
Please refer the OS and JDK incompatibilities matrix and make sure you are not using one of these OS JDK pairs.
Do you have a load balancer fronting your Identity Server? If so, please verify that you have enabled sticky sessions in your LB. You can find sample NGINX the configurations in the guide - docs.wso2.com/display/CLUSTER44x/Configuring+NGINX
Lower the version of java JDK to 1.8.0_144.If it's not worked go to this location
wso2Servers/wso2is-5.5.0/repository/conf/security .
There is a file name Owasp.CsrfGuard.Carbon.properties.
In that file, there is a line
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
set this to
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = false
This worked for me.
I've been using WSO2 API Manager 1.9.1 for the past month on a static IP and we liked it enough to put it on Azure behind a full qualified domain name. As we are still only using for internal purposes, we shut the VM down during off hours to save money. Our Azure setup does not guarantee the same IP address each time the VM restarts. The FQDN allows us to always reach https://api.mydomain.com regardless of what happens with the VM IP.
I updated the appropriate config files to the FQDN and everything seems to be working well. However! The one issue I have and cannot seem to resolve is calling APIs from the API consoloe. No matter what I do, I get a response as below
Response Body
no content
Response Code
0
Response Headers
{
"error": "no response from server"
}
Mysteriously, I can successfully make the same calls from command line or SOAPUI. So it's something unique about the API Console. I can't seem to find anything useful in the logs or googling. I do see a recurring error but it's not very clear or even complete (seems to cut off).
[2015-11-17 21:33:21,768] ERROR - AsyncDataPublisher Reconnection failed for
Happy to provide further inputs / info. Any suggestions on root cause or where to look is appreciated. Thanks in advance for your help!
Edit#1 - adding screenshots from chrome
The API Console may not be giving you response due to following issues
If you are using https, you have to type the gateway url in browser and accept it before invoke the API from the API Console (This case there is no signed certificate in the gateway)
CORS issue which may due to your domain is not in access allow origins response of Options call
If you create a API which having https backend. You have to import endpoint SSL certificate to client-trustore.jks
I have created a new project using the template 'Building a SOAP WebService Test Plan' in jmeter (followed the steps in the tutorial from the apache jmeter website to set this up). The responses aren't being accepted and in the results log I am seeing the message:
1446205258738,20995,Soap Request,Non HTTP response code: org.apache.http.conn.HttpHostConnectException,Non HTTP response message: Connection to http://(server name).com refused,Number of Users 1-10,text,false,2273,1,1,0
It's making the connection to http rather than https which I think is why the connection is not being made. Is there anyway to change this? I've tried using the different implementations in the soap request but this hasn't worked, currently using HttpClient4.
Please see the http request details
HTTP REQUEST DETAILS
As per #Rage answer (who should answer in response not comment , I'll be happy to remove my answer if he does), just change :
Protocol [http] value to https
See:
As per your last comment, you modified to https and now you face another issue , getting a 404.
So most probably your Path or Server Name or IP are wrong, as the hoster or developer for the correct connection informations.
I know it is not the current ways of doing things but...
How do I pass a http parameter to a WSDL URL?
I tried to attach it to the end of the query String like
"http://host:port/serviceA/methodA?wsdl¶meterName=value"
but the webservice refuse to read it.
What is the correct way of doing it?
I am no authority, but I am working with a web service (SOAP) at the moment - SOAP services seem to expect an XML Document, delivered as a POST.
Try doing a HTTP POST instead of a GET:
curl -d parameterName=value "http://host:port/serviceA/methodA?wsdl"
I solved this question by changing the endpoint URL. (not the WSDL URL)
Thanks for you reponses.