HTTP WebSocket Transport 403 on connection upgrade
129 views
Skip to first unread message
Marcin Kowalczyk
Jan 29, 2023, 9:11:11 AM1/29/23
to CGRateS
Hi,
"http": { // HTTP server configuration
"json_rpc_url": "/jsonrpc", // JSON RPC relative URL ("" to disable)
"ws_url": "/websocket", // WebSockets relative URL ("" to disable)
"freeswitch_cdrs_url": "/freeswitch_json", // Freeswitch CDRS relative URL ("" to disable)
"http_cdrs": "/cdr_http", // CDRS relative URL ("" to disable)
"use_basic_auth": false, // use basic authentication
"auth_users": {}, // basic authentication usernames and base64-encoded passwords (eg: { "username1": "cGFzc3dvcmQ=", "username2": "cGFzc3dvcmQy "})
},
For couple od days I'm trying to connect to HTTP endpoint with Websocket connection but CGRateS responds with 403.
I've tried to change listen from 0.0.0.0:2080 to fixed IP but no luck
"http": { // HTTP server configuration
"json_rpc_url": "/jsonrpc", // JSON RPC relative URL ("" to disable)
"ws_url": "/websocket", // WebSockets relative URL ("" to disable)
"freeswitch_cdrs_url": "/freeswitch_json", // Freeswitch CDRS relative URL ("" to disable)
"http_cdrs": "/cdr_http", // CDRS relative URL ("" to disable)
"use_basic_auth": false, // use basic authentication
"auth_users": {}, // basic authentication usernames and base64-encoded passwords (eg: { "username1": "cGFzc3dvcmQ=", "username2": "cGFzc3dvcmQy "})
},
"listen": {
"rpc_json": "0.0.0.0:2012", // RPC JSON listening address
"rpc_gob": "0.0.0.0:2013", // RPC GOB listening address
"http": "172.16.0.125:2080", // HTTP listening address
"rpc_json_tls" : "", // RPC JSON TLS listening address
"rpc_gob_tls": "", // RPC GOB TLS listening address
// "http_tls": "127.0.0.1:2280", // HTTP TLS listening address
},
"rpc_json": "0.0.0.0:2012", // RPC JSON listening address
"rpc_gob": "0.0.0.0:2013", // RPC GOB listening address
"http": "172.16.0.125:2080", // HTTP listening address
"rpc_json_tls" : "", // RPC JSON TLS listening address
"rpc_gob_tls": "", // RPC GOB TLS listening address
// "http_tls": "127.0.0.1:2280", // HTTP TLS listening address
},
ngrep on port 2080 shows following
########
T 10.23.255.167:63302 -> 172.16.0.125:2080 [AP] #24
GET /websocket HTTP/1.1.
Sec-WebSocket-Version: 13.
Sec-WebSocket-Key: 1dbfeu8x0KGiUc2dmDBmbw==.
Connection: Upgrade.
Upgrade: websocket.
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits.
Host: 172.16.0.125:2080.
.
##
T 172.16.0.125:2080 -> 10.23.255.167:63302 [AP] #26
HTTP/1.1 403 Forbidden.
.
T 10.23.255.167:63302 -> 172.16.0.125:2080 [AP] #24
GET /websocket HTTP/1.1.
Sec-WebSocket-Version: 13.
Sec-WebSocket-Key: 1dbfeu8x0KGiUc2dmDBmbw==.
Connection: Upgrade.
Upgrade: websocket.
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits.
Host: 172.16.0.125:2080.
.
##
T 172.16.0.125:2080 -> 10.23.255.167:63302 [AP] #26
HTTP/1.1 403 Forbidden.
.
I've found Github issue https://github.com/cgrates/cgrates/issues/3833 but seems it's 0.9.x is affected too. So looks it never worked - or we are doing something wrong?
Cheers
Ionut Boangiu
Jan 30, 2023, 5:41:52 AM1/30/23
to CGRateS
Hi Marcin,
Thank you for the report. We will update you in the github issue thread once we will start looking into it.
Thanks,
Ionuț
Thank you for the report. We will update you in the github issue thread once we will start looking into it.
Thanks,
Ionuț
Ionut Boangiu
Jan 30, 2023, 6:46:33 AM1/30/23
to CGRateS
By the way, could you also tell me why you'd want to use WS instead of standard JSON-RPC? Does it provide anything in addition to the usual TCP socket?
Thanks,
Ionuț
Thanks,
Ionuț
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages