Date: Thu, 2 Apr 2020 21:18:09 -0600 From: Gary Aitken <freebsd@dreamchaser.org> To: Mike Clarke <jmc-freebsd2@milibyte.co.uk>, freebsd-questions@freebsd.org Subject: Re: weird 403 (forbidden) website access issue Message-ID: <0a2c4c08-b459-544b-5ad3-cd58da9759e7@dreamchaser.org> In-Reply-To: <2038d71a-e939-bbf3-77ad-d132a77e31e2@dreamchaser.org> References: <ba457b4a-3362-d9e0-4b8a-c6204937819d@dreamchaser.org> <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> <f3a7de61-162a-1196-eae1-16bd22124ebb@dreamchaser.org> <1807716.EnoYUHA41c@curlew> <2038d71a-e939-bbf3-77ad-d132a77e31e2@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/2/20 10:02 AM, Gary Aitken wrote: > On 4/2/20 2:50 AM, Mike Clarke wrote: >> On Wednesday, 1 April 2020 06:03:05 BST Gary Aitken wrote: >> >>> How likely is it that the small window size (1028) in the 4th pair >>> (HTTP: GET request) is causing the server to refuse the request? If >>> so, is this a firefox issue or an underlying tcp issue? >> >> It's not just Firefox. I've tried Firefox, Chrome, Midori and >> Konqueror and get the 403 code with them all from my FreeBSD box but >> no problem with Firefox, Chrome and Edge on Windows 10. >> >> But I think I've found a clue to the cause. I tried Lynx with its >> default settings and it worked fine but when I changed the user agent >> header to >> >> Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/ 20100101 Firefox/74.0 >> I got a 403 error. >> >> Looks like the server is only accepting requests from a restricted >> range of browser and OS combinations >> >> Lynx/2.8.9rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.1.1d-freebsd >> is accepted but >> Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/20100101 Firefox/74.0 >> appears to be regarded as 'dangerous'. > > Thank you! > I will see what the hosting service has to say from there. > I got similar refusals from some sites such as lowes.com as well. Apparently the hosting service has some special rule which was triggering this. They wouldn't tell me the rule so I don't really know what it was, unfortunately. They disabled the rule for this particular site, but whether that same rule is being applied to other domains I don't know. The rule was a ModSecurity #70200 but that's in the local/private range so it's not a well-known rule. Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0a2c4c08-b459-544b-5ad3-cd58da9759e7>