IP address is not allowed for this token on API CALL - linux

please bear with me, I am a newbie in integrating APIs and so I am encountering some issues that need help from experts. I am working on API that has only the server IP address whitelisted to access resources on it. However, I am working from my local PC in doing the integration. Now when I try accessing the API from the localhost, it tells me that my PC's IP address is not allowed for the token I am using. I have tried to do some google search on how to use the server's IP address from my PC and I have come across something called PORT FORWARDING. I have tried to figure out what it is but I am getting some difficulties setting it up on my PC. Could someone help me with any alternatives to making requests using my server's address from my PC? If not, I will appreciate it if someone could explain to me what port-forwarding is in layman's language and if possible through a reference. Thank you in advance. I am on Linux-mint

To make a request with your server's IP address, the request has to at least pass through your server. Setting up an temporary SSH "port forward" is the easiest way to do it. The following command opens an SSH session with your server machine, and for the duration of the session the ssh client will listen for connections on TCP port 8443 on your dev machine and the server will forward them to somewebsite.net:443.
ssh -L 8443:somewebsite.net:443 your.server.name
If you now send a request to https://localhost:8443 from Postman, SSH will tunnel the request to your server. The server will communicate with somewebsite.net on your behalf, and the request will have your server's IP address.
See longer discussion of this feature for example at:
https://www.ssh.com/ssh/tunneling/example
https://phoenixnap.com/kb/ssh-port-forwarding
This style of port forwarding is not without its problems though. You are using HTTPS, which includes protections against a "middle man" intercepting connections like this. You can get around this by disabling certificate verification. Another problem is that somewebsite.net may expect you to set the Host HTTP request header to "somewebsite.net", and it will be set to "your.server.name" instead.

Related

Node server :remote-addr displayed local IP (192.X.X.X) when accessed from python-requests

I have an express server that uses nginx and monitors the X-Forwarded-For header.
The node server has the following lines of code:
app.set('trust proxy', '127.0.0.1');
app.use(morgan(':remote-addr')); // and other info too
Normally, when users make requests, independent of the client (mobile app, scripts, etc.) the IP displayed is the remote one.
Recently, I have observed that someone tried to hack into my server using python-requests/2.22.0 and the remote IP was not his IP address, it was 192.X.X.X. I tried to reproduce this myself by accessing the server from itself, but the remote address (global server IP address) was displayed.
Can you better explain to me how this works and if this is something I should be worried about?
They never accessed your server through Nginx; check the logs. They sent a local connection header directly to the IP:port hosting your server. This could be damaging if your security policies are not set correctly, it could leak site IPs and potentially allow an attacker to have a free path into your server without response back and no limits.
As we get scarier, the user could initiate a BGP hijack and take over the relay points sending users to your server end-points; this is one to YouTube or google more about.
As we finish off, know most hosting companies allow for private networking and do give somewhat of a firewall to use but most users assume this is secure when it actually is not! These private networks connect you to the hundreds->thousands servers in a rack or zone. So if the attacker bought a server next to yours (which would likely be a bot) they could scan the private networks for some fun-time which is against TOS but the hosts don't check this good enough or secure it.
In your case, it sounds like the server is responding to the entire internet and bots are having a go at it; Try setting your Node.js server up as localhost only, at port 443 or whatever and host that through nginx. That way anytime someone inserts your IP or domain name it is forwarded by nginx to the local resource. Someone couldn't just use the IP + Node.js port and play games. If you do this, a user may still send the header with fake IP but it won't result to IP Leak, or anything bad unless that IP had super powers on your site, which no filter on your site should say 192.168.x.x gets ADMIN mode. You can feel confident.

How to expose tornado websocket from local machine

I have built a d3.js dashboard that ties into a tornado websocket. Everything works perfectly locally. I now would like to have the ability to share the websocket with a few friends, nothing production. Is there a way to do this without a big deployment on Heroku or other similar service? I've googled and can't seem to find an answer. Thanks
Not specific to Tornado. This is more of a networking question.
What you want to do is:
Run your server on your computer.
Connect to the internet.
Note down your public IP address.
Give your IP address to your friends.
Certain things you need to take care of:
Run your server on a higher, non-standard port (e.g. 8000 would be good) because ISPs block traffic to port 80 and other standard ports.
The IP address assigned to you by your ISP will most probably be dynamic. That mean, every time you diconnect and reconnect to the internet, your IP address will change.
Turn off your computer's firewall to let in the traffic at whichever port your server is running.
Finally, you'll need to configure port forwarding on your router. What that means is all the incoming HTTP requests will arrive at your router at your public IP address. But your computer where you'll be running your server will have an internal IP address assigned by your router. So, you'll need to forward incoming requests to your computer's internal IP.

