Summary
I am using dockers mattermost-preview image, and I am trying to connect it with a RASA bot, but when sending a message I get the following error in the log:
{“level”:“error”,“ts”:1585045803.1958508,“caller”:“app/webhook.go:110”,“msg”:“Event POST failed.”,“error”:“Post http://localhost:5005/webhooks/mattermost/webhook: address forbidden, you may need to set AllowedUntrustedInternalConnections to allow an integration access to your internal network”}
I already added localhost
to AllowedUntrustedInternalConnections
but still keep getting this error.
In the bot server I am not receiving anything.
Steps to reproduce
Run dockers mattermost-preview image, set up a bot account and an outgoing webhook, declare mattermost url, bot username, token and webhook url in RASA credentials.yml file.
Expected behavior
I updated the config.json file and added localhost into AllowedUntrustedInternalConnections
and I would expect to at least get a message in the RASA log, but I keep getting the address forbidden message.
Observed behavior
When sending a message to a group where the bot is a member using ‘@botname’ and the message I get the error message I pasted in the summary above. Also when trying to send a direct message to it I get no response or error message. I am using https://localhost:8065/teamName/api/v4
, the name of the bot as user, the bot token and https://localhost:8065/webhooks/mattermost/webhook
as the webhook url. For the outgoing webhook in mattermost I am using http://localhost:5005/webhooks/mattermost/webhook
, this is the RASA server address for the bot.
Hey Daniel,
can you enable insecure outgoing connections and try again? Environment -> Webserver
Hi Marco,
I have it enabled, but keep getting the error.
Hi @danielha23,
Add localhost
to the Allow Untrusted Internal Connections To setting. For security, Mattermost prevents connections to local domains - 127.0.0.1, 192. and 10. networks, and domains that resolve to those IP addresses - from webhooks, slash commands and other actions users can take. So if you want a webhook to go to one of those IP addresses you need to add it there.
Note to self: Always read the whole thread
Hi @paulrothrock,
So then I have to add the complete webhook address? Because I already have added the localhost as an Allowed Untrusted Internal Connection.
Sorry, I missed that. I’ll replicate it and file a bug ticket
@danielha23
In my replication environment I set the Allow Untrusted Internal Connections to 127.0.0.1 localhost
and my webhook was working. If that doesn’t work, what version of Mattermost are you using?
@paulrothrock
I just added like that but I keep getting the error. I have dockers mattermost-preview image, it is version 5.18.0-rc1
I just tried it using the Mattermost Preview image. With the default setting for Allow Untrusted Internal Connections
- ""
- I got the same error you saw. When I set it to 127.0.0.1 localhost
I received this error:
{"level":"error","ts":1585095118.2333198,"caller":"app/webhook.go:110","msg":"Event POST failed.","error":"Post http://localhost:5005/webhook: dial tcp 127.0.0.1:5005: connect: connection refused"}
This shows that it was able to attempt the connection and wasn’t filtered because it was directed to an internal address. (My docker image isn’t set up to access my host and I don’t have a service running on port 5005 on the docker machine.) I also have EnableInsecureOutgoingConnections
set to false
.
Can you verify that Allow Insecure Connections
is set to the correct values in the System Console?