Google Storage API禁止ipRefererBlocked错误 [英] Google Storage API Forbidden ipRefererBlocked Error
问题描述
使用Google Storage JSON API时出现以下错误:
I'm getting the following error when using the Google Storage JSON API:
$ curl -v 'https://www.googleapis.com/storage/v1/b/MY-BUCKET/o?key=MY_API_KEY'
* Hostname was NOT found in DNS cache
* Trying 64.233.186.95...
* Connected to www.googleapis.com (64.233.186.95) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate: *.storage.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /storage/v1/b/MY-BUCKET/o?key=MY_API_KEY HTTP/1.1
> User-Agent: curl/7.37.1
> Host: www.googleapis.com
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Vary: X-Origin
< Content-Type: application/json; charset=UTF-8
< Date: Tue, 31 Mar 2015 16:57:40 GMT
< Expires: Tue, 31 Mar 2015 16:57:40 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
* Server GSE is not blacklisted
< Server: GSE
< Alternate-Protocol: 443:quic,p=0.5
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "ipRefererBlocked",
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed."
}
}
但是一切似乎配置正确.我正在使用的密钥被列为允许使用任何IP:
But everything seems configured correctly. The key I'm using is listed as allowing any IP:
API本身是活动的:
The APIs themselves are active:
该项目的帐单信息已正确配置:
And the project has billing information correctly configured:
我尝试启用和禁用API并刷新帐单信息.没有任何帮助.什么是下一个步骤?尝试使用AWS?
I've tried enabling and disabling the APIs and refreshing the billing info. Nothing is helping. What are the next steps? Try AWS?
推荐答案
对于后代,发生了什么事:
For posterity here is what happened:
我在同一数据中心(Newark/NJ的Linode)中旋转了一个不同的VM,它运行良好,所以问题似乎不是我的关键,而是我的IP本身.
I spun a different VM in the same datacenter (Linode in Newark/NJ) and it worked perfectly, so the problem seemed not be my key, but my IP itself.
为了深入了解这一点,我不得不向Google Cloud支付150.00美元,以便他们让我打开支持通知单并描述问题.
In order to get to the bottom of this I had to pay Google Cloud US$ 150.00 so they could let me open a support ticket and describe the issue.
接下来的两天,我与一名支持人员争论,尽管非常礼貌,但始终认为错误是我自己而不是他们自己的.
I spend the next two days arguing with a support staffer that – while being very polite – always assumed the error was in my end instead of theirs.
写了一个包含6000个字符的详细回复后,他最终决定与某人核对,并发现我的IP被Google流量自动化系统阻止,因为它错误地检测到我的IP来自受限制的国家(伊朗).
After writing a 6000 character reply with super specific details he finally decided to check with someone and found out my IP had been blocked by a Google traffic automation system because it erroneously detected that my IP came from a restricted country (Iran).
鉴于该虚拟机位于新泽西州-很容易通过traceroute看到它-他们告诉我他们必须手动覆盖该系统并将我的IP放回美国.这需要三天,所以我等了.
Given that the VM was in New Jersey – and it was very easy to see that through traceroute – they told me they would have to manually overwrite the system and place my IP back in the US. This would take three days, so I waited.
三天后,我收到一封电子邮件,告诉我要测试所有内容,所以我做到了.没用在又收到几封电子邮件并等待另一天后,他们终于将其修复.
Three days later I got an email telling me to test everything, and so I did. It didn't work. After another couple of emails and waiting another day they finally fixed it.
最糟糕的是,一位Google支持人员指责我的公司与受限制的国家/地区开展业务并代理了来自伊朗的流量.那是荒谬的,而且确实使我们感到恼火,因为即使犯了一个错误,他们仍然想怪我们没有做错什么.
The cherry on top of this whole mess was having a Google Support staffer accuse my company of doing business with restricted countries and acting as a proxy to traffic coming from Iran. That was preposterous and it really offended us, because even after making a mistake they still wanted to blame us for doing nothing wrong.
我们告诉两名工程师将VM倒退,看看他们是否能找到任何证据表明该VM已被黑客入侵,当然他们也找不到.这是一台经过全面修补的Ubuntu 14.04服务器,该服务器只能通过一个私钥进行SSH,并且禁用了远程root登录.
We told two engineers to turn that VM backwards and see if they could find any evidence of that it had been hacked and of course they couldn't. It was a fully patched Ubuntu 14.04 server that one could only SSH through ones private key and remote root login was disabled.
伙计们,这就是故事的结局.花费150.00美元来通知Google他们自己的错误,并且必须竭尽全力寻求解决方案.
And this is how the tale ends, folks. Spending US$ 150.00 to notify Google of their own mistake and having to fight your way to the solution.
哦,还有一件事:我们正在迁移到AWS.
Oh, and one more thing: we're migrating to AWS.
这篇关于Google Storage API禁止ipRefererBlocked错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
