Description
A Webhook Only app has stopped working after Friday, June 25, 22:06 GMT. The Webhook logs in the Marketplace show a Status 500.
Our notification endpoint URL is behind a Fortigate Web Application Firewall appliance, acting as a reverse proxy.
When we redirected the webhook to hit the backend server directly (with a different FQDN), the events were being received normally, with a Status of 200.
Both the backend server and the Fortigate WAF appliance have been properly configured with the same SSL certificate. This setup was working for more than a year until Friday, but never worked after that time.
The logs of the Fortigate WAF appliance, just show a Connection Reset event, and nothing else. The Webhook notifications never reach the backend server, there is no trace of them in the HTTP server logs.
We tried to reproduce the problem using Postman, but we were unable to see the same behaviour. A simulated Zoom Webhook notification sent from Postman to the server, through the WAF appliance, is received properly.
I don’t want to include the actual URLs and FQDNs here, for security reasons. If needed, I can provide them on a private communication channel.
The app can be found at:
https://marketplace.zoom.us/develop/apps/PzIONA9sRqKVh9pRBCIsOQ/information
Error
The Webhook logs (Status 500) in the Marketplace show this error for every event notification sent to the server through the Fortigate WAF appliance:
“responseHeaders”: false,
“responseData”: “Connection closed”,
“runTime”: “637”,
“ttl”: 1626182443,
“requestParameters”: undefined
Which App Type (OAuth / Chatbot / JWT / Webhook)?
Webhook Only
How To Reproduce (If applicable)
Steps to reproduce the behavior:
- Set the notification endpoint URL to reach our server through the WAF appliance
- No Webhooks are received, all logs show Status 500 with the above error
- Set the notification endpoint URL to reach our server directly
- All webhooks are received, logs show Status 200
Additional context
The only events that we have configured the application to send are meeting.participant_joined and meeting.participant_left.
We do suspect that this is an SSL protocol negotiation issue, but we will need input from Zoom to debug it.