403 error after update to 0.66 and up

grea09 · April 12, 2018, 11:00am

Ehlo,
I tried to update my installation to the version 0.66 but it broke my install. I have an Apache proxy set up with SSL

ServerName example.com
Protocols h2 http/1.1

SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
RequestHeader set Front-End-Https "On"
SSLEngine on
SSLProxyEngine on
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

ProxyPreserveHost On
ProxyRequests Off

ProxyPass /api/websocket ws://localhost:8123/api/websocket
ProxyPassReverse /api/websocket ws://localhost:8123/api/websocket
ProxyPass / http://localhost:8123/
ProxyPassReverse / http://localhost:8123/

RemoteIPHeader X-Forwarded-For

RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)  ws://localhost:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)  http://localhost:8123/$1 [P,L]

When I try to connect I get this

403: Forbidden

Everything worked before. The weirdest thing is that Google assistant still works…

I am at a total loss there. Can somebody help ?

Thanks in advance for your time.

lolouk44 · April 12, 2018, 3:08pm

What can you see in your logs?
Have you checked your config to ensure there is no breaking change?

grea09 · April 12, 2018, 3:12pm

I checked a lot of stuff but it turned out it was because my router got its ip banned. I can access my install now. Sorry for the troubles.

oncleben31 · April 18, 2018, 9:27pm

Same error here. It’s OKay if I login in local without using https. If I use my external URL using https going thru a Reverse Proxy (hosted on Synology) I have following errors:

WebSocket connection to 'wss://XXXXXXXXXXX.fr/api/websocket?latest' failed: Error during 
WebSocket handshake: Unexpected response code: 403
n @ core-79cea8ece91ee5a5dc48f1a8b89b5d1e.js:1
(anonymous) @ core-79cea8ece91ee5a5dc48f1a8b89b5d1e.js:1
(index):1 Uncaught (in promise) 1
Promise.then (async)
validatePassword @ frontend-622a02e67c4395ecfd7ccaeb704f00ad.html:53
(anonymous) @ frontend-622a02e67c4395ecfd7ccaeb704f00ad.html:1
A bad HTTP response code (403) was received when fetching the script.
service_worker.js Failed to load resource: net::ERR_INVALID_RESPONSE

I’ve not touch the Syno and it was working with the previous version: 0.63.3

oncleben31 · April 18, 2018, 11:25pm

LOL it was the same reason but it took a huge time for me to understand the previous answer. The IP of my Synology NAS which act as a reverse proxy was banned by HA. Need to clean ip_bans.yaml file in configuration folder.

Solved