Getting below response code when trying to replay a script in LRE (http/html) protocol for application hosted in cloud
This happens when there is a redirect happening from https URL to http URL in the application. While the user tries to login the request gets redirected from a https to http URL.
Action.c(120): Redirecting "HTTPS URL" /accessToken=NrGnpovs13GpOnvUHyfdDEe%2FKZtfg5VUHpCdzg4hbx4KKxH1Vvf%2BnbMb2y2YmLosQzOETpI%2F%2BBown dLa4wh8RNw1zdcCbHQ%2FYACHZSn%2Bq9Iz6OEdATVwYtJ2KAMg5rBRveAXDIjg4zQpGyn3B0ainO28QcJEGk1QeOjoBdXfifw %3D&redirectCode=-1" (redirection depth is 1) [MsgId: MMSG-26694]
Action.c(120): To location "http URL"
Action.c(120): t=7090ms: Connecting [2] to host 10.242.48.173:80 [MsgId: MMSG-26000]
Action.c(120): t=7097ms: Connected socket [2] from 10.228.194.165:50373 to 10.242.48.173:80 in 7 ms
Warning -26665: HTTP Status Code is missing or invalid. Assuming "200 OK"
Action.c(120): t=7103ms: 231-byte response headers for "http URL"
Action.c(120): HTTP/1.1 308 Permanent Redirect\r\n
Action.c(120): Date: Fri, 17 Jun 2022 16:19:05 GMT\r\n
Action.c(120): Content-Type: text/html\r\n
Action.c(120): Content-Length: 164\r\n
Action.c(120): Connection: keep-alive\r\n
Action.c(120): \r\n
Action.c(120): <html>\r\n
Action.c(120): <head><title>308 Permanent Redirect</title></head>\r\n
Action.c(120): <body>\r\n
Action.c(120): <center><h1>308 Permanent Redirect</h1></center>\r\n
Action.c(120): <hr><center>nginx</center>\r\n
Action.c(120): </body>\r\n
Action.c(120): </html>\r\n
Pls help.
Related
I am trying to fetch data from a website using sockets and I am getting a redirect but the redirect is same as the previous url
The below code works perfectly
import requests
r = requests.get('https://links.papareact.com/f90',
allow_redirects=False)
print(r.status_code)
print(r.headers["location"])
Here is the output Location header is new url
301
http://pngimg.com/uploads/amazon/amazon_PNG11.png
Here is the socket code which behaves weird
import socket
HOST = "links.papareact.com"
PORT = 80
path = "f90"
headers = f"GET /{path} HTTP/1.1\r\n" + \
f"Host: {HOST}\r\n\r\n"
connection = (HOST, PORT)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(connection)
s.send(headers.encode())
while True:
data = s.recv(4096).decode().strip()
if data.endswith("\r\n\r\n") or not data:
break
print(data)
Output
HTTP/1.1 301 Moved Permanently
Date: Tue, 17 Aug 2021 09:15:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 17 Aug 2021 10:15:33 GMT
Location: https://links.papareact.com/f90
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ptwEG6zbfCPDGYczBruC%2FNuMmmsfwqSd6emUpu2aRIa9JtNvIpV3rcWZjfdMrP7EV9EM94UxTx4XbEk4P6KBk4PIb%2BLxPrwitq1Fo10u%2FtGnJnCFqFFh8XGutpJsIy13zCaUYGf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6801cc6c5d301d14-BLR
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Here the Location Header is same as the previous url
Please explain why is this happening and a possible solution to get the expected result ? :(
Here is the socket code which behaves weird
Nothing weird here. The redirect is according to the location header to https:// (encrypted, port 443) while your original request was for http:// (not encrypted, port 80).
This is a pretty common behavior of web sites that they redirect a plain HTTP request to the same path with HTTPS. If you then access this new (HTTPS) location you would likely get the same redirect as you did with your requests.get('https://..., i.e. to http://pngimg.com/uploads/amazon/amazon_PNG11.png.
Recently the dropbox api has been giving me 404 errors when uploading a file. Same code has been working for months. Has anything changed? I'm accessing the rest api through sharpbox.
Error response is below. Part of the request I'm making is below that.
Response:
HTTP/1.1 400 Bad Request
Server: nginx
Date: Mon, 28 Mar 2016 13:20:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Dropbox-Request-Id: ed356744df5e9541856f727505cceee0
X-Robots-Tag: noindex, nofollow, noimageindex
2e
{"error": {"file": "Expecting a file upload"}}
0
Request:
POST https://api-content.dropbox.com/1/files/dropbox/VMDVGZION?file=test.pdf&oauth_consumer_key=0o1pqhuy0ul766h&oauth_nonce=f74c8207d9a741929529f1a662804e66&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1459171240&oauth_token=0apqmt3p17e6s69z&oauth_version=1.0&oauth_signature=8i0QAVDTIDyQPUMNZTfDWdFDiyM%3d HTTP/1.1
Content-Type: multipart/form-data; boundary=-----------------------------28947758029299
Host: api-content.dropbox.com
Content-Length: 292539
-------------------------------28947758029299
Content-Disposition: form-data; name="file"; filename="test.pdf";
Content-Type: application/octet-stream
%PDF-1.4 %âãÏÓ
..
