dongyuyi5680 2014-02-19 14:58
浏览 136
已采纳

<403>禁用https:// URL,<302>使用http:// URL暂时移动

Our web authentication platform faced an unexpected behavior couple days ago when a user was unable to connect to our authentication servers, which is actually a method that POSTs data to our URL at https://xxxxxxxx.com/authentication/authorize.php. We were unsure what the problem was - our servers? The client they were using? Their firewalls?

This is the method we used through the experimentation below:

    HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
    webRequest.CookieContainer = new CookieContainer();
    webRequest.AllowAutoRedirect = false; // false so we don't get redirected

    using (HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse())
    {
        headers.Add("Status Code: " + (int)webResponse.StatusCode);
        headers.Add("Status Desc: " + webResponse.StatusDescription);
        foreach (string key in webResponse.Headers.Keys)
        {
            if (!key.ToString().Equals("Location"))
            {
                var value = webResponse.Headers[key];
                headers.Add(key + ": " + value);
            }
        }
    }

We had him send over a header report:

enter image description here

enter image description here

It appears we were were 4XX tier status code errors from this user.

Upon Googling, we found this article which instructs you to change the .htacess files. Specifically, it's an issue where your website host may be implementing filtering which creates a mod_security error.

We put this code snippet into our .htacess:

<IfModule mod_security.c>
 SecFilterEngine Off
 SecFilterScanPOST Off
</IfModule>

We ask the user to run our headers script again, and this was returned:

enter image description here

The https:// URL still returned a <403> Forbidden error, however, the http:// domain (non-encrypted one) finally gave us a voice. Note, the desired status code is a 302 Found, as any one that tries to navigate into that URL should be redirected to our host domain. It seems in this issue, we got a 302 Moved Temporarily.

From our experimentation, it looks like changing .htaccess did indeed allow us to make some progress, but not using the https:// protocol is an issue. We have contacted our server hosts asking for some insight as to why this is happening (such as -- do you guys implement filtering?), and we are currently waiting for a reply.

My question is -- what is going on? Have you encountered this issue before?

  • 写回答

1条回答 默认 最新

  • dongliang1873 2014-02-19 15:07
    关注

    The message you are getting back "Proxy Authentication Required" looks like the user is going through a proxy server to get to the web. First thing to check is that the browser or app user is using to get to your site is correctly connecting and authenticating to his proxy server. The next thing to check is whether their proxy admin has somehow blocked access to your URL (less likely). Maybe you can update your tester app to print the IP address of the server which responded, chances are it will be the address of a proxy server, and not your server.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 安装svn网络有问题怎么办
  • ¥15 Python爬取指定微博话题下的内容,保存为txt
  • ¥15 vue2登录调用后端接口如何实现
  • ¥65 永磁型步进电机PID算法
  • ¥15 sqlite 附加(attach database)加密数据库时,返回26是什么原因呢?
  • ¥88 找成都本地经验丰富懂小程序开发的技术大咖
  • ¥15 如何处理复杂数据表格的除法运算
  • ¥15 如何用stc8h1k08的片子做485数据透传的功能?(关键词-串口)
  • ¥15 有兄弟姐妹会用word插图功能制作类似citespace的图片吗?
  • ¥15 latex怎么处理论文引理引用参考文献