Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,465,022
Community Members
 
Community Events
176
Community Groups

Webhook squid 403 error

Hello! We have a strange problem in production: there are several sites, each with its own bitbucket webhook processing script. We create a standard webhook of the form https://site.com/?token=1234 on some sites Bitbucket quietly throws a request and the script works out. but there are several to which bitbucket cannot send a request and instead we get an error in its logs "Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect." while the site settings are identical to those to which the request comes. There is no authorization, https validation in the hook settings is disabled and the window goes through the webhook url through the browser. But the request does not go from the bucket dying to squid 403. Tell me where to dig?

1 answer

0 votes

Hi @6elkir and welcome to the community.

Is the webhook URL accessible from the internet or only from your network?

The IP addresses listed on the page below (in Outgoing Connections) are used for webhooks delivery and need to be whitelisted:

The issue most likely has to do with access control policies, proxy configuration, or firewall rules.

Kind regards,
Theodora

the hook is public. deployed on 16 different sites, all sites on 1 server (differences only in the domain name). does not allow for some. moreover, the error is from the side of the internal bitbucket squid server, judging by the text

Hi @6elkir,

Could you please provide the following info so I can check logs from our side:

  • The last 2 letters of the workspace-id and the last 2 letters of the repo name, for a repo where the webhook doesn't work
  • The last 2 letters of the workspace-id and the last 2 letters of the repo name for a repo where the webhook works
  • Is this the only webhook manually added to these repos, or do you have multiple ones?
  • A timeframe of failed events for the webhook that fails, and of successful events for the webhook that succeeds, so I can narrow down the search

Kind regards,
Theodora

1) *ond******team -> yii2 -> ******72 | tam*****zal.ru | test*****y.ru
2) *ond******team -> yii2 -> e****24.ru
3) one|two (if have test site) hooks per repo
4) last week. there were no errors on the working projects, and where there were, there was no successful operation. Feeling like bitbucket banned certain addresses and the hook always returns 403 from them

Hi @6elkir,

Thank you for the info. I checked our logs for the repo whose name ends in yii2, I could find logs only for the webhook tam*****zal.ru and the error message I see for this webhook is

Error while dispatching webhook: Invalid response status code ( 403 ) while calling webhook.Proxy error: ERR_ACCESS_DENIED 0

I tried reproducing the issue from a local system by using a proxy that webhooks use and I see a 403 error there as well. The IP address that the domain resolves to is not blocked from our side.

This error indicates a configuration issue on your end, but we cannot say what exactly is causing it as we don't have access to your infrastructure and configuration.

If you have 16 different webhooks on the same server and some of them work while others don't, I would suggest looking into the configuration you have made for each application and domain.

Kind regards,
Theodora

If so, then why do requests from the browser directly and through a proxy from another country go to 403 addresses?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS

Atlassian Community Events