16

I keep having the following error in my Heroku PHP facebook app logs:

[app web.20] PHP Fatal error: Uncaught OAuthException: (#5) Unauthorized 
source IP address\n thrown in /app/www/sdk/src/base_facebook.php on line 1238

I also noticed that the same servers keep producing this error until I recycle the processes (ie in the case above it would be web.20 and web.6 that keep failing repeatedly), but after heroku ps:restart it would be different servers that keep failing.

Now after doing some research I noticed that people kept advising I whitelist my server IP in the Facebook App -> Advanced Settings page, meaning that Facebook keeps a list of blacklisted IPs and this is where you can allow access to them one by one.. which had me wondering why Facebook clearly encourages its users to use Heroku for its facebook apps, while at the same time black-listing its servers.

So basically:

  1. Heroku is Facebook's hosting partner
  2. Heroku provides its users with unpredictable IP addresses every time the app is recycled
  3. And Facebook has blacklisted many of Heroku's servers (around 1 in 10 by my count)
  4. So you can never be guaranteed you app is going to get access to its API for all your requests

My question is:

How are developers like me expected to configure production-ready apps in a Facebook-sponsored Heroku environment that clearly is bound to fail around a good chunk of API requests?

Steven de Salas
  • 20,944
  • 9
  • 74
  • 82
  • 3
    I also find this situation ridiculous. Restarting heroku instances hoping they end up on non-blacklisted ip's is not a workable solution. This post has 2 options for fixing the problem. http://stackoverflow.com/questions/16086615/5-unauthorized-source-ip-address-error-on-heroku-rails-app – Jody Apr 27 '13 at 12:31
  • +1- also happen to us since Thursday. restart all our workers solve this than, and now it happen again. – shem Apr 28 '13 at 09:11
  • 1
    Happening for me too :( – coder9 Apr 29 '13 at 03:57
  • +1 The problem is big! We are seeing this on our apps too... – danijel Apr 29 '13 at 14:21
  • Perhaps this is not a Heroku specific problem but some Facebook DoS prevention policy, or API-calls limiting policy giving false positives? If I understand correctly, many Heroku apps can share the same IP address, so Facebook may be receiving a lot of requests from the same IP. – Jan Wrobel Apr 29 '13 at 14:26
  • +1 happens on my app as well – Gady Apr 30 '13 at 07:43
  • @JanWrobel Makes sense to have a DoS prevention policy, but its not necessary to permanently block IPs, they could just block the offending IPs for a few hours. – Steven de Salas May 01 '13 at 00:27

3 Answers3

7

This is weird. We're looking into it.

Edit: This should be resolved. Note that Facebook blocked those IPs because of malicious behavior. We'll keep working with them to prevent it again, but the best thing that you can honestly do is to use a hosting provider that provides a non-shared IP.

See here as well: https://developers.facebook.com/bugs/649166715098648

Christopher Blizzard
  • 1,928
  • 1
  • 15
  • 10
  • 4
    I'm receiving this issue a lot as well. Just started happening a couple of days ago. On Heroku. – Jeremy Haile Apr 29 '13 at 00:48
  • started for me on saturday the 27th... seems to go away when i'm only running one dyno – handler Apr 29 '13 at 15:36
  • Same thing happening to us, started last week and seems to happen a lot – jorilallo Apr 29 '13 at 20:37
  • Single IP is not really an option when you have the kind of surges in traffic I've seen coming in from facebook (ie when a story becomes really popular). How about only blocking offending IPs for a few hours? That would prevent abuse of the API without permanently disabling a good chunk of the server population. – Steven de Salas May 01 '13 at 10:14
  • Experiencing this with Facebook Messenger API... once in a while, I have to restart my dynos for IP re-assigning :( – ProfNandaa Apr 24 '17 at 22:56
3

It appears Facebook have started blocking Heroku IPs for some reason. This isn't something that Heroku control, and only something that Facebook can resolve. I'd get in touch with Facebook support.

Neil Middleton
  • 22,105
  • 18
  • 80
  • 134
0

On Heroku, try out an add-on like Proximo and see what happens. I just provisioned on mine and I'm now monitoring to see if the same happens.

ProfNandaa
  • 3,210
  • 2
  • 18
  • 19