I ran into weird issue on dev server. CentOS 6.5. If I curl from bash script to "127.0.0.1" I get 403 response. It tries to go through corporate proxy. Details below.
If I curl to "localhost" - it's good.
Why this can be happening and how to prevent it?
I want to use 127.0.0.1 as a safer option (on some of production servers localhost may not be set).
curl to 127.0.0.1 log:
About to connect() to proxy 172.1.0.65 port 3128 (#0)
* Trying 172.11.0.63... connected
* Connected to 172.11.0.63 (172.11.0.63) port 3128 (#0)
* Establish HTTP proxy tunnel to 10.235.1.195:443
> CONNECT 10.235.1.195:443 HTTP/1.1
> Host: 10.235.1.195:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 403 Forbidden
curl to localhost log:
* About to connect() to localhost port 443 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* bla-bla-bla
> POST /link/to/page HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost
> Accept: */*
> Content-Length: 43
> Content-Type: application/x-www-form-urlencoded
>
} [data not shown]
< HTTP/1.1 200 OK
< Date: Fri, 03 Aug 2018 14:50:40 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
HTTP_PROXY
environment variable?curl localhost
. Depending on/etc/hosts
and/etc/resolv.conf
this may get "expanded" to a completely different name...HTTP_PROXY
might very well be the question! It will make curl use a proxy if the requested address is not in a (very short) list. It might easily be, that localhost is on that list and 127.0.0.1 is not.HTTP_PROXY
environment variable is indeed important: Since it contains an IPv4 address it is used for IPv4 targets (such as 127.0.0.1) but not for IPv6 targets (such as localhost in your setup).