Closed gritty-Kitty closed 7 months ago
Don't know if this means anything... but double-clicking on ANY of the MSIE F12 'graphql' line items (from the output/screenshot above) will display the following...
Reconfigured OpenCTI to use HTTP and same problem exists.
Good morning... despite DISABLING ALL WAF Policies on the Azure Application Gateway the problem persisted with GraphQL 403 Forbidden. Researched how to setup a custom response rule, but could not identify secret sauce.
DISABLING WAF and switching from WAV_v2 to Standard_v2 -has resolved the issue- for allowing OpenCTI to be viewable from the internet on HTTP -and- HTTPS.
This thread can be -closed- as we will not be investigating WAF any further due to deployment pressure.
Thank you.
Prerequisites
Description
Has anyone seen this, and if yes, were you able to resolve? Currently investigating...
In Microsoft Azure, installed OpenCTI v6.0.5 on Ubuntu 22.04 LTS (Azure Marketplace) with Docker CE 25.0.3/Portainer CE 2.19.4, and placed behind an Application Gateway/WAF. OpenCTI configured for HTTPS using Entrust 3rd Party Certificate.
OpenCTI loads with HTTPS behind Application Gateway without issue.
From Internet, OpenCTI does NOT load with HTTPS with GraphQL 403 Forbidden messages. Website is white and appears stuck in frantic continuous loading loop that cannot be stopped in either MSIE or CHROME.
Thank you.
Environment
Microsoft Azure Marketplace Offer = '0001-com-ubuntu-server-jammy' PublisherName = 'Canonical' Skus = '22_04-lts-gen2' Version = 'latest'
OpenCTI 6.0.5 N.B. Attempted to pull 6.0.6, but Portainer/Docker complains it could not find 6.0.6 on 12 March 2024. Forced to back reference docker-compose.yml to 6.0.5. Referenced from... https://github.com/OpenCTI-Platform/docker
Using MSIE and CHROME to access OpenCTI through Azure Application Gateway to backend.
Docker CE 25.0.3 Portainer CE 2.19.4
Reproducible Steps
Steps to create the smallest reproducible scenario:
Use MSIE or CHROME to access site... https://fqdn. Site will attempt to load, redirect to https://fqdn/dashboard, and then hard cycle over and over again with white web page.
N/A
Additional information
Attempted to configure internal docker-compose.yml to utilize https://fsqn of site, but does not resolve. Reverted to using docker-compose.yml and docker-compose.env below.
Found a handful of internet references related to GraphQL 403 Forbidden that all hint towards code changes related to Authenticated requests, but cannot appreciate content or resolution they are describing.
https://github.com/wp-graphql/wp-graphql/issues/262 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
BTW, after many many days of playing with HTTPS with near little examples, finally found the secret sauce. For anyone interested, this is a good place to start.
-=docker-compose.yml (anonymized)=-
version: '3'
version 6.0.6 does not appear to exist, using 6.0.5
services: redis: image: redis:7.2.4 command:
- redis-server config set client-output-buffer-limit "slave 836870912 836870912 0"
restart: always volumes:
Comment-out the line below for a cluster of multiple nodes
Uncomment the line below below for a cluster of multiple nodes
- cluster.name=docker-cluster
https://github.com/OpenCTI-Platform/opencti/issues/6185
healthcheck: test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"] interval: 30s timeout: 30s retries: 3 restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 minio: image: minio/minio:RELEASE.2024-01-16T16-07-38Z volumes:
command: server /data
https://github.com/minio/minio/issues/18373
healthcheck: test: timeout 5s bash -c ':> /dev/tcp/127.0.0.1/9000' || exit 1 interval: 5s retries: 1 start_period: 5s timeout: 5s restart: always rabbitmq: image: rabbitmq:3.13-management environment:
:ro makes the volume read only
/var/lib/docker/volumes/opencti_opencti_https/_data/
volumes: esdata: s3data: redisdata: amqpdata: opencti_https:
-=docker-compose.env (anonymized)=-
OPENCTI_ADMIN_EMAIL=
OPENCTI_ADMIN_PASSWORD=
OPENCTI_ADMIN_TOKEN=
OPENCTI_BASE_URL=https://localhost
OPENCTI_ADMIN_URL=http://opencti:8080
made no difference if used
OPENCTI_BASE_URL=https://fqdn
OPENCTI_ADMIN_URL=https://fqdn
OPENCTI_CA_PATHS=["/certs/Root.crt"] OPENCTI_KEY_PATH=/certs/opencti.key OPENCTI_CRT_PATH=/certs/opencti.crt MINIO_ROOT_USER=opencti MINIO_ROOT_PASSWORD=
RABBITMQ_DEFAULT_USER=opencti
RABBITMQ_DEFAULT_PASS=
CONNECTOR_EXPORT_FILE_STIX_ID=
CONNECTOR_EXPORT_FILE_CSV_ID=
CONNECTOR_EXPORT_FILE_TXT_ID=
CONNECTOR_IMPORT_FILE_STIX_ID=
CONNECTOR_IMPORT_DOCUMENT_ID=
SMTP_HOSTNAME=localhost
ELASTIC_MEMORY_SIZE=6G