Troubleshooting: IP Access for Actions or Notifiers
Affects:
Kafka™ version(s) 1.17+
ZooKeeper™ version(s) 1.17+
Condition or Error
When using actions and or notifiers with LogScale, the services are unable to access or connect to the LogScale service or retrieve any data.
Integrations are unable to communicate with LogScale
Access to streaming queries is unavailable
Some services are unable to access actions or webhooks
HTTP Error code 400: Validation Errors: properties.url - The target IP address is banned via the alert access-control list. is received when accessing automations
Causes
In LogScale 1.17 and higher there is an internal access control list (ACL) that restricts which hosts can connect to LogScale. You can alter this configuration by editing the
IP_FILTER_ACTIONSorIP_FILTER_NOTIFIERSsetting.Alternatively, if the setting has been configured but you still get issues with rejected queries, you should check the format and structure of the setting.
The default configurations denies access from a range of different IP addresses, including localhost, local IP ranges (e.g. 192.168.0.0/16), and localhost. See
IP_FILTER_NOTIFIERSfor a full list.
Solutions
Check the
IP_FILTER_ACTIONSsetting. The setting is in the form of an list of IP addresses or networks qualified by a corresponding allow or deny keyword.For example, to allow a single IP address but continue to deny the standard IP list:
iniIP_FILTER_ACTIONS="allow 192.168.0.116/32; deny all"To allow the same IP address but deny any other IP:
iniIP_FILTER_ACTIONS="allow 192.168.0.116/32; deny all"When configuring the settings:
Settings must be made as a an IP address; DNS lookups are not performed
Enclose the setting within double quotes to ensure the entire rest of the line is used for the configuration
Use CIDR notation to include the IP address and netmask
It is best practice to allow only the specific addresses or trusted networks you need and retain the denied IPs for security