[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wiki

On Friday 16 February 2018 11:53:44 Reco wrote:

> 	Hi.
>
> On Fri, Feb 16, 2018 at 10:38:49AM -0500, Greg Wooledge wrote:
> > On Fri, Feb 16, 2018 at 10:30:31AM -0500, Gene Heskett wrote:
> > > On Friday 16 February 2018 07:08:57 Rodary Jacques wrote:
> > > > Le vendredi 16 février 2018, 06:42:52 CET rhkramer@gmail.com a 
écrit :
> > > > > On Thursday, February 15, 2018 08:42:14 PM Rodary Jacques 
wrote:
> > > > > > Why can't I access wikis from a Debian box:
> > > > > > Forbidden
> > > > > > <p>You are not allowed to access this!</p>
> > > > > > is the message I get.
> > > > >
> > > > > I think we need more information--which wiki are you having
> > > > > trouble with? (What is its URL?)
> > > >
> > > > I first had this message on  https://wiki.debian.org, then on
> > > > various problems.
> > >
> > > Old but uptodate wheezy install here. firefox had no problems
> > > navigating the site.
> > > Perhaps your http->S<- is defective somehow.
> >
> > The original message was so incredibly vague that it could mean
> > anything.
> >
> > But.
> >
> > If the actual complaint is "I get 403 Forbidden on
> > https://wiki.debian.org"; then we need additional detail: what
> > version of Debian the OP is using, what browser, and any unusual
> > aspects of the OP's network that could be relevant (workplace
> > firewall, China firewall, etc.).
>
> My crystal ball says that OP is using home connection, and no, these
> details aren't needed. tcpdump/wireshark capture, combined with the
> SSL session key - that's what needed.
> Or someone from 11AS12322 willing to provide a temporary shell
> account.
>
> E-mail headers say that e-mail came from 11AS12322 belonging to some
> French provider:
>
> Received: from ns.rodary.net (unknown [88.170.1.143])
>         by smtp5-g21.free.fr (Postfix) with ESMTP id 154405FF27
>         for <debian-user@lists.debian.org>; Fri, 16 Feb 2018 02:42:15
> +0100 (CET)
>
> With MUA which is uncommon in dull enterprise world:
>
> User-Agent: KMail/5.2.3 (Linux/4.9.0-5-amd64; KDE/5.28.0; x86_64; ; )
>
> I believe we can exclude such possibilities as China Great Firewall
> (unless they installed it in France for some reason), or workplace SSL
> Bump (else OP won't see HTTP 403).
>
> > There have been several similar complaints in #debian IRC over the
> > last year or two, with random people coming in and saying that they
> > get a "403 Forbidden" on the Debian wiki, but the one thing they all
> > have in common is a LACK OF DETAIL.
>
> Whose who know they way around don't have such problems. Whose who
> don't are unable to describe it. I see nothing unusual in this.
>
> My suggestion to OP - try Tor, see if it works.
>
> > At this point nobody knows how to diagnose the problem, because
> > nobody who HAS the problem is willing or able to come forward and
> > just say what is happening and why.  Is it a DNS resolution error,
> > in which they're getting the wrong IP address?
>
> No. Browsers do certificate validation, "wrong IP address" would be
> possible if the third party somehow produced a valid certificate for
> wiki.debian.org (you have to be a CA *or* the government to do this)
> and faked a DNS record (that's easy part).
>
> > Does the wiki or its front-end web server have a firewall that
> > blacklists certain IP address ranges?
>
> Even if it did, the firewall have not come into play.
> Since the user saw HTTP 403 it means that HTTPS connection was
> established successfully, and a front-end (or back-end) webserver gave
> 403 code, which was transferred to a user.
>
> >  Is it a web browser bug?  Nobody knows!
>
> Hardly. Of course OP could use some ancient toy browser that does not
> do SNI, but wiki.debian.org provides a correct certificate even for
> *those*. It's easy to check with (openssl does not use SNI unless you
> ask for it):
>
> openssl s_client -host wiki.debian.org -port 443
>
> Reco

That is quite a verbose tool, thank you Reco for enlightening me.


-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: