Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

openssl - NGINX load balancer: Getting error 403 Forbidden via NGINX, but direct access to upstream server via CURL works fine

I'm trying to configure NGINX (version 1.18.0) running on Ubuntu (20.04), to replace our existing F5 load balancers.

I've managed to get most sites migrated across, but I'm having trouble with 3 of them. When I try to browse to the sites via the NGINX IP, I am getting a response of "Forbidden" (error 403), this error appears to be coming from the upstream servers themselves (although I'm not 100% sure). However, when I test access to the upstream servers using CURL, it works fine.

I've tried ssldump, and it appears to be using the same ciphers. From the ssldump output from the failing request, it appears to do the handshake, then send application_data (request), then receive application_data (response) and then alert and the client (NGINX) closes the connection (TCP_RST). I assume because the server replied with "403".

For a direct (CURL) connection, after the handshake, I see it sends the application_data (request) and then 4 x receive application_data and then a normal close (TCP_FIN).

Does anyone know why the server might be returning 403, when accessing via NGINX, and normal response (200) when access via CURL (or a web browser)? I can't see anything different between the NGINX and the CURL requests.

question from:https://stackoverflow.com/questions/65848151/nginx-load-balancer-getting-error-403-forbidden-via-nginx-but-direct-access-to

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...