0

I recently migrated our WP site to a Debian 8 VM running on Azure. Since then, we are unable to process credit card payments through the RedSys payment gateway.

It seems that upon successful payment, the gateway attempts to send the success message back to our server but uses the java/1.5.0 user-agent string which seems to be the reason the request is never getting to our server.

It seems like there is something similar to CloudFlair's Browser Integrity Check going on in Azure, but for the life of me, I've been unable to find ANY mention of it online.

The VM is on it's own Virtual Network created automatically and I've even removed it from the Security group to see if that cleared things up, but nothing. The server is using the Azure DNS (could this be where the filtering is being done? If so, what solution?)

Can anyone offer a solution for this? (Obviously, being a banking system, changing the user-agent that is being sent is impossible; I cannot make a bank change their ways)

akseli
  • 211
  • 2
  • 7
  • why would the user-agent be the cause of this? Make sure DNS entries are correct and your FQDN is really pointing to your Azure VM. Check firewall and do basic tests in your application to verify that your application is really working and accepting connections. – Bruno Faria Feb 04 '16 at 11:00
  • From support.cloudflair.com: "CloudFlare's Browser Integrity Check (BIC) is similar to Bad Behavior and looks for common HTTP headers abused most commonly by spammers and denies access to your page. It will also challenge visitors that do not have a user agent or a non standard user agent (also commonly used by abuse bots, crawlers or visitors)." So, this issue is solved on CloudFlair by de-activating BIC, and on Azure, the only solution was to remove the VM from all Security Groups. – akseli Feb 04 '16 at 15:55

1 Answers1

0

If anyone else runs into this issue, I just wanted to clear up the solution:

I went through all the settings available to me on azure, and the only way to solve this issue was to remove the VM from all Security Groups, thus disabling the Azure firewall.

The Azure DNS does not affect the filtering.

The connection with RedSys works now by using an internal firewall on the VM, and ignoring Azure's security systems. It's a shame, and I hope they implement more granular options in the future, because it would be nice to be able to take advantage of Azure Security's DDoS protection, etc.

akseli
  • 211
  • 2
  • 7