Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 31 Mar 2020 22:12:21 +0100
From:      "Norman Gray" <norman.gray@glasgow.ac.uk>
To:        Gary Aitken <freebsd@dreamchaser.org>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: weird 403 (forbidden) website access issue
Message-ID:  <B11EF1EF-FF36-4DD9-9996-2643B177CDA7@glasgow.ac.uk>
In-Reply-To: <ba457b4a-3362-d9e0-4b8a-c6204937819d@dreamchaser.org>
References:  <ba457b4a-3362-d9e0-4b8a-c6204937819d@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Gary, greetings.

On 31 Mar 2020, at 21:33, Gary Aitken wrote:

> The addr (www.ovandoschool.org) resolves to 69.175.87.226
>
> If I type in 69.175.87.226 in the address bar, I get a 403 error
>   with a note
>     69.175.87.226/cp_errordocument.shtml (port 80)
> Seems to be accessible fine from windows machines going through the 
> same
> fbsd 11.3-RELEASE-P6 gateway (not the same system as the one with the
> browser having the problem).
>
> If I manually access from the failing fbsd system, it works:
>
> $ telnet 69.175.87.226 80
> Trying 69.175.87.226...
> Connected to chi-node42.websitehostserver.net.
> Escape character is '^]'.
> GET / HTTP/1.1
> Host: www.ovandoschool.org

If you type the IP address in to the address bar, then the browser will 
either send that as the 'Host' request header, or won't send the header 
at all.  Thus the server, presuming it's set up to serve multiple hosts, 
won't know which website to send back.

An alternative route to the same conclusion is that HTTP 1.1 requires 
the 'Host' request header, so if it's missing (or possibly if it's an IP 
address, or if it's not one of the hosts the server has been configured 
to handle), then... error document.

If this works with any browser, then it _might_ be that the browser is 
being clever, doing a reverse lookup of the IP address, and sending the 
result as the 'Host' request header.  In that case, a bit of tcpdump 
will clarify.

Apologies if this is obvious, but if this isn't the problem, you might 
need to elaborate.

Good wishes,

Norman


-- 
Norman Gray  :  http://www.astro.gla.ac.uk/users/norman/it/
Research IT Coordinator
SUPA School of Physics and Astronomy, University of Glasgow, UK
Charity number SC004401

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B11EF1EF-FF36-4DD9-9996-2643B177CDA7>