I am using the wordpress API to delete posts externally
however when running a delete request it returns a 403 with the error log as follows:
[authz_core:error] ... client denied by server configuration
All other request types work.
All I need to do is find the location of the server configuration file responsible for blocking delete requests which all research around delete requests causing this error has not been able to provide.
The server is a centos server,
I have checked the vhost configs and apache configs and all are clear to not be blocking request types.
Some insight on where this block will be taking place would be appreciated.
Related
I have an Angular web app running on Cloud Run (nginx webserver) (more info here) from which I want to get access token from the GCP metadata server. I have tried to make a call to https://metadata.google.internal ( using curl from Cloud Shell) but the connection was rejected. Calls to HTTP are working well.
When I make the call from my app (which is loaded over https) to the metadata server over HTTP - logically I get a mixed content error. When trying to access the metadata server over HTTPS - I am getting error 504 Gateway timeout, I assume due to the reason that the metadata server refuses the calls on HTTPS.
I will really appreciate any idea of how to solve this issue.
The URL endpoint metadata.google.internal is only accessible from inside the instance (Cloud Run). This endpoint is not accessible outside of the instance such as via an HTTP or HTTPS call. A clue is the TLD (Top Level Domain) internal.
If you want to access this endpoint remotely via a web browser, you will need to make a request from the browser to Cloud Run (an endpoint in your code) which then makes the internal request to the metadata server and returns the response to the client.
When trying to run a request through swagger UI, I receive the following response on Swagger
TypeError: Failed to fetch
After searching around, I found that a possible cause of this error is because of a CORS issue, where the origin is changed in the request (as you can see at this other post here). However, in my case, this is not running through some other proxy, it is hosted on a locally hosted server and that server is not changing any of the headers. I realized this when I tried to allow the API to just accept any CORS headers to test if this was the issue; sadly it was not and the issue persisted.
The API is running on IIS hosted on a server that is hosted locally. The API is running as an application on the default website and is accessed via the following url:
http://servername/application-name/swagger/index.html
Can anyone help with this issue?
After further investigation, I found that when I looked at the requests being sent to the server through the dev tools on the browser, that the URL was being changed from http to https on the request of the endpoint through swagger.
HTTPS, has not been set up on the server and returns a 404 (as seen in the dev tools).
It turns out, that even though the server has not been setup to serve content via HTTPS, the requests where still redirected to HTTPS and this was the reason
app.UseHttpsRedirection();
So, even though swagger was able to be loaded on HTTP, when the request was made to the API, the API responded with a 307 - for redirection and the request was redirected to HTTPS - which in turn returned 404. This 404 response was the cause the TypeError: Failed to fetch
The recommended fix for this is to turn off https redirection (ONLY FOR TESTING PURPOSES) and the other is to enable the server to serve the content correctly over HTTPS, so that when a call is made, it is not redirected, but rather sent straight to the correct API address on HTTPS - which should not return the data correctly, since the server can serve HTTPS content
I have a simple MVC ASP.Net application with a health check. The check is routed using an attribute: [HttpGet("health")]
When running it locally, I browse http://localhost:7000/health and get a successful result back. The logs look like this:
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
[00:00:34.796]: Request starting HTTP/1.1 GET http://localhost:7000/health
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: [00:00:34.796]: Request starting HTTP/1.1 GET http://localhost:7000/health
dbug: Microsoft.AspNetCore.Routing.Tree.TreeRouter[1]
Request successfully matched the route with name '(null)' and template 'health'.
However, once I deploy to Amazon Elastic Beanstalk, none of my normal request work. If I browse http://(myAppName).us-east-2.elasticbeanstalk.com/ these are the logs I get:
[40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
[23:56:39.079]: Request starting HTTP/1.1 GET http://172.31.27.29//(myAppName).us-east-2.elasticbeanstalk.com/health
[40m[37mdbug[39m[22m[49m: Microsoft.AspNetCore.Builder.RouterMiddleware[1]
Request did not match any routes.
Note how for some reason the request URL gets an IP address stuck in there. No idea where its coming from.
Turns out this was a misconfiguration in AWS. I had set the health check URL with an absolute address, which failed. Then when I tried to health check manually, the load balancer didn't let me through because the AWS health check was failing.
I thought the logs were from my manual check, so I assumed that amazon was adding weird things to my request. But really it was just a misconfigured health check in AWS.
I use nginx as my reverse proxy server to fetch image from the file server, which is also a web server.
It works well. but I want add permission check based on the url before send request to my file server. If has permission, just forwarding to my file server, or else just return 404.
BTW, I can't add the check in my file server for some reason.
I think I got the answer.
The module "http_auth_request_module" is what I want. https://www.nginx.com/resources/admin-guide/restricting-access-auth-request/
I have used better exposed filter module and set it as on click submit. it set an ajax request when click on the check box. It is causing problem in HTTPS. it is working fine in HTTP.
An AJAX HTTP error occurred.
HTTP Result Code: 403
Debugging information follows.Path: /views/ajax
StatusText: Forbidden
ResponseText: 403 Forbidden
ForbiddenYou don't have permission to access /views/ajaxon this server.
There are couple of things that you need to check:
It is likely you have not set $base_url in your settings.php file.
There is a mode_security file on Amazone EC2 server increase the size of post data when using https. Hope it will work Happy coding...