-------------------------------28947758029299--
When using the Structured Data Testing Tool to test my Mom's recipe site page titled Perfect Chicken Fajitas I get the following...
ERROR
The URL was not found. Make sure the domain name is correct and the server is responding with a 200 status code.
However, if I curl for the same URL, I can see that a 200 results...
$ curl -I http://www.lindysez.com/recipe/perfect-chicken-fajitas/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: bb2_screener_=1457484500+172.4.33.122; path=/
X-UA-Compatible: IE=edge
Link: <http://www.lindysez.com/wp-json/>; rel="https://api.w.org/"
X-Powered-By: ASP.NET
Date: Wed, 09 Mar 2016 00:48:21 GMT
What could be the problem?
I have three websites hosted (example1.com, example2.com, example3.com) on a server. There is a page (test.php) on example1.com with just code below inside it:
<?php
header('Location:http://example2.com/a.php');
?>
When I browse test.php it goes to http://example1.com/a.php . it doesn't understand it is another domain url, it tried to find the page on itself.
but when I put http://google.com instead of example2.com/a.php it works correct. I really get confused.
What is the problem ? Should I set some configuration on the server?
( I am administrator of the hosting server ).
Ps. The server is behind a pound server.
Edited:
Here's the Firebug Net output for example1.com/test.php
Response Headers:
HTTP/1.1 302 Found
Date: Tue, 09 Oct 2012 09:03:34 GMT
Server: Apache/2.2.16 (Debian)
Location: http://example1.com/a.php
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Request Headers:
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection keep-alive
Cookie mycookie
Host example1.com
User-Agent Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
the problem is solved. it was because of pound server configuration. 'RewriteLocation' entry in pound server configuration must be set to 2 to this server doesn't change the redirect location.
anyway, thank you for answering.
Hi I'm experiencing a super weird problem.
Whenever I post links to my website on Facebook, they come up as Forbidden.
The site itself works great and I have no seen this when linking on other sites.
Could this be a server misconfiguration? Any thoughts on where to look?
here's some Info:
I have a dedicated server running WHM 11.25.0
i have 2 sites hosted here using cPanel 11.25.0
the error msg:
Forbidden You don't have
permission to access
/blog/deepwater-horizon-11/ on this
server. Additionally, a 404
Not Found error was encountered while
trying to use an ErrorDocument to
handle the request.
Apache/2.2.14 (Unix)
mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2
mod_auth_passthrough/2.1
mod_bwlimited/1.4 FrontPage/5.0.2.2635
Server at www.offshoreinjuries.com
Port 80
UPDATE:
Here is a sample link if it helps. (notice going the linked page directly works fine)
http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.offshoreinjuries.com%2Fblog%2Fdeepwater-horizon-11%2F&h=834ea
UPDATE and ANSWER:
Found the issue and added a complete answer below.
You must have a rule somewhere that reads the HTTP_REFERER and rejects incoming links from Facebook. Seriously. This is what happens between the lines:
No referrer
telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
HTTP/1.1 200 OK
Date: Fri, 28 May 2010 09:19:45 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.12
X-Pingback: http://www.offshoreinjuries.com/blog/xmlrpc.php
Content-Type: text/html; charset=UTF-8
200 OK, good.
Facebook referrer
telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
Referer: http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.offshoreinjuries.com%2Fblog%2Fdeepwater-horizon-11%2F&h=834ea
HTTP/1.1 403 Forbidden
Date: Fri, 28 May 2010 09:21:04 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=iso-8859-1
403 Forbidden, bad.
Any other referrer
telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
Referer: http://alvaro.es/
HTTP/1.1 200 OK
Date: Fri, 28 May 2010 09:20:36 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.12
X-Pingback: http://www.offshoreinjuries.com/blog/xmlrpc.php
Content-Type: text/html; charset=UTF-8
200 OK again.
Your server is actively rejecting visitors from Facebook.
I was finally able to get to the bottom of this behavior.
The default mod_security settings of my host, HostGator include a set of whitelists and blacklists. Upon inspecting these I found .facebook.com/l.php blacklisted.
l.php is a wrapper page that provides a warning that you are leaving facebook. As I understand it since this can be easily exploited, HostGator chose to essentially blacklist all outbound facebook links.
I fixed my problem by removing .facebook.com/l.php from the mod_security blacklist, however I could have also just reset my mod_security settings to Default (vs the HostGator config) via a single click in WHM.