Re: Invalid or expired request ID error from the Self-Service Portal

[Tarik Rachdani]

Hello,

Can you send logs (webadm.log) regarding this operation (registering OTP-token by scanning QR-code from self-service) ?

Regards,

On Wednesday, 14 September 2022 at 12:34:16 UTC+2 utelb...@gmail.com wrote:

Hello!

Sometimes we monitor such reponse from the self-service portal, while user is registering their OTP-token by scanning QR-code.
THis respone is shown while users switching tabs inside self-service portal or when he enter his OTP code to confirm the token registration.

How we can fix this?

Many thanks

[Tarik Rachdani]

Hello,

It seems those source IP are not authorized in your network: 192.29.181.77 /  192.29.183.16  /  147.154.238.15 

Please verify your firewalls or your routing system.

Regards,

On Wednesday, 14 September 2022 at 13:33:51 UTC+2 utelb...@gmail.com wrote:

of course, i've attached logs and screenshot of logs from WebApp logs(web adm web gui)

THe issue occured when user   amassimina tried to register his OTP token

THanks in advance

среда, 14 сентября 2022 г. в 17:10:56 UTC+6, ta...@rcdevs.com:

[Tarik Rachdani]

Hello,

Did u configure: Allowed IP Addresses in Self-Service Portal?

Regards,

On Wednesday, 14 September 2022 at 15:16:38 UTC+2 utelb...@gmail.com wrote:

Hello,

Yes, this page is behind WAF firewall .,but these external networks are allowed there and routes are configured properly.

Also i mentioned this type of log. It seems like that SelfReg itself blocks this request.

How we can disable ip spoofing protection for the self-service application?

[2022-09-13 10:56:07] [waproxy_srv:47940] [SelfReg] Source IP spoofing detected (untrusted IP 192.29.61.78)

среда, 14 сентября 2022 г. в 18:49:06 UTC+6, ta...@rcdevs.com:

[Yoann Traut (RCDevs)]

Hello, 

You said that Selfreg is published through a WAF. Are you using our WAProxy component or another reverse proxy ? 

How many WebADM servers are you running ? 

Can you provide the following settings and values from your /opt/webadm/conf/webadm.conf file : 

waproxy_proxies

waproxy_pubaddr

reverse_proxies

Regards

[Yoann Traut (RCDevs)]

Hello, 

Does the WAF is our WAProxy component or another reverse proxy ? 

 

Regards 

Le jeudi 15 septembre 2022 à 14:44:56 UTC+2, utelb...@gmail.com a écrit :

Hello,

We are using WAF in front of self-service portal page via CNAME record. It works this way:

Client -> WAF PUBLIC CIDR BLOCK IP -> ss.dnapayments.com

We are using one WebADm server.

Below are requested settings:

waproxy_proxies "prv_ip_of_the_waproxy"
waproxy_pubaddr "ss.dnapayments.com"

#reverse_proxies "192.168.0.100", "192.168.0.101" (commented,not in use)

четверг, 15 сентября 2022 г. в 13:51:35 UTC+6, Yoann Traut (RCDevs):

[Yoann Traut (RCDevs)]

Hello, 

Replace the  the following setting : 

waproxy_proxies "prv_ip_of_the_waproxy"

by

 

reverse_proxy "prv_ip_of_the_waproxy"

Restart WebADM services and try again. 

Regards

Le dimanche 18 septembre 2022 à 18:42:08 UTC+2, utelb...@gmail.com a écrit :

Hello, 

WAF acts as a reverse proxy

Thanks for your help

пятница, 16 сентября 2022 г. в 13:56:42 UTC+6, Yoann Traut (RCDevs):

[Yoann Traut (RCDevs)]

Sorry : 

reverse_proxies "prv_ip_of_the_waproxy"