I'm trying to fetch a schedule from a URL by submitting the form values in a POST request. For this purpose, I created a flow in node-red and it worked fine for few weeks. However, now I've started to receive the following security error.
406 Security Incident Detected406 Security Incident DetectedYour request was blocked. Please try again later.XrxWwwzlK-WmpFeEbGejEwAAAEo - www.islamiskaforbundet.se - xxx.xxx.xxx.xxx
Interesting thing is, when I put the parameters in a REST development tool (such as Postman or Open RESTED) and post the request, I get the data without any issues.
Below is the CURL request generated from Postman:
curl -X POST \
https://www.islamiskaforbundet.se/wp-content/plugins/bonetider/Bonetider_Widget.php \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'postman-token: eb701a0e-406e-4851-653f-2b7818c7d455' \
-d 'ifis_bonetider_widget_city=G%C3%B6teborg%2C%20SE&ifis_bonetider_widget_date=2020-05-14'
Upon execution, it fails in terminal.
One could say that the server may have learned my IP address and started to block all incoming requests, but then why the same request would work fine in the above mentioned tools' UI but not in CURL or my node-red flow?
Is there anything I'm missing? or how to avoid this security error?
The server at the other end has a number of ways to identify the which client is making the request, but the most likely one is that it is looking at the User Agent string from the client making the request.
e.g. you can make the curl command work by adding the Firefox User Agent header:
curl -X POST https://www.islamiskaforbundet.se/wp-content/plugins/bonetider/Bonetider_Widget.php \
-A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'ifis_bonetider_widget_city=G%C3%B6teborg%2C%20SE&ifis_bonetider_widget_date=2020-05-14'
(I also removed the postman token)
Also 406 is probably the wrong error for the server to be returning, a better match for the text of the error would be something like 429
Related
I am trying to create mirrors on my GitLab via API and I am able to do that just fine. Problem appears when I try to create a mirror to an address that has URL encoded space "%20" in it.
When I call git lab API with following curl:
curl --request POST --data 'url=https://user:password#remotegit.com/Repo%20Mirror%20Test/_git/Repo%20Mirror%20Test' --data "enabled=true" --header "Authorization: Bearer TOKEN" "https://mygit.com/api/v4/projects/171/remote_mirrors"
I get following response:
{"id":171,"enabled":true,"url":null,"update_status":"none","last_update_at":null,"last_update_started_at":null,"last_successful_update_at":null,"last_error":null,"only_protected_branches":false,"keep_divergent_refs":null}
"url":null does not appear when I use any other address without "%20"
When I do this via UI with the same URL it works just fine. I tried to change " for ' to stop any expansion from happening but no luck. In UI I also looked to Developer tools if there is anything different but string is sent in the same format, unchanged.
GitLab server version: 15.2.2
Any ideas what could cause this problem?
All right the whole URL needed to be encoded, you can do that in "https://www.urlencoder.org" or in my case I needed to use it in Bash script so I installed a package "gridsite-clients" which contains "urlencode" which does basically the same thing. Once the address was encoded all worked as expected. So the final request would look like this:
curl --request POST --data 'url=https%3A%2F%2Fuser%3Apassword%40remotegit.com%2FRepo%2520Mirror%2520Test%2F_git%2FRepo%2520Mirror%2520Test' --data "enabled=true" --header "Authorization: Bearer TOKEN" "https://mygit.com/api/v4/projects/171/remote_mirrors"
I want to get data from ServiceNow via a CURL in Putty via a Proxyserver (Plan is to implement it to a PySpark script later on) and then save the data onto the server.
My Command looks like this:
curl -x <proxyadress:port> -U proxyuser:proxypassword -u '<apiuser:apipassword>' -d status="message" "https:/apiadress" -H 'Accept: application/json'
I get the error message:
{"error":{"message":"Invalid content-type. Supported request media types for this service are: [application/json, application/xml, text/xml]","detail":null},"status":"failure"}
A few days ago I was able to have the data printed into the log but didn't manage to replicate the command ... what's wrong?
Thanks for your help
I would like people to be able to subscribe to my website through Paypal. I've managed to install the Paypal buttons and can now obtain an access token to make "REST API" calls. But I'm failing to get any details of the subscriptions. Here's my cURL code which I run through reqbin.com:
curl -v -X GET https://api-m.paypal.com/v1/payments/billing-plans?page_size=3&status=ALL&page_size=2&page=1&total_required=yes \
-H "Content-Type: application/json" \
-H "Authorization: Bearer A21AAOtUj14g7QOd..............mL2MjJrgPE-Hr5lkaBN4f5Tg8wiErwgWd-sn-1hg6yqRMjtgRg"
curl -v -X GET https://api-m.paypal.com/v1/payments/billing-plans/P-8YD8773..........5UOKQ \
-H "Content-Type: application/json" \
-H "Authorization: Bearer A21AAOtUj14g7QOdj2PKN............6nutDPKmL2MjJrgPE-Hr5lkaBN4f5Tg8wiErwgWd-sn-1hg6yqRMjtgRg"
where you can see I have inserted the details of my access token and my billing plan ID obtained from my Paypal account. The former curl call should return details of my billing plan ID and the latter subscriptions under it. But the billing plan doesn't seem to exist as far as the API-REST goes. Can anyone see what I'm doing wrong?
Thanks.
It seems you are using a deprecated billing-plans API.
The current PayPal Subscriptions APIs are documented here., with a guide here.
I'm working on using Loopback to create a mock service. I need this mock service to authenticate using Bearer Tokens. Something like this:
curl -X GET --header 'Accept: application/json' --header 'Authorization: BEARER ABCDEFG' 'http://localhost:3000/api/Puppies'
At the moment, authentication is handled out of the box using a query string like this:
curl -X GET --header 'Accept: application/json' 'http://localhost:3000/api/Puppies?access_token=ABCDEFG'
Is there a way I can change the default authentication to the former?
In order to authenticate using Bearer tokens, you can use Loopback #loopback/authentication package. If you want to use JWT, you need #loopback/authentication-jwt extension.
I am trying to integrate my Dialogflow agent with Skype. I follow this link https://github.com/dialogflow/dialogflow-nodejs-client/tree/master/samples/skype to customize my bot responses. The webhook is deployed on Heroku. The issue is that I am getting this error "error: chatconnector: receive - no security token sent" always. The below CURL request looks fine
curl -X POST \
https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'postman-token: 2774cb69-14bb-7247-d3bb-7bdda2de0e4c' \
-d 'grant_type=client_credentials&client_id=f6f66a29-f184-48a0-9913-bda96c22be4f&client_secret=bkVCGV20*%25%2BfoicfITP333%40&scope=https%3A%2F%2Fapi.botframework.com%2F.default'
You can test this code and it clearly says there is no issue with Microsoft API regarding authentication. I am really stuck with this. Please help me in solving this.