Requests from iOS are being sent filled from the app but received as null on the server and it is random, sometimes the same request is received correct, and sometimes it is received as null, other channels (android and web) are not facing this issue
to note that the front-end connects to a load-balancer (layer 7) that redirects the requests to one of the 3 nodes, and the issue is happening on the 3 nodes, the traffic on the WAF and the load-balancer seems normal, we installed a new SSL certificate in feb, but i don't think it is related
we tried to simulate the case on the dev environment with the same application and the server server (code and infrastructure) and it did not happen
i am stuck here, and unable to identify the reason of such a behavior on production
any suggestions?
Related
Greeetings,
I have the following setup
Application Gateway -- Private Endpoints -- App Services
The application gateway is in its own resource group along with the virtual network in the 1.0.0.0 subnet.
The private endpoints and app services have a resource group per resource. So for me that would be 5 Services plus the main group with the AG.
I created all elements via the Portal.
After setting up the backend pool (for starters just for one service) and using the basic settings on all the elements (listeners, rules) I wanted to connect to the gateway public ip or dns name, however all I receive is a timeout, without any hint whatsoever in the monitoring as to what could cause the problem.
The application gateway does not even register a request.
Does anyone know what could be the cause of this? Could the Public IP be faulty for some reason? I even tried disabling the private endpoint on one of the services for debugging purposes but to no avail, seems like that is not the cause.
Any help is appreciated :)
Connection Timeout means that one or more than one server could not
complete your request within some period and does not receive a timely
response from another one that works as a gateway or proxy i.e; did
not complete within alloted time.
Initially try to reload the page in different browser or even on different devices.Clean the site from spam and cookies.
Please check if any of the below possible causes:
(main cause)REQUEST TIMEOUT : The number of seconds that
the application gateway will wait to receive a response from the
backend pool before it returns a “connection timed out” error
message.
When a user request is received, the application gateway applies the
configured rules to the request and routes it to a back-end pool
instance. It waits for a configurable interval of time for a response
from the back-end instance. By default, this interval is 20 seconds.
Solution: Reference >> Try Setting request-timeout :Application Gateway allows you to configure this setting via the
BackendHttpSetting,
Ex:
New-AzApplicationGatewayBackendHttpSettings -Name 'Setting01' -Port 80 -Protocol Http -CookieBasedAffinity Enabled -RequestTimeout 60
Also see App gateway
-troubleshoot-app-service-redirection-app-service-url.
NOTE: If your connections are getting dropped at less than the request
time out seconds set, then we need to find which connection is
trigged. And may need to Contact azure support
In addition to server timeouts, there are other causes
See if it due to default health check probe:like 1) Back-end VMs or
instances of virtual machine scale set are not responding to the
default health probe. 2) Invalid or improper configuration of custom
health probes. 3) Azure Application Gateway's back-end pool is not
configured or empty.
Troubleshoot problems-with-default-health-probe and custom healtH probe : Application gateway automatically configures a
default health probe using properties of the BackendHttpSetting but
Custom health probes allow additional flexibility to the default
probing behavior where you can configure the probe interval, the URL, the path to test, and how many failed responses to accept
before marking the back-end pool instance as unhealthy.
Also check the app service time outs : see appgw-timeouts and app
service time out setting
Other causes to check
Slow server, Problems with the firewall,network connection
If NSG, UDR or Custom DNS blocking access to backend pool members.
If VMs or instances in virtual machine scale set are healthy.
For those : Check the logs and DNS records and try by disabling the proxy or temporarily disabling the CDN
References:
Azure application gateway throws 502 when application sends 401 -
Stack Overflow
Azure Application Gateway error 502 when using application gateway
-Stack Overflow
I think we just discovered a bug on iOS 9 (version as of Oct 23rd 2015) when using client SSL certs to talk to a backend API. In common with a lot of REST services, our API generates 4xx error codes to communicate status. One of those is a 403 Forbidden error when a client tries to access paths that a specific client ID is not authorized to access. Note that this HTTP error occurs AFTER the client SSL cert has setup a valid connection & and the client ID has been authenticated.
In iOS 9, this sequence will generate an invalid client SSL error:
FAILED: Error Domain=NSURLErrorDomain Code=-1206 "The server “our.server.here” requires a client certificate."
