*****.cloudfront.net <- this is mywebsite
Error 403 when 'curl' occurs. However, it is normal to connect through a browser.
What's the problem? I can't use 'curl' but it's normal when I log in through a browser.
seems like the question is too old to answer, however I've faced the same issue today.
So, maybe my answer would be helpful for anybody...
My problem was exactly as decribed: cloudfront service was accessible through web browsers such Chromium & Firefox, however the response for the curl request was "Access Denied":
matvey#matvey-pc:~$ curl -v "https://d218ouehxiafnp.cloudfront.net"
... output is trimmed
> GET / HTTP/2
> Host: d218ouehxiafnp.cloudfront.net
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 403
< content-type: application/xml
< date: Tue, 06 Dec 2022 21:47:02 GMT
< server: AmazonS3
< x-cache: Error from cloudfront
< via: 1.1 61c35238bc750b646bd101c97da70922.cloudfront.net (CloudFront)
< x-amz-cf-pop: BUD50-C1
< x-amz-cf-id: tmlM6k285fqQXLUnpSnEjTdim0CDUkWlUaWakSJQZ5koVtsqUwkHXg==
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host d218ouehxiafnp.cloudfront.net left intact
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>QZMBFA097CY6V4ZK</RequestId><HostId>vELi5HfHj2oQeIV1K2L6epFEBeNMVbViOGDvM7VXFO6DtqfLSYm+1Pr2H1UwfuRt4ylrrYqYiFU=</HostId></Error>
My Cloudfront was configured as follows:
HTTP/1.0 & HTTP/1.1 & HTTP/2;
GET & HEAD methods were allowed;
Compression is on.
After troubleshooting I've found out that if compression is ON, then Accept-Encoding header is required.
So, everything became working after specifying header as follows:
curl -v https://d218ouehxiafnp.cloudfront.net -H "Accept-Encoding: *"
More details on that header.
Hope it'll be useful for you.
Related
I have an API name loginUser, which generates the authorization Token, that is to be passed in other subsequent APIs.
Below is the response:-
HTTP/1.1 200 OK
Date: Sat, 10 Nov 2018 07:08:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 71
Connection: keep-alive
Server: nginx/1.10.3 (Ubuntu)
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: date, authorization, x-powered-by, connection, server, access-control-allow-origin, content-type, content-length, x-final-url
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIyYmEyYjc1My03NWEwLTQxNGYtYWFiOC0zZGY1M2I4YmIwMDEiLCJpc0Nvb2siOnRydWUsImlhdCI6MTU0MTgzMzcyNX0.3FRVpHm4EF2Ahzzy-OjbZ2EeZto6-hSFKHNtG5wcjBs
Where I want to fetch the authorization.
I'm using Regular Expression Extractor, but it is throwing below error (URISyntaxException: illegal character in the path)
Snapshots:-
Step_1
Step_4
I have seen couple of queries related to this Error but not in Jmeter,
And i tried using % also, to get rid out of this error, but that didn't work out.
Thanks in advance.
Authorization is sent/receive in headers,
Change Step 2, Field to check should be Response Headers to get the value
Currently I'm facing an issue in capturing the Cookies which is coming as part of response. I'm using WinInet for my connection.
After sending the request using HttpSendRequest, I'm using HttpQueryInfo to query the response in the below order
HTTP_QUERY_STATUS_CODE
HTTP_QUERY_SET_COOKIE
HTTP_QUERY_CONTENT_TYPE
HTTP_QUERY_CONTENT_LENGTH
Finally I'm reading body content using InternetReadFile.
Server has the loadbalance installed. all the response sent from LB has "Set-Cookies" enabled.
If I get any response without "Set-Cookies" in header then my code is reading the content successfully.
When there is "Set-Cookies" field in header then the issue comes. It is resulting out in "Header Not Found" when I query for "HTTP_QUERY_CONTENT_TYPE"
Below is the sample response header which is success
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Dec 2015 10:05:00 GMT
Content-Length: 107
Content-Type: text/html; Charset=utf-8
Via: 1.1 TestServer:80 (Cisco-WSA/8.8.0-085)
Connection: keep-alive
Below is the sample response header which is error out.
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
Set-Cookie: MYID=B3C5D2B2%2D0426%2D473F%2DACF6%2DF19BAC3F5A6C%3A%3A88757401; path=/
X-Powered-By: ASP.NET
Date: Thu, 17 Dec 2015 10:07:20 GMT
Content-Length: 277
Content-Type: text/html; Charset=utf-8
Via: 1.1 TestServer:80 (Cisco-WSA/8.8.0-085)
Connection: keep-alive
Work around found,
While querying the response header, if I add HTTP_QUERY_COOKIE in the sequence then the issue is getting resolved but I'm not sure on this is correct or not.
Can any one help me?
Why SET_COOKIE is not able to catch the "set-cookies"
What is the difference between HTTP_QUERY_SET_COOKIE and HTTP_QUERY_COOKIE?
What will be the impact if I use HTTP_QUERY_COOKIE to overcome this issue?
Thanks
Vijay
I am using LibCurl/C++ to send and receive html requests. One of the servers I access returns back this header information Access-Control-Expose-Headers: X-Custom1, where X-Custom1 is a custom header to provide data that I need to parse. But I am not seeing any value for X-Custom1.
I tried requesting it specifically by adding
Access-Control-Request-Headers: X-Custom1
header in my curl c++ request. But no use.
