HTTP GET request forbidden 403 error while using netcat - get

So, I have to get http://www.rssweather.com/wx/in/kanpur/wx.php with using netcat.
My code goes like this.
nc -v rssweather.com 80
GET http://www.rssweather.com/wx/in/kanpur/wx.php HTTP/1.0
GET http://www.rssweather.com/wx/in/kanpur/wx.php HTTP/1.1
Connection: close
And, the result-
HTTP/1.1 403 Forbidden
Date: Thu, 03 Sep 2015 12:41:08 GMT
Server: Apache
Connection: close
Content-Type: text/html
charset=iso-8859-1
You don't have permission to access /wx/in/kanpur/wx.php
on this server.
Is there any way to overcome this Forbidden 403 error? What am I doing wrong?

You've already connected to the webserver at rssweather.com so you must not specify the full URL in the GET request, just the path:
nc -v rssweather.com 80
GET /wx/in/kanpur/wx.php HTTP/1.0
<blank line with return>

Related

Head Request Returns a 403

When I make a HEAD request for a URL with curl -I I get a 403 error:
HTTP/2 403
content-type: application/xml
date: Wed, 22 Aug 2018 15:50:29 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 bfda628fa09b80e042e2c85c85acf1c7.cloudfront.net (CloudFront)
x-amz-cf-id: ryZHGZJ1cKbIa-n1Oxznge9MYl7C2-btqva9W0wQTvooVd6vzAaktw==
When I make the full request with just curl it works fine. I've verified that the behavior is set up with Allowed HTTP Methods GET and HEAD. What am I missing?

Too Many Redirects on OpenShift after push

I have a node.js application running on openshift. After testing my code on a local environment I pushed it up to my instance on openshift. After doing so, I went to check those changes on the public site and my browser reported that I was getting too many redirects. I tried to look at my haproxy status and even that was getting too many redirects.
I have done some investigation and here is what I've found:
I checked my nodejs logs and my node server started successfully (no errors)
I've ssh'd into my machine and ran curl -vvv $OPENSHIFT_NODEJS_IP:8080 and I was returned my index.html as I should.
When I run curl -vvv http://minutepolitics-minutepolitics.rhcloud.com/ I get this response:
RESPONSE:
Hostname was NOT found in DNS cache
Trying 54.81.203.46...
Connected to minutepolitics-minutepolitics.rhcloud.com (54.81.203.46) port 80 (#0)
GET / HTTP/1.1
User-Agent: curl/7.37.1
Host: minutepolitics-minutepolitics.rhcloud.com
Accept: */*
HTTP/1.1 302 Found
Date: Thu, 23 Oct 2014 03:26:06 GMT
Server Apache/2.2.15 (Red Hat) is not blacklisted
Server: Apache/2.2.15 (Red Hat)
Vary: Host
X-Powered-By: PHP/5.3.3
Location: http://minutepolitics-minutepolitics.rhcloud.com/
Connection: close
Accept-Ranges: none
Content-Length: 0
Content-Type: text/html
Closing connection 0
Also, when I ssh into my machine and run /etc/init.d/haproxy start the output is: Starting haproxy: [ALERT] 294/230821 (134951) : Starting frontend main: cannot bind socket [FAILED]
From here, I don't know what to do or try to get this working again.
Any and all help will be greatly apprecaited! Thanks!!

Data attached to POST request is gone during redirection to GET with CURL

I wrote followed command to send POST with JSON data to server. The server must redirect my request and send GET with the same data:
curl -L -i -XPOST \
-d 'id=105' \
-d 'json={"orderBy":0,"maxResults":50}' http://mysite.com/ctlClient/
I get response:
HTTP/1.1 302 Found
Date: Thu, 04 Jul 2013 13:12:08 GMT
Server: Apache
X-Powered-By: PHP/5.3.19
Set-Cookie: PHPSESSID=1hn0g8d7gtfl4nghjvab63btmk2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
location: http://mysite.com/fwf/online/
Content-Length: 0
Connection: close
Content-Type: text/html
HTTP/1.1 200 OK
Date: Thu, 04 Jul 2013 13:12:08 GMT
Server: Apache
X-Powered-By: PHP/5.3.19
Set-Cookie: PHPSESSID=16akc7kdcoet71ipjflk9o9cnm5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 1
Connection: close
Content-Type: text/html
From access-log I see:
"POST /ctlClient/ HTTP/1.1" 302 - "-" "Apache-HttpClient/4.1 (java 1.5)"
"GET /fwf/online/ HTTP/1.1" 200 1 "-" "Apache-HttpClient/4.1 (java 1.5)"
So far so good,
The problem is that GET doesn't receives my data added to post. Sounds like during redirect my data dismissed somehow. From Android client it works, therefore its not Server side problem.
What I need to do to pass POST data to GET request?
Thank you very much,
[EDIT]
#nif offerd to upgrade CURL, i did , to 7.28.0.
Still get the same problem
[INFO]
1st time i go to http://mysite.com/ctlClient/index.php where:
case 105: // id=105
session_unset();
session_start();
foreach($_POST as $key => $value){$_SESSION[$key] = $value;}
ctlGotoSameDomain("/fwf/online/"); // <- aka redirect
return true;
after redirect i go to /fwf/online/index.php and there my request is empty:
public function __construct() {
$this->json = isset($_SESSION['json']) ? $_SESSION['json'] : null;
msqLogFile("fwf/post", Array('post' => 'Request: '.$this->json));
}
http://mysite.com/ctlClient/index.php get 2 parameters properly: id and json
From curl's manpage:
When curl follows a redirect and the request is not a plain GET (for example POST or PUT), it will do the following request with a GET if the HTTP response was 301, 302, or 303. If the response code was any other 3xx code, curl will re-send the following request using the same unmodified method.
Edit
I did some research and found out, that it might be a problem with your curl version. Newer version will honour the -XPOST option and will POST to the redirected location as well. But older versions had an own option for this, i.e. --post301 and --post302. According to their manpage:
--post301
Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET
requests when following a 301 redirection. The non-RFC behaviour is ubiquitous
in web browsers, so curl does the conversion by default to maintain
consistency. However, a server may require a POST to remain a POST after such
a redirection. This option is meaningful only when using -L, --location
(Added in 7.17.1)
--post302
Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET
requests when following a 302 redirection. The non-RFC behaviour is ubiquitous
in web browsers, so curl does the conversion by default to maintain
consistency. However, a server may require a POST to remain a POST after such
a redirection. This option is meaningful only when using -L, --location
(Added in 7.19.1)
References:
Following redirects with curl
HTTP RFC
I need to add -b to my script to enable the cookies. CURL by default doesn't use them and this issue caused to session ID change. Therefore no data transferred.
curl -b -L -i -X POST \
-d 'id=105' \
-d 'json={"orderBy":0,"maxResults":50}' http://mysite.com/ctlClient/
Now its working