node js send html to network rather than only localhost server

I'm using node js trying to send my web-page to my network, I successfully call localhost:port in my computer using express as server, the webpage loads fine trigger my webcam which I used to streaming in the webpage, and then im working to make a simple app in my phone to directly access my server, so my questions:
1.How do I able to access my server from different devices in the same wireless-network? by calling ip + port ?192.168.1.104:9001 ? cause i've tried and it didnt work.
2.I've found https with .pem something like that, is that the answer ? is there also any other way ?
3.maybe any advice before i work to make my web-app to devices? using koa? i don't even really know what is that, but i'm happily take any advices.
EDIT: i've read How could others, on a local network, access my NodeJS app while it's running on my machine?
let's say I simply using random router, so i can't configure my router-port, my server in my pc and my phone join in the same network, trying to access the server in my phone
1.How do I able to access my server from different devices in the same wireless-network?
All you need to do is find your server's IP address in this same wireless-network, and find the Node.js application's port. Then access the following URL in other devices:
http://{server_IP}:{port}
However, there are some points need to check:
Need to check firewall and confirm the port is not blocked, server IP is not blocked by test device, and test device IP is not blocked by server.
Need to check whether there is any Proxy setting in server and test device. If there is any, disable the proxy.
A computer may have many IP addresses at the same time, you need to find the correct one in the same wireless-network. For example, If you install a virtual machine software such as VMware and run a virtual system inside, your real computer will get IP address as 192.168.*.* -- this IP address looks like an intranet IP in wireless-network, but it is not, and can never be accessed by test device.
2.I've found https with .pem something like that, is that the answer?
No, HTTPS has nothing to do with this problem. HTTPS just add security (based on HTTP layer), it does not impact any HTTP connectivity. Actually, to minify the problem, it is better to only use HTTP in your scenario.
There is only one very special case that may bring your problem by HTTPS -- the test machine is configured and will block any non-HTTPS connection for security.
3.maybe any advice before i work to make my web-app to devices? using koa?
My suggestion is: As there is an HTTP connectivity issue, the first step is trying to find the root cause of that issue. Thus, it is better to make a simplest HTTP server using native Node.js, no Koa, no Express. In this way, the complexity of server will be reduced, which makes root cause investigation easier.
After the HTTP connectivity issue is fixed, you can pick up Koa or Express or any other mature Node.js web framework to help the web-app work.
4.let's say I simply using random router, so i can't...
Do you mean your server get dynamic IP address by DHCP? As long as the IP is not blocked by test device, it does not matter.

Accessing a server using VPN connection

I am trying to connect to a university server using a VPN client. I can connect to the client. Also, if I ping the server by name and by IP address, they both work:
ping servername
ping serveripaddress
However, I cannot access the server from the browser if I type:
\servername
\serveripaddress
and also I do not see anything in Network apart from my own computer. I changed my Workgroup to the correct Workgroup, and it still doesn't work.
Also, as my DNS suffix I use the domain name as well as the FQDN, but it doesn't work either.
I restarted after each of these changes, but it didn't help.
I read that when I have a VPN connection working and I am also able to ping the server to which I want to connect, it is most probably DNS resolution problem. But I do not know anymore what to do (I checked and tried the correct DNS suffixes).
Do you know what should I do more? I am using Windows 7.
Thank you.
It sounds like you're trying to use UNC pathing. Assuming that you're getting your network settings from DHCP, are you getting a WINS server?

Access private http server

I built a Nodejs HTTP server. It's running on localhost:3000.
From outside the Local Area Network, how does one make a request to the private HTTP server? Messing with the router manually is not an option; process should be automated.
I've looked at various techniques - and I'm confused:
Mapping the localhost port to the external ip address (node-nat-pmp)
HTTP tunneling (node-tunnel)
SOCKS (shadowsocks-nodejs)
CONNECT method in request header
It seems that everything is built for a client tunneling out through a firewall, I want to tunnel a request in through the firewall and to a private server. Or just run the localhost port on the external ip.
Any help would be appreciated. Confused.
If you need to access an internal service from outside of your network, you typically have two options:
Configure Port Forwarding on your router - You mentioned this isn't a possibility
Use UPnP to ask your router to open a port for you - This is often disabled as it is a security risk, but if not, look into https://github.com/TooTallNate/node-nat-pmp

Resources