-1

This issue may seem more appropriate for stackoverflow at first, but I suspect that there is an underlying server issue that I'm unable to diagnose. I'm just not sure what's wrong. We have a site hosted on an Amazon EC2 instance, and we use the Route 53 nameservers. The Facebook login on our site has been working fine for a while, but it suddenly stopped working. The error we're getting is that the "Given URL is not allowed". The domain URLs are all entered correctly in the app settings on Facebook, and the login URL being passed to Facebook looks correct. Looking over stackoverflow I've seen posts suggesting either adding or removing "www" in the domain names, but neither is working.

I did change the SSH key for our server yesterday, but the SSH is working fine, and I don't see how it could be related. I just bring it up because of the timing.

The reason I think this is a server issue is that several weeks ago we had another issue where our internal ajax requests were suddenly being treated like cross-domain requests. I resolved this by changing the ajax URLs to relative URLs. Since both of these problems seem to stem from our domain name not being recognized, I thought they might be related, and there is something bigger going on. We have a cookie on our site that lets users stay logged in for up to a month, so it would make sense that the login issues started appearing about a month after the ajax issues.

The site comes up with no problem when typing in the URL, so there's no obvious problem with the DNS. We have our domain name registered with godaddy, and I've double checked the nameservers on there, and they match what we have in Route 53.

Shortly before the ajax problems started appearing, I attempted to set another domain we have registered with godaddy to point to the same nameservers as the first domain. This didn't work, and when the ajax problems started appearing I changed the godaddy settings for that domain back to the defaults. It's been several weeks since I changed them back, but I'm wondering if there's anything else that might need to be done to propagate the reset, if it's even related.

I realize this is a bit open-ended, but I'm hoping that someone recognizes these symptoms as having a common cause, and at this point I'm not sure what to check next.

I do have an .htaccess file on the server, but I don't think that's the issue. Here's what I currently have in there.

RewriteEngine on
RewriteRule ^(.*)\.[\d]{10}\.(css|js)$ $1.$2 [L]

# Block Bad Bots & Scrapers
SetEnvIfNoCase User-Agent "Aboundex" bad_bot
SetEnvIfNoCase User-Agent "80legs" bad_bot
SetEnvIfNoCase User-Agent "360Spider" bad_bot
...

<Limit GET POST HEAD>
Order Allow,Deny
Allow from all

# Cyveillance
deny from 38.100.19.8/29
deny from 38.100.21.0/24
deny from 38.100.41.64/26
deny from 38.105.71.0/25
deny from 38.105.83.0/27
deny from 38.112.21.140/30
deny from 38.118.42.32/29
deny from 65.213.208.128/27
deny from 65.222.176.96/27
deny from 65.222.185.72/29

Deny from env=bad_bot
</Limit>
Brian R
  • 1
  • 1
  • If your AJAX started suddenly getting hit by cross-domain stuff, your domain changed. Chances are this means the URL set up in your Facebook App settings is no longer correct. – ceejayoz Nov 20 '14 at 22:37
  • Yes, I figure this has something to do with our domain, but the domain itself hasn't changed. It's still the same at godaddy, in our code, and on Facebook. For instance, images with absolute URLs still show up on the site, and bookmarks for the site still work. Unless you mean that the domain name is maybe being cached somewhere incorrectly? – Brian R Nov 20 '14 at 22:55

1 Answers1

0

The issue was solved by removing the whitelisted IP in the Advanced tab of the settings for the app. I had put the IP address of the server there, thinking that was what was meant, but removing it caused the URLs to be allowed. I guess that field must be for the purpose of limiting access to the app from only certain user IPs during testing.

Brian R
  • 1
  • 1