URL notifications trigger stopped working?

Support
1

Curious if url notifications (configured under “Destinations” and selected via “URL” on Triggers) have been disabled?

I noticed mine has not been firing in quite a while (I use it to log my notifications to my own database for historical data). I checked to ensure I’m not blocking hamalert’s ip(s), and even completely disabled CloudFlare, but I still can’t get the url notification to fire – I don’t see anything from hamalert hitting my endpoint at all.

2

From the server log:

Notification to URL https://kc4kqe.org/<redacted> failed: AxiosError: Request failed with status code 403

1 Like
3

Wow, how odd – that must be coming from CloudFlare for some reason (I disabled it briefly for testing, but it’s back on now). Let me see if I can punch a hole in the CloudFlare rules for that endpoint. Can you confirm the source ip? (You can email me directly vs. here if you prefer - kc4kqe at kc4kqe dot org).

Thanks for checking!

4

Source IPs are currently:

65.108.148.220
2a01:4f9:c013:4a8f::1

1 Like
5

Wow, I spent entirely too much time on this today and tonight :sleeping_face: but I got it figured out! :smiley:

Short version: It turns out CloudFlare thinks you are a bot! :robot: :smiley:

Long version:

I confirmed I could completely bypass CF and your connections would come in fine - but as soon as I put CF “between” us (even just to serve as a TLS proxy), you could not connect to me.

So, I figured there must have been a rule somewhere that was blocking your ip or network. I combed all my block lists but couldn’t find anything; so I decided to try whitelisting you to bypass other rules I can’t see.

There are a multitude of ways you can whitelist/bypass CF rules, but only one of them can bypass their bot detection – you have to create an “Account IP Access Rule” (formerly called “Account Firewall Access Rule”). The trick is that those rules are only available via some semi-poorly documented API calls.

Buried deep in the CF docs, they confirm – the “normal” way of creating “Custom Rules” to bypass other security measures and whitelist an IP cannot bypass the bot detection. The only way to whitelist an address to bypass bot detection is via the IP Access Rule.

So, I ended up deleting the tons of other rules, application access policies, custom rules, etc. I had created - and just created an IP Access “allow” rule for 2a01:4f9:c013:4a8f::/64 (and another for 65.108.148.220 for good measure), and poof, alerts work again.

:partying_face: :partying_face: :partying_face:

6

Wow, that sounds like quite a number of hoops you had to jump through! Glad to hear you it figured out :+1:

No thanks to the AI scraping bots for breaking the Internet as we knew it… :neutral_face:

1 Like