Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Webhook squid 403 error

6elkir
6elkir January 12, 2023

Hello! We have a strange problem in production: there are several sites, each with its own bitbucket webhook processing script. We create a standard webhook of the form https://site.com/?token=1234 on some sites Bitbucket quietly throws a request and the script works out. but there are several to which bitbucket cannot send a request and instead we get an error in its logs "Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect." while the site settings are identical to those to which the request comes. There is no authorization, https validation in the hook settings is disabled and the window goes through the webhook url through the browser. But the request does not go from the bucket dying to squid 403. Tell me where to dig?

Answer
Watch
Like Be the first to like this
1594 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2023

Hi @6elkir and welcome to the community.

Is the webhook URL accessible from the internet or only from your network?

The IP addresses listed on the page below (in Outgoing Connections) are used for webhooks delivery and need to be whitelisted:

The issue most likely has to do with access control policies, proxy configuration, or firewall rules.

Kind regards,
Theodora

View More Comments
6elkir
6elkir January 13, 2023

the hook is public. deployed on 16 different sites, all sites on 1 server (differences only in the domain name). does not allow for some. moreover, the error is from the side of the internal bitbucket squid server, judging by the text

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2023

Hi @6elkir,

Could you please provide the following info so I can check logs from our side:

  • The last 2 letters of the workspace-id and the last 2 letters of the repo name, for a repo where the webhook doesn't work
  • The last 2 letters of the workspace-id and the last 2 letters of the repo name for a repo where the webhook works
  • Is this the only webhook manually added to these repos, or do you have multiple ones?
  • A timeframe of failed events for the webhook that fails, and of successful events for the webhook that succeeds, so I can narrow down the search

Kind regards,
Theodora

Like
6elkir
6elkir January 16, 2023

1) *ond******team -> yii2 -> ******72 | tam*****zal.ru | test*****y.ru
2) *ond******team -> yii2 -> e****24.ru
3) one|two (if have test site) hooks per repo
4) last week. there were no errors on the working projects, and where there were, there was no successful operation. Feeling like bitbucket banned certain addresses and the hook always returns 403 from them

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2023

Hi @6elkir,

Thank you for the info. I checked our logs for the repo whose name ends in yii2, I could find logs only for the webhook tam*****zal.ru and the error message I see for this webhook is

Error while dispatching webhook: Invalid response status code ( 403 ) while calling webhook.Proxy error: ERR_ACCESS_DENIED 0

I tried reproducing the issue from a local system by using a proxy that webhooks use and I see a 403 error there as well. The IP address that the domain resolves to is not blocked from our side.

This error indicates a configuration issue on your end, but we cannot say what exactly is causing it as we don't have access to your infrastructure and configuration.

If you have 16 different webhooks on the same server and some of them work while others don't, I would suggest looking into the configuration you have made for each application and domain.

Kind regards,
Theodora

Like
6elkir
6elkir January 16, 2023

If so, then why do requests from the browser directly and through a proxy from another country go to 403 addresses?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events