Error running query: Can't query private addresses

Hi,

I am trying to call a PRTG API with built in authentication in the URL using the JSON Data Source. I have added the new Data Source with the correct URL and authentication, through the settings. When trying to run a query on the URL, i get this error: Error running query: Can’t query private addresses.

I tried to follow the JSON & URL guide, but i keep getting that error. It also happens when i add the url: https://xxx.xx:someport/jsonApi

Can i setup this in another way or change how i call the URL? When i enter the URL in my browser i get all the data from PRTG as a JSON response.

Thanks in advance :slight_smile:

1 Like

I tried changing the URL to this: https%3A%2F%2Fxxx.xx:someport/jsonApi - then i get this error: Error running query: gethostbyname() argument 1 must be string, not None I guess that only worked for the old URL Data Source?

How did you install Redash?

I used the docker image as described in the documentation :slight_smile:

1 Like

Gotcha. That explains the private address issue. Redash is running in a private network via Docker Compose. Which is why the JSON data source filters out private IP addresses.

You need to add a routing rule to your Docker configuration that passes traffic to and from PRTG.

Well that might sound like a solution for the issue. Do you happen to know, how to implement this routing rule? Or know a place, where i can figure out how to do it? :slight_smile:

Actually the filtering/check happens in the Query Runner implementation:

This is to avoid people using the JSON data source to access information they are not supposed to, like AWS metadata API.

Happy to accept a PR that makes this behavior configurable with an environment variable. Just note that if you disable this check, you need to trust whoever you allow running queries in your system.

2 Likes

Well, a little confused :slight_smile:

Should i go for the method @susodapop told me with the private networking or look into changing the environment variable?

What @susodapop mentioned won’t help, as this is not a setup/Docker issue, but rather an intentional filter in our code.

And just to clarify: there is no environment variable to control this behavior, I was just suggesting adding one.

Ahh okay, then i get it. So, my question is now - how can I add this environment variable in order to control that behavior? I am the only user, so no chance of any users executing stuff they should not execute :slight_smile:

@arikfr I think he could just comment out those Python lines.

Sort of: he needs to build a new Docker image or mount the updated file into his Docker image.

Something along the lines of:

  1. Take redash/query_runner/json_ds.py and modify it to support private addresses (i.e. remove lines 180-181).
  2. Place the file in /opt/redash (or wherever).
  3. Update docker-compose.yml to mount a volume of this file and place it in /app/redash/query_runner/json_ds.py.
1 Like

Thank you very much @arikfr, i will try what you suggest and let you guys know what i ended up with. :slight_smile: