2

I ran into weird issue on dev server. CentOS 6.5. If I curl from bash script to "127.0.0.1" I get 403 response. It tries to go through corporate proxy. Details below.

If I curl to "localhost" - it's good.

Why this can be happening and how to prevent it?

I want to use 127.0.0.1 as a safer option (on some of production servers localhost may not be set).

curl to 127.0.0.1 log:

 About to connect() to proxy 172.1.0.65 port 3128 (#0)
*   Trying 172.11.0.63... connected
* Connected to 172.11.0.63 (172.11.0.63) port 3128 (#0)
* Establish HTTP proxy tunnel to 10.235.1.195:443
 > CONNECT 10.235.1.195:443 HTTP/1.1
 > Host: 10.235.1.195:443
 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
 > Proxy-Connection: Keep-Alive
 >
 < HTTP/1.0 403 Forbidden

curl to localhost log:

* About to connect() to localhost port 443 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*   bla-bla-bla
> POST /link/to/page HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost
> Accept: */*
> Content-Length: 43
> Content-Type: application/x-www-form-urlencoded
> 
} [data not shown]
< HTTP/1.1 200 OK
< Date: Fri, 03 Aug 2018 14:50:40 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3

cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
Improve this question
19
  • Have you tried unsetting the HTTP_PROXY environment variable?
    – Eugen Rieck
    Commented Jul 31, 2018 at 14:06
  • 1
    @EugenRieck yes, but that's not the question :D
    – Alex Orange
    Commented Jul 31, 2018 at 14:30
  • 1
    You do not show what happens when you do curl localhost. Depending on /etc/hosts and /etc/resolv.conf this may get "expanded" to a completely different name...
    – Patrick Mevzek
    Commented Jul 31, 2018 at 14:45
  • 2
    The HTTP_PROXY might very well be the question! It will make curl use a proxy if the requested address is not in a (very short) list. It might easily be, that localhost is on that list and 127.0.0.1 is not.
    – Eugen Rieck
    Commented Jul 31, 2018 at 16:46
  • 1
    As I said - the HTTP_PROXY environment variable is indeed important: Since it contains an IPv4 address it is used for IPv4 targets (such as 127.0.0.1) but not for IPv6 targets (such as localhost in your setup).
    – Eugen Rieck
    Commented Aug 11, 2018 at 0:41

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .