get.geojs.io throws 500 for certain source ip's

[ardje]

Hello,

Someone was complaining about a network I maintain, and said that my network is bad. However we found the application was depending on the following:

root@obproxy:~# wget -SHO - https://get.geojs.io/v1/ip/geo.json
--2023-01-08 15:59:37--  https://get.geojs.io/v1/ip/geo.json
Resolving get.geojs.io (get.geojs.io)... 2606:4700:20::681a:64, 2606:4700:20::681a:164, 2606:4700:20::ac43:46e9, ...
Connecting to get.geojs.io (get.geojs.io)|2606:4700:20::681a:64|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 500 Internal Server Error
  Date: Sun, 08 Jan 2023 15:59:38 GMT
  Content-Type: text/html; charset=utf-8
  Transfer-Encoding: chunked
  Connection: keep-alive
  x-request-id: f4ffd7e64972ea270b7f89f527228b92-AMS
  strict-transport-security: max-age=15552000; includeSubDomains; preload
  access-control-allow-origin: *
  access-control-allow-methods: GET
  pragma: no-cache
  Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
  x-geojs-location: AMS
  CF-Cache-Status: DYNAMIC
  Report-To: {"endpoints":[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=yBx8lTgrKvBcwNOrOJa8Dyr9P49F7WBpMu34EOAELjcKk7pomCyk%2B96oL%2F%2BCv21%2FAF6LQnoHLKJ6eQxjsVQYdCc9e1YW0vXFYhIWsNrBn6%2BqS8Y9RW45HF6%2BPOR1QAUK0Zl%2F1Sd63Yniqg%3D%3D"}],"group":"cf-nel","max_age":604800}
  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
  X-Content-Type-Options: nosniff
  Server: cloudflare
  CF-RAY: 78662438fb850eaf-AMS
  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-01-08 15:59:39 ERROR 500: Internal Server Error.

Since the 500 means that cloudflare received an error from the application I assume the application breaks for certain source ip's.

I would love to tell you the source ip/range, but I'd rather not invite an army of port scanners on that network.
I assume the 500 would be traceable in the logs.

Thank you for looking at it.
In the mean time I hope we can ask the software provider to make that request optional.

[ardje]

root@obproxy:~#  (echo -en "GET /v1/ip/geo.json HTTP/1.0\r\nHost: get.geojs.io\r\n\r\n";sleep 1)|openssl s_client  -servername get.geojs.io -connect [2606:4700:20::ac43:46e9]:443
<snip>
HTTP/1.1 200 OK
Date: Mon, 09 Jan 2023 08:23:22 GMT
Content-Type: application/json
Connection: close
x-request-id: 6be91fda1e97c397f8f98c4a156e15b9-AMS
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
x-geojs-location: AMS
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NIzPWF43BM5SgwAQbWrLTBdZWi2boa9tX0z4PrKULuyUiNjAelrao2yQEfd9IrnCV%2FZoncP6YmvGa8jlZDAJWRbIclZH9TFkm2Me38YUdcETDZlApv24AEj3OW6QltsW5aHzIw%2F4dAKwdw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 786bc53d0852b752-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

{"country":"Belgium","area_code":"0","organization_name":"Destiny N.V","country_code":"BE","country_code3":"BEL","continent_code":"EU","asn":8201,"latitude":"50.8509","ip":"2001:4158:XXXXXX","accuracy":100,"longitude":"4.3447","timezone":"Europe\/Brussels","organization":"AS8201 Destiny N.V"}

I tested all 3 ipv6 addresses and they now seem to work.
It doesn't seem like a cloudflare thing, so you must have fixed something ;-).

I will keep an eye on it before removing my DNS overrides (forcing v4).

[jloh]

Thanks for reaching out. Unfortunately GeoJS was experiencing some issues responding to queries and it took me a bit of time to get to it. The issue should now be resolved but I need to put a long term fix in place thats proving hard to troubleshoot.

[gitantonio]

Hi, I have problems with my network when I call geo.json:

But it work when I call country.json:

[tsmacdonald]

We've also been seeing 500s as of this morning, for example:

https://get.geojs.io/v1/ip/geo.json?ip=185.233.100.23

and

https://get.geojs.io/v1/ip/geo.json?ip=2001:4860:4860::8888

[BillyCroan]

It is happening consistently to me. curling https://get.geojs.io
if I query from 2001:470:3943:0:496a:8894:94b8:fdc8 (hurricane electric tunnelbroker) I get error 500
if I query from 2607:fb90:cf29:8200:5f92:d74:dff0:5471 (tmobile) i get the normal response.
if I query from 2604:abc0:103:917:cc73:8156:d8dd:5326 (a datacenter as64236)
if I query from 2605:a601:ac59:1f00:: (Google Fiber) I get the normal response
if I query from 2605:a601:ac59:1f02::1 (google fiber, lan ip) I get the normal response

This causes geo-aware apps to break when using ipv6 :-( Let me know if you'd like me to generate some internal ip addresses with specific bytes to test from. I can do that if it would help, then again anyone could.

Thank you for running this service @jloh , it helps a lot of people, and I'd like to help it help some more.

It seems others are seeing the same problem: https://app.gitter.im/#/room/#jloh_geojs:gitter.im