Troubleshooting: IP Access for Actions or Notifiers
Last Updated: 2021-01-01
Affects:
Kafka™ version(s) 1.17+
Zookeeper™ version(s) 1.17+
Condition or Error
When using actions and or notifiers with Humio, the services are unable to access or connect to the Humio service or retrieve any data.
Integrations are unable to communicate with Humio
Access to streaming queries is unavailable
Some services are unable to access actions or webhooks
HTTP Error code 400: Validation Errors: properties.url - The target IP address is banned via the alert access-control list. is received when accessing automations
Causes
In Humio 1.17 and higher there is an internal access control list (ACL) that restricts which hosts can connect to Humio. You can alter this configuration by editing the IP_FILTER_ACTIONS or IP_FILTER_NOTIFIERS setting.
Alternatively, if the setting has been configured but you still get issues with rejected queries, you should check the format and structure of the setting.
The default configurations denies access from a range of different IP addresses, including localhost, local IP ranges (e.g. 192.168.0.0/16), and localhost. See IP_FILTER_NOTIFIERS for a full list.
Solutions
Check the IP_FILTER_ACTIONS setting. The setting is in the form of an list of IP addresses or networks qualified by a corresponding allow or deny keyword.
For example, to allow a single IP address but continue to deny the standard IP list:
ini filesIP_FILTER_ACTIONS="allow 192.168.0.116/32; deny all"
To allow the same IP address but deny any other IP:
ini filesIP_FILTER_ACTIONS="allow 192.168.0.116/32; deny all"
When configuring the settings:
Settings must be made as a an IP address; DNS lookups are not performed
Enclose the setting within double quotes to ensure the entire rest of the line is used for the configuration
Use CIDR notation to include the IP address and netmask
It is best practice to allow only the specific addresses or trusted networks you need and retain the denied IPs for security