Troubleshooting: IP Access for Actions or Notifiers

Last Updated: 2021-01-01

Affects:

  • Kafka™ version(s) 1.17+

  • Zookeeper™ version(s) 1.17+

Condition or Error

When using actions and or notifiers with Humio, the services are unable to access or connect to the Humio service or retrieve any data.

  • Integrations are unable to communicate with Humio

  • Access to streaming queries is unavailable

  • Some services are unable to access actions or webhooks

  • HTTP Error code 400: Validation Errors: properties.url - The target IP address is banned via the alert access-control list. is received when accessing automations

Causes

  • In Humio 1.17 and higher there is an internal access control list (ACL) that restricts which hosts can connect to Humio. You can alter this configuration by editing the IP_FILTER_ACTIONS or IP_FILTER_NOTIFIERS setting.

    Alternatively, if the setting has been configured but you still get issues with rejected queries, you should check the format and structure of the setting.

    The default configurations denies access from a range of different IP addresses, including localhost, local IP ranges (e.g. 192.168.0.0/16), and localhost. See IP_FILTER_NOTIFIERS for a full list.

Solutions

  • Check the IP_FILTER_ACTIONS setting. The setting is in the form of an list of IP addresses or networks qualified by a corresponding allow or deny keyword.

    For example, to allow a single IP address but continue to deny the standard IP list:

    ini files
    IP_FILTER_ACTIONS="allow 192.168.0.116/32; deny all"

    To allow the same IP address but deny any other IP:

    ini files
    IP_FILTER_ACTIONS="allow 192.168.0.116/32; deny all"

    When configuring the settings:

    • Settings must be made as a an IP address; DNS lookups are not performed

    • Enclose the setting within double quotes to ensure the entire rest of the line is used for the configuration

    • Use CIDR notation to include the IP address and netmask

    • It is best practice to allow only the specific addresses or trusted networks you need and retain the denied IPs for security