403 Forbidden for access birdseye API

Question

403 Forbidden for access birdseye API

Closed this issue a year ago · 1 comments

Hello,
can u help for 403 Forbidden after i follow IXP Manager & Route Servers form youtube part 4.
the warning exist go to looking glass process API.

Here my lighttpd.conf:

Sample Bird's Eye Lighttpd config - just added a small amount to

the standard Lighttpd configuration.

server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
)

server.document-root = "/srv/birdseye/public"
#server.document-root = "/var/www/html/test"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
server.bind = "103.190.220.1"
#fastcgi.debug = 1
dir-listing.activate = "enable"

index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )

default listening port for IPv6 falls back to the IPv4 port

Use ipv6 if available

#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
#include shell "/etc/lighttpd/conf-enabled/10-fastcgi.conf"

url.redirect = ()
url.rewrite-once = (
"^/(css|img|js|fonts)/..(jpg|jpeg|gif|png|swf|avi|mpg|mpeg|mp3|flv|ico|css|js|woff|ttf)$" => "$0",
"^/(favicon.ico|robots.txt|sitemap.xml)$" => "$0",
"^/test.php$" => "$0",
"^/[^\?](?.*)?$" => "/index.php/$1"
)

this my birdseye-rs1-ipv4.env file:

Bird's Eye - see https://github.com/inex/birdseye

Values that are commented show their default setting.

To query Bird securely, we use a wrapper script

BIRDC="/usr/bin/sudo /path/to/birdseye/bin/birdc -6 -s /path/to/bird/socket"

BIRDC="/usr/bin/sudo /srv/birdseye/bin/birdc -2 -s /var/run/bird/bird-rs1-ipv4.ctl"

We use caching as a natural API -> birdc rate limiter

Changing to 'array' will disable the cache but this is strongly discouraged

[this is Memcache for 127.0.0.1:11211 by default]

CACHE_DRIVER=file

A cache key is required only if relying on a default .env configuration.

If you're relying on the automated configuration discovery detailed at:

https://github.com/inex/birdseye#configuration

then this is set automatically and appropriatly.

BIRDSEYE_CACHE_KEY="SomeCacheKey"

Set to true for testing / debugging.

This will provide stack dumps and reveal internal logic / configuration.

It also added "env" and "cache_disabled" to the api section of responses.

APP_DEBUG=false

For testing, we have including some real Bird IPv4 dumps.

Setting to true makes Bird's Eye use those rather than querying a local Bird daemon

USE_BIRD_DUMMY=false

Time (in monutes - Lumen restriction) to store cache objects for:

CACHE_SHOW_STATUS=1

CACHE_SHOW_SYMBOLS=5

CACHE_PROTOCOLS=2

CACHE_ROUTES=5

Maximum routes that will be sent back in an API query. We have not created pagination yet so this will be

a hard limit. The looking glass implementation does not add links for tables / protocols exceeding this.

Aborts with a 403 when a table/protocol route list has more than this. Uses 'show route ... count' internally.

MAX_ROUTES=1000

Maximum API requests per client per minute

THROTTLE_PER_MIN=20

This micro server also includes a built in looking glass which can be enabled by setting this to true

The loogking glass is really just to deomostrate the API and uses the same API calls internally as

are publically available. If enabled, it's available under /lg

LOOKING_GLASS_ENABLED=true
IXP_FE_FRONTEND_DISABLED_FILTERED_PREFIXES=false

Page title for looking glass [note: {!VERSION!} will be replaced with the actual version]

LOOKING_GLASS_TITLE="Bird's Eye Looking Glass - API V{!VERSION!}"

The LG displays the BGP protocol description. These can sometimes be internal

machine generated / unwieldy strings. If you want to pluck out just a bit of

this you can set a regex here and, when valid and matches against the description,

it plucks the first subpattern match (i.e. (xxx) ) and sets that in

the API response as description_short. The frontend LG will also prefer this if set.

Note that the system adds anchors and Bird output matching so the evaluated regex is:

'/^\s+Description:\s+' . env( 'PARSER_PROTOCOL_BGP_DESCRIPTION' ) . '$/'

E.g. to pluck 'ppp-rb01' out of 'RR Client - ppp-rb01', you might use:

PARSER_PROTOCOL_BGP_DESCRIPTION=".*\s+([a-zA-Z0-9-_]+)"

#PARSER_PROTOCOL_BGP_DESCRIPTION=""

Answer 1 · 2023-12-03T18:35:28.000Z

Looks like this problem has been resolved on your installation.

Support is documented at https://www.ixpmanager.org/support. We use Github Issue tracker only for bugs.