I added proxy server ips to whitelist, but when requesting API it pops up 403

What IP are you seeing the requests come from? It'll be hard to diagnose since it would appear to be your server returning the 403. If you disable the IP restrictions does it work? Are you sure it's going via the Zendesk proxy and not a local machine (perhaps check if the IP receiving from is your network)?

Hi, @...

I wrote something wrong. Actually it's not my server.

I was requesting data from another company's DB server through API.

The company added all of their zendesk ips egress lists to the whitelist.

In the console's network window, I checked that the requestURL starts with 'https://pdi-ezcom1234.zendesk.com/proxy/v2/to/...'

However, when it is 'cors:false', the request fails, and the 'cors:true' option value return the data normally. 

But do you know what IPs they're seeing?

It would seem that your computer's IP is allowed but the proxy server is not, since requests with "cors":true will be made from the client browser and not via the proxy.

Chris

Sorry, I don't know the exact meaning of 'seeing IPs'.

I just know they allowed all the egress ips. 

And when I asked to Zendesk Korea SC, he said, "I checked internally and found that the IP of the Zendesk Proxy server is included in '/ips', '216.198.0.0/18' ip range.".

Is there any way to allow Zendesk proxy server?

Sorry, I don't know the exact meaning of 'seeing IPs'.

Sorry, to be clearer. What IPs is the host receiving requests from that are not in the ranges? It seems as though there is an IP being used that the server is rejecting requests from. I'm just wondering if you know which IP specifically is being used here to trace where it might be coming from.

From your other post, it seems like everything should be working and the IPs used will only be the ones in our IP list. So if this is not the case, it might be worth checking the server logs to see where the requests that are failing are coming from.

I did an additional test yesterday, and I think the IPs that the host receiving are the IPs of ingress list, not on the egress list on the /ips.

But the company said that the firewall only allowed egress.
Is it correct that the proxy servers that the host should receive is ingress IP list?

To clarify, some ranges may appear on the egress and ingress lists. The range you listed before (216.198.0.0/18) is one such example:

Is this the range that they're seeing? This may also need a ticket if you're seeing IPs that are not listed making these requests.

I'm sorry for the delay in answering.

Yes, it's already been added to the whitelist.

When I tested the proxy server, it was requested as `104.16.51.111/32` in the ingress list, but the actual firewall log showed a completely different `118.235.7.86`. 

Even if the request is sent through Zendesk Proxy, do I still have to allow the End user Source IP to receive the Backed service ingress?

Fortunately, I found out the cause of the error.

I received mail from the company's developer yesterday.

He said,

As a result of checking about proxy server ip issue, it was a problem on our source
The cause was looking HTTP_X_FORWARDED_FOR value instead of the remote address.

I'm glad it worked out.
It wasn't a Zendesk issue, but thank you for helping me so far.

Thanks for the update!