Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 Forbidden #11

Closed
Tazintosh opened this issue Nov 29, 2014 · 3 comments
Closed

403 Forbidden #11

Tazintosh opened this issue Nov 29, 2014 · 3 comments

Comments

@Tazintosh
Copy link

Hi Hans,

I'm trying to run ftpcloudfs + hubic2swiftgate on Mac OS X Yosemite (+ Server.app installed).
Have you been able to make it run under such a similar config?

Everytime I want to connect to ftp://hubic@192.168.1.11:2021, I get an error.
I've both tested with MAMP or Apple's Apache.
https://myServerDomain:8890/auth/v1.0/ is when I test with MAMP, else, it's https://myServerDomain/auth/v1.0/ with default OS X Apache.
With MAMP, I'm using a MAMP create autosigned certificate+key
With Apple's Apache, I'm using an Apple autosigned certificate+key create right into the Server.app

Error With Apple Apache

[E 14-11-25 19:59:14] 192.168.1.11:64096-[hubic] Failed to authenticate user hubic: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol
[13683] 2014-11-25 19:59:14,996 - ERROR - 192.168.1.11:64096-[hubic] Failed to authenticate user hubic: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol

Error with MAMP

[54610] 2014-11-28 18:53:34,687 - INFO - Starting new HTTPS connection (1): myServerDomain
/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py:730: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/   en/latest/security.html (This warning will only appear once by default.)
InsecureRequestWarning)
[54610] 2014-11-28 18:53:34,699 - INFO - REQ: curl -i https://myServerDomain:8890/auth/v1.0/ -X GET
[54610] 2014-11-28 18:53:34,700 - INFO - RESP STATUS: 403 Forbidden
[54610] 2014-11-28 18:53:34,700 - INFO - RESP HEADERS: [('content-length', '212'), ('keep-alive', 'timeout=5, max=100'), ('server', 'Apache'), ('connection', 'Keep-Alive'), ('date', 'Fri, 28 Nov 2014 17:53:34 GMT'), ('content-  type', 'text/html; charset=iso-8859-1')]
[54610] 2014-11-28 18:53:34,700 - INFO - RESP BODY: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /auth/v1.0/
on this server.</p>
</body></html>
[E 14-11-28 18:53:34] 192.168.1.11:59039-[hubic] Failed to authenticate user hubic: [Errno 13] Auth GET failed:     Forbidden
[54610] 2014-11-28 18:53:34,700 - ERROR - 192.168.1.11:59039-[hubic] Failed to authenticate user hubic: [Errno 13] Auth     GET failed: Forbidden
[I 14-11-28 18:53:39] 192.168.1.11:59039-[] USER 'hubic' failed login.
[54610] 2014-11-28 18:53:39,702 - INFO - 192.168.1.11:59039-[] USER 'hubic' failed login.
[I 14-11-28 18:53:42] 192.168.1.11:59039-[] FTP session closed (disconnect).
[54610] 2014-11-28 18:53:42,962 - INFO - 192.168.1.11:59039-[] FTP session closed (disconnect).

By running the command curl -v -k https://myServerDomain:8890/auth/v1.0/I've the following output

* Hostname was NOT found in DNS cache
*   Trying 192.168.1.11...
* Connected to myServerDomain (192.168.1.11) port 8890 (#0)
* TLS 1.0 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate: myServerDomain
> GET /auth/v1.0/ HTTP/1.1
> User-Agent: curl/7.37.1
> Host: myServerDomain:8890
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Date: Fri, 28 Nov 2014 18:31:10 GMT
* Server Apache is not blacklisted
< Server: Apache
< Content-Length: 212
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /auth/v1.0/
on this server.</p>
</body></html>
* Connection #0 to host myServerDomain left intact

This one is the ouput with Apple Apache

* Hostname was NOT found in DNS cache
*   Trying 192.168.1.11...
* Connected to myServerDomain (192.168.1.11) port 443 (#0)
* TLS 1.0 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate: myServerDomain
> GET /auth/v1.0/ HTTP/1.1
> User-Agent: curl/7.37.1
> Host: myServerDomain
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 403 Forbidden
< Date: Fri, 28 Nov 2014 18:37:41 GMT
< Server: Apache
< X-Powered-By: PHP/5.5.14
< Expires: Mon, 1 Jan 2000 00:00:00 GMT
< Last-Modified: Fri, 28 Nov 2014 18:37:41 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Cache-Control: post-check=0, pre-check=0
< Pragma: no-cache
< MS-Author-Via: DAV
< Content-Length: 38
< Connection: close
< Content-Type: text/html
< 
* Closing connection 0
AUTH_USER and/or AUTH_KEY are missing!
@oderwat
Copy link
Owner

oderwat commented Nov 29, 2014

Well 403 is expected for accessing /auth/v1.0/ without a valid user/password (which is defined in the config file).

Did you successfully register the gate with the hubic server itself?

Did you check "https://yourserver.com/usage/" to report back your HubiC Storage usage?

Also be aware that Yosemite comes with Apache 2.2 and therefore the server config may need adjustments too ("Require all granted" instead of the old " Order allow,deny / Allow from all" stuff).

@Tazintosh
Copy link
Author

Hi Hans,

Registration did worked as well as /usage/
I've added "require all granted" on the virtual host, still no luck.
Here is the config (Apple's one):

<VirtualHost 192.168.1.11:443>
        ServerName myDomainName
        ServerAdmin admin@example.com
        DocumentRoot "/Users/AdminAccountName/Documents/Sites/Production/hubiCAuth"
        DirectoryIndex simple.php
        CustomLog /var/log/apache2/access_log combinedvhost
        ErrorLog /var/log/apache2/error_log
        <IfModule mod_ssl.c>
                SSLEngine On
                SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"
                SSLProtocol -ALL +TLSv1
                SSLProxyEngine On
                SSLCertificateFile "/etc/certificates/myDomainName.3273EE8C9371EA56327E8EA984F496DB47E09905.cert.pem"
                SSLCertificateKeyFile "/etc/certificates/myDomainName.3273EE8C9371EA56327E8EA984F496DB47E09905.key.pem"
                SSLCertificateChainFile "/etc/certificates/myDomainName.3273EE8C9371EA56327E8EA984F496DB47E09905.chain.pem"
                SSLProxyProtocol -ALL +TLSv1
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off
        </IfModule>
        <Directory "/Users/AdminAccountName/Documents/Sites/Production/hubiCAuth">
                Options All -Indexes -ExecCGI -Includes +MultiViews
                AllowOverride All
                <IfModule mod_dav.c>
                        DAV Off
                </IfModule>
                <IfDefine !WEBSERVICE_ON>
                        #Require all denied
                        Require all granted
                        ErrorDocument 403 /customerror/websitesoff403.html
                </IfDefine>
        </Directory>
</VirtualHost>

@Tazintosh
Copy link
Author

Hey Hans,
In case you want to take a look, I've also open an issue on ftpcloudfs git https://github.com/cloudfs/ftp-cloudfs/issues/35

@oderwat oderwat closed this as completed Jan 28, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oderwat @Tazintosh