Forums

getting 403 Forbidden when accessing from an external service

Our site (hosted on pythonanywhere) handles payments using an external service called mercadopago.

mercadopago calls an url from our site when a payment is done. The thing is, our pythonanywhere server is sending mercadopago a 403 page.

I've tried to replicate the problem asking that same url from my computer using several methods, but I always get a 200 response.

Looking at our access log, I only see one difference betwen the request that comes from mercadopago and my requests (multiple ip addresses from mercadopago):

From mercadopago:

216.33.196.4 - - [25/Sep/2014:13:37:17 +0000] "POST /cart/mercadopago_notifications/?topic=payment&id=682796253 HTTP/1.1" 403 1018 "-" "-" "172.16.87.170, 172.16.125.6, 216.33.196.4"

From my pc using wget:

200.70.55.182 - - [25/Sep/2014:15:39:00 +0000] "GET /cart/mercadopago_notifications/?topic=payment&id=682796253 HTTP/1.1" 200 14196 "-" "-" "200.70.55.182"

Is mercadopago blocked before reaching my app, isn't? if so, how could I solve this problem?

The difference is that your request is a GET request and theirs is a POST. My guess is that you have not set up that view to accept POST requests.

Dindn't see that POST/GET difference at all, thanks for noticing, most certaninly that was the problem.

Heh. Don't worry about it. We were just joking in the office about how good we're getting at diagnosing weird errors in web apps because of our work supporting PythonAnywhere users.