Sometimes, PUT functions in API returns 403 with valid token (using latest PMG version 8.x)

[clsaad]

Hello All,

We have a customer portal where they can manage some rules and when finished they can save them directly in Proxmox. We noticed that using the latest version of PMG in some situations when saving a rule returns the error below:

https://servidorinterno:8006/api2/json/config/ruledb/who
Method POST
Return: StatusCode:[403 Forbidden] ReasonPhrase: [Permission check failed (user == null)] Content: [{"data":null}]

The authentication token is updated every 90 minutes. At that time the error had been updated less than 50 minutes ago.

The forwarded information is in the correct format and if I force the update in the next minute using the same token it runs successfully.

Where can I find or activate a detailed LOG to make a better diagnosis?

Thanks,

 

[Stoiko Ivanov]

the system journal (see `man journalctl`) and /var/log/pmgproxy/pmgproxy.log should contain all necessary information for debugging

I hope this helps!

 

[clsaad]

Hello Stoiko,
Thanks for sharing the steps! I was searched inside the pmgproxy.log but don't have any information only the 403 error

MYIP - root@pam [10/06/2024:16:01:16 -0300] "POST /api2/json/config/ruledb/who/1906/email HTTP/1.1" 200 14
MYIP - root@pam [10/06/2024:16:43:25 -0300] "POST /api2/json/config/ruledb/who/1909/email HTTP/1.1" 403 13
MYIP - root@pam [10/06/2024:16:56:13 -0300] "POST /api2/json/config/ruledb/who/1909/email HTTP/1.1" 200 13

The token it's created around 06/10/2024 15:59:37 and it's valid for two hours. At 04:01PM works and 04:43PM failed.
Looking inside journalctl (or syslogd) there is no information about that. If I force the API works.

It's possible to enable a debug information for API?

Best Regards,