Re: Eclipse 403 access denied

Fri, 11 May 2018 10:51:21 -0700 

Hi Norman,

Op 11-5-2018 om 19:36 schreef Norman Branitsky:



After upgrading to the latest version of Eclipse and installing our 
custom Eclipse Plugin,


my developers are now being blocked by HAProxy.

Here’s a sample of the problem:


May 11 15:03:37 localhost haproxy[13089]: 66.192.142.9:43041 
[11/May/2018:15:03:37.932] main_ssl~ 
ssl_backend-etkdev/i-0912nnnnnnnn0e3b
0/0/1/24/25 200 436 - - --NN 52/52/0/0/0 0/0 "GET 
/entellitrak/private/api/workspaces/query/current HTTP/1.1"



May 11 15:03:38 localhost haproxy[13089]: 66.192.142.9:56417 
[11/May/2018:15:03:38.117] main_ssl~ main_ssl/<NOSRV>
0/-1/-1/-1/0 403 188 - - PR-- 50/50/0/0/0 0/0 "POST 
/entellitrak/private/api/packages/query/workspace/txxxx.jxxxxx HTTP/1.1"




"     PR   The proxy blocked the client's HTTP request, either because of an
          invalid HTTP syntax, in which case it returned an HTTP 400 error to
          the client, or because a deny filter matched, in which case it
          returned an HTTP 403 error."


So, is the 403 because the backend server is unknown in the 2^nd request?

Or is the backend server unknown because of the 403?

This is the beginning of the JSON payload in the POST statement:

ID: 24


Address: 
https://etkdev.wisits.org/entellitrak/private/api/packages/query/workspace/thomas.jackson


Http-Method: POST

Content-Type: application/json


Headers: {Authorization=[Basic dGhvbWFzLmphY2tzb246UGFzc3dvcmQxIQ==], 
Content-Type=[application/json], Accept=[application/json]}



Could it be the 'Host' header is missing.? Which is required by http/1.1.

And above authorization can be decoded.. be careful what internal/secure 
information is posted..



Payload: 
["package.fileServer.c0413431-1236-4825-90f1-5f5be131a237","package.rfWorkflowParameterJavascript.a227ee0b-6b59-4643-b1f8-1ff203948a24",


HAProxy version info:

[WIIRIS-LB-240]# /usr/local/sbin/haproxy -vv

HA-Proxy version 1.7.9 2017/08/18

Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org>

Build options :

  TARGET  = linux2628

  CPU     = generic

  CC      = gcc


  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement 
-fwrapv


  OPTIONS = USE_SLZ=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :

  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes

Built with libslz for stateless compression.


Compression algorithms supported : identity("identity"), 
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")


Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013


Running on OpenSSL version : OpenSSL 1.0.2l  25 May 2017 (VERSIONS 
DIFFER!)



p.s. Running with different versions between build/running is a bad thing..

Regards,

PiBa-NL























					Reply via email to