Question on authentication in curl command

When I run the below curl command with --negotiate option I get the following error. Any idea why?
[Aug05 5:03am] pradeep#localhost:/tmp/pradeep> curl --negotiate -u : -k --verbose --head "http://something.domain.com/something/soething.action"
About to connect() to something.domain.com port 80 (#0)
Trying ip-address ... connected
Connected to something.domain.com (ip-address) port 80 (#0)
HEAD /something.action HTTP/1.1
User-Agent: curl/7.21.6 (i386-pc-solaris2.10) libcurl/7.21.6 OpenSSL/0.9.8j zlib/1.2.3
Host: something.domain.com
Accept: */*
< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized
< Date: Fri, 05 Aug 2011 09:04:45 GMT
Date: Fri, 05 Aug 2011 09:04:45 GMT
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
* gss_init_sec_context() failed: : KDC policy rejects requestWWW-Authenticate: Negotiate
WWW-Authenticate: Negotiate
< Set-Cookie: JSESSIONID=0E94E134D7401632EBB4D042B8934DCD; Path=/
Set-Cookie: JSESSIONID=0E94E134D7401632EBB4D042B8934DCD; Path=/
< Content-Type: text/plain
Content-Type: text/plain
* no chunk, no close, no size. Assume close to signal end
I am able to open the site normally from the browser etc. Why I am I not able to authenticate here? Can someone help me understand
Two things you can try:
Remove --head. You seem to want to send a GET request, not a HEAD request.
Don't forget to provide the credentials as with this example: -u pierre:secret

why can't get this page in linux with wget/telnet?

this URL www.jinfuwu.com can be access in windows browser,windows telnet,
but in my ubuntu server, i can't get this page:
telnet (ubuntu):
root#ubuntu:~# telnet www.jinfuwu.com 80
Trying 121.199.111.176...
Connected to www.jinfuwu.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.jinfuwu.com
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sun, 05 Dec 2010 01:34:33 GMT
Accept-Ranges: bytes
ETag: "f671fd911c94cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Sun, 05 Dec 2010 10:03:21 GMT
Content-Length: 1214Connection closed by foreign host.
wget (ubuntu):
root#ubuntu:~# wget http://www.jinfuwu.com
--18:10:29-- http://www.jinfuwu.com/
=> `index.html.2'
Resolving www.jinfuwu.com... 121.199.111.176
Connecting to www.jinfuwu.com|121.199.111.176|:80... connected.
HTTP request sent, awaiting response...
Read error (Connection reset by peer) in headers.
Retrying.
....
but in my windows ,i using telnet command, i can get the page
telnet (windows7):
run:
telnet www.jinfuwu.com 80
paste:
GET / HTTP/1.1
Host: www.jinfuwu.com
and press doubles Enter,i can see the page HTML code.
google it:
site:jinfuwu.com
google can access this site
can you tell me why?
btw: also www.joytg.com,same question
thanks a lot :)
Did some further digging for you and found the root cause is due to misconfigured routers. You can read about it all here.
The workaround that article mentions is to:
echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale
However, this file has changed and on newer setups you need to instead:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
You will need to be root when running that though.
$ wget http://www.jinfuwu.com
--2010-12-05 12:58:39-- http://www.jinfuwu.com/
Resolving www.jinfuwu.com... 121.199.111.176
Connecting to www.jinfuwu.com|121.199.111.176|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12145 (12K) [text/html]
Saving to: `index.html'
100%[====================================================>] 12,145 5.19K/s in 2.3s
2010-12-05 12:58:43 (5.19 KB/s) - `index.html' saved [12145/12145]
FWIW, I can get the page just fine using wget or curl from MacPorts.

Resources