(note: this a followup to my tweet here: https://twitter.com/ckmaresca/status/657576686318256128 - I figured SO is the place most people will search for this)
It took us days to finally figure out but it turns out that this particular error is generated by Apple's new Application Transport Layer security. Specifically, it seems that if you are using client certs and your backend API generates an HTTP 403 error, ATL believes that the cert is bad and kills the entire transaction.
We know this because we can see in our server logs that the request goes through and executes properly. We've also observed that the socket stays alive trough the request and this error only shows up after the response from the server is received. We also know our client cert works since any path not returning a 403 works with zero errors and changing the HTTP error code to 401 makes this problem go away.
This is problematic for a number of reasons, but mostly because HTTP errors are not SSL errors. The two can operate independently and it's perfectly possible to have a 403 error with a valid client side SSL certificate....
The work around is to change all your 403 errors to something else. I would note that a large number of Oauth1/2 servers will generate various 403 errors, so this might be non-trivial. Alternatively, it might be possible to use a reverse proxy to remap HTTP 403 errors to a different HTTP code - we have not tested this.
We have filed a bug with Apple, but I wanted to give people a heads up so maybe they can avoid banging their heads against a wall like we did for a week....
Thanks to the Sherbit.io enginnering team (specifically Varun & Matt) for debugging this.
I would like an iOS app to send data to my web server. For now I issue http get requests like "http://myserver.com?key1=val1&key2=val2" and it works fine
However I would like to secure this a bit so that people don't proxy the requests and send random values to my server.
If I do https, I understand that I generate some private/public keys on the server side, and I have to give those to the app, so that only the app can sign the requests and the server will reject any requests not coming from my app. Is that correct ?
If that's true, is there a way to hide the certificates in the iOS app ? When opening an app on a computer we can see all the files. Could anyone replicate the request with those ?
Thanks
On server side you maintain client app unique identifier and one key(pwd) value while installing app and client also maintain that information.Every time client send request with these parameter and server check this parameter with database.
I'm working on an ASP.NET MVC website, it has been installed on three different servers (the same code version), it works on two of the servers i.e the user can login, but on one server after the user has submitted their username and password, the following server error is displayed in the browser:
Security Exception
System.Security.SecurityException: Token not found
The event viewer for the environment the error is occuring on shows the following two error messages at the point where th euser attempts to login:
Could not init pool.
System.Net.Sockets.SocketException (0x80004005):
A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond (server ip address)
And this error:
Error: System.Security.SecurityException: Token not found
Which is the server error displayed in the browser. This has in the past been resolved by deleting an authentication cookie, but that doesn't work for this error.
I have tried setting the trust level in the web.config to full which didn't work. I have tried restarting IIS.
Has anyone else come accross a similar problem? Could this problem be caused because a service of some kind isn't running? Any suggestions will be appreciated.
Most of the time these are connectivity timeouts due to different IP protocols (IPV4/IPV6) between the two server/computers trying to communicate or extra authentication rules setup on one of the computers for outgoing or incoming connectivity.
Ways to troubleshoot the issue:
Review IIS logs
Review EventLogs
Try adjusting TCP/IP parameters in the registry to increase the time allowed to connect
http://msdn.microsoft.com/en-us/library/aa560610(d=printer,v=bts.20).aspx
Even though the above article references Windows 2003, I've discovered it applies to some 2008 environments.
I was getting 0x80004005 & The requested name is valid, but no data of the requested type was found. My complete error
Check You have proper internet connection are there on your machine or not. And you are able to ping the remote server or not. I solved by checking both.
We were getting this error when one of a third party API hosted on of our server(Azure) was not able to communicate with one of our web services on a different machine(iNetU). Options were to open ports so that these machines could talk or to move the web service to the machine hosting the third party API.
I am trying to write up an HTTP proxy server in node.js, and I have successfully managed to route unsecure HTTP connections through it. But when applications (on my iOS device) use HTTPS for APIs 'n such, it always throws an error, and the attempted HTTPS connection never hits the server. So there are a few explanations of what could possibly be happening:
iOS chooses not to send HTTPS connections over the proxy for security reasons
iOS is looking for an HTTPS connection at the server on a different port, but can't find one
Basically what I am asking is: What does iOS do with HTTPS connections when an HTTP proxy is configured?
Please ask for any details or further questions in the comments. Thanks.