Response header data:
HTTP/1.1 200
Server: <server name>
Date: Thu, 01 Oct 2015 06:43:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: <cookie data>; expires=Fri, 30-Sep-16 06:43:05 GMT; path=/; domain=<domain name>; HttpOnly
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Custom1
Access-Control-Max-Age: 1728000
Etag: W/"<tag data>"
CF-RAY: <ray data>
Content-Encoding: gzip
Anyone know how to get the X-Custom1 data ?
I have been stuck at this for a long time now and need help.
Forgive me if this could be a cross post or wrongly tagged. I am not sure where else to post this question.
Thanks in advance.
Looks like I have been asking the wrong question after all.The response merely says X-Custom1 will be accessible from the server. It turned out that I had to request an entirely different url to get the actual valid data for that header.
Posting it here to let others seeking out similar questions know how it turned out.
I am trying to call GetAuthToken from Amazon Web Services:
http://docs.developer.amazonservices.com/en_US/auth_token/AuthToken_GetAuthToken.html
I checked the C# client library and I cannot find GetAuthToken as a method. Has this been implemented? I tried to do a POST request without the library and it fails. Here is my request and response that I wrote manually:
Request
POST https://mws.amazonservices.com/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: mws.amazonservices.com
Content-Length: 238
Expect: 100-continue
Connection: Keep-Alive
AWSAccessKeyId=XX&Action=GetAuthToken&SellerId=XX&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2014-09-01T16%3A41%3A16Z&Version=2011-07-01&Signature=vRBxMEXAMPLES2y0FGPufG4u7WY2HqhcsYUW6IVI9%2BQ%3D
Response:
HTTP/1.1 404 Not Found
Date: Fri, 03 Oct 2014 17:14:53 GMT
Server: AmazonMWS
x-mws-request-id: 1a0bd189-d3e9-40b8-a55d-a420c9ed4805
x-mws-timestamp: 2014-10-03T17:14:54.195Z
x-mws-response-context: VaGpX6JmTb+cM7WqwM6Fs8/E4oExbxl5c7li/EU0ho2j0/WpcYuG1XZSQzkuyrlr+kVTKBdKeG6F 3nwhM5s2gg==
Content-Type: text/xml
Content-Length: 368
Vary: User-Agent
<?xml version="1.0"?>
<ErrorResponse xmlns="https://mws.amazonservices.com/">
<Error>
<Type>Sender</Type>
<Code>InvalidAddress</Code>
<Message>Resource / is not found on this server. API Section is missing or you have provided an invalid operation name.</Message>
</Error>
<RequestID>1a0bd189-d3e9-40b8-a55d-a420c9ed4805</RequestID>
</ErrorResponse>
You have wrong ServiceURL setting. You can not have it as "mws.amazonservices.com", you have to specify proper ServiceURL according to the shop location. Use one of the following settings (taken from Amazon library samples) or check out more complete Developer Guide:
// North America:
$serviceUrl = "https://mws.amazonservices.com/Products/2011-10-01";
// Europe
$serviceUrl = "https://mws-eu.amazonservices.com/Products/2011-10-01";
// Japan
$serviceUrl = "https://mws.amazonservices.jp/Products/2011-10-01";
// China
$serviceUrl = "https://mws.amazonservices.com.cn/Products/2011-10-01";
I am trying to create raw sockets in C/C++, then create a request message and then send that message to a target server. If the port I specify happens to be 80 I want to send a HTTP request to determine the HTTP version that the target server is using. For e.g I send GET HTTP/1.0 to www.google.com.
For some servers it returns HTTP/1.1 400 bad request. While in some cases it responds with an XML message. I know the GET command is wrong since I am not specifying any object to actually GET. So is there a generic way to do this?
Try:
HEAD / HTTP/1.0\r\n
\r\n
Or:
GET / HTTP/1.0\r\n
\r\n
The first line of the servers response should contain the HTTP version. Note that some servers will return 400 Bad Request if the Host: <hostname> is omitted from the header (which is not required in 1.0, but in 1.1). I would do:
Try:
HEAD / HTTP/1.0\r\n
Host: <hostname>\r\n
\r\n
Or:
GET / HTTP/1.0\r\n
Host: <hostname>\r\n
\r\n
If you don't require the message body, you should use HEAD as it will require less data to receive.
You will have to progressively try each version of HTTP. For example, if I query google.com with HTTP 1.0, it will respond with HTTP 1.0:
$ printf "HEAD / HTTP/1.0\nHost: google.com\n\n" | nc google.com 80
HTTP/1.0 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Nov 2013 19:44:42 GMT
Expires: Thu, 26 Dec 2013 19:44:42 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
If I query it with HTTP 1.1, it will respond with HTTP 1.1:
$ printf "HEAD / HTTP/1.1\nHost: google.com\n\n" | nc google.com 80
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Nov 2013 19:44:47 GMT
Expires: Thu, 26 Dec 2013 19:44:47 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
GET / HTTP/1.0\r\n
Host: www.google.com\r\n
\r\n
This is a basic HTTP request. Alternatively, you can use HEAD instead of GET, sinse you only want the headers, but some basic servers don't recognize HEAD as a valid method.
Not every server will support HTTP/1.0, they will most likely ignore this and answer as HTTP/1.1, others will just ape the version in your request and not really mean it.
It can be frustrating to try to determine the HTTP version in a random server. Perhaps you should instead use 1.1 in the request and see if the server answers with 1.0, I believe it may be the safest way to know if the server is at least giving a damn.