Date |
|
Authors | |
Status | Completed |
Summary |
|
Impact |
|
Non-technical summary
GMC added a new security platform
The platform allows them to block incoming requests
They blocked ours but then disabled it
They will not block requests anymore until the new reval is live
Will not be an issue with new reval - which uses a later version of the tool which should not trigger the GMC’s security platform from blocking the requests
Timeline
08:08 | |
08:30 | Created ticket and incident page 2021-03-01 Legacy Reval: unable to submit revalidation - User Agent/Cloud Flare GMC Issue |
09:15 | Rerun failed with the same error… Forbidden (HTTP 403) |
09:33 | Pinged users to let them know we have contacted GMC to check the issue |
09:34 | Emailed GMC |
10:43 | Replied to GMC to confirm its the Production/Live environment and not our new Reval module |
11:47 | GMC have made some changes over the weekend, they are looking into it |
16:10 | Email to chase GMC |
16:31 | |
16:53 | Confirming with the GMC what IPs we are hitting |
17:50 | Email back from GMC |
10:55 | We found that with the new reval module, no issues, we are able to get data However, the issue is with legacy/existing. Need to check if the IPs/Servers that legacy reval runs on are still whitelisted |
11:01 | |
11:46 | Checking if authentication error |
16:10 | We confused the GMC |
11:17 | Call to investigate further - more fault analysis done,
Some Findings
|
14:00 |
|
14:11 |
|
14:41 |
|
15:17 |
|
15:30 |
|
16:33 | Email to GMC |
16:38 | So just to sum up our thought process:
Conclusion: most likely cause is a permissions error (Authorization issue) internally on GMC side |
16:42 | |
16:50 | Updated users on teams with our conclusion |
17:06 | Clarification of IPs |
05:47 | |
22:02 | Email from the GMC - they have been able to re-create the 403 error |
22:48 to 23:19 |
|
00:05 |
|
08:02 |
|
08:08 |
|
09:59 | Trying to get some clarification from the GMC relating to the user agent |
11:26 | GMC disabled the security feature relating to the user agent so thats why it worked We need to update the user agent |
13:05 | |
10:06 | Chasing GMC - No reply regarding User agent / is there filtering back on? |
14:18 | Reply from GMC and some thoughts
|
15:37 |
|
16:33 |
|
Root Causes
Job failed
Request to “Get to GMC Doctors From GMC API” 403
Contacted the GMC (peter.mcnair@gmc-uk.org) - they moved the API behind some additional security on the - a Cloudflare CND, DDoS Platform
Requests were being sent were being blocked based on filtering rules they had set up - blocking the user agent
Trigger
GMC introducing Cloudflare which blocked our calls to their API
Resolution
GMC has turned off the filtering and will leave it disabled until the new reval module is deployed
Detection
Slack monitoring and user report in Teams Support Channel
Actions
Inform GMC when only new reval module is live so
Lessons Learned (Good and Bad)
Cloudflare adds additional security e.g. block requests based on certain rules such as user agents
GMC do server upgrades/maintenance etc on Sundays/over the weekend
0 Comments