Networking

訪問 OpenBSD httpd 頁面時收到 403 頁面

  • July 12, 2022

我正在 OpenBSD vm(這裡稱為 example.com)上編寫一個靜態網頁,當我通過 http 使用其域名訪問伺服器時,我得到 httpd 的 403 頁面,當我使用時telnet example.com 80我得到

Date: Tue, 12 Jul 2022 01:07:01 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 498

後面是網站的一些 html,然後curl -I example.com返回HTTP/1.0 403 Forbidden... Connection: close. 我認為它與我的 pf.conf 有關,所以這裡是:

#       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

IP4 = "10.0.0.1"
IP6 = "2001:db8::/80"
FlushUDP = "max-pkt-rate 10000/10 keep state (max 1000, source-track rule, max-src-nodes 200, max-src-states 200)"
Flush = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-rate 50/10 overload <abuse> flush global)"
block all
set skip on lo

set block-policy drop
set loginterface vio0
set syncookies adaptive (start 25%, end 12%)
table <abuse> persist file "/etc/pf/abuse"

block in log quick from <abuse>
pass in log quick proto udp to {$IP4 $IP6} port {domain, isakmp, ntp, ipsec-nat-t} $FlushUDP
block in log quick proto udp to {$IP4 $IP6}
block in log quick from urpf-failed
pass in on vio0 inet proto icmp icmp-type 8 code 0 $FlushUDP # icmp packets
pass in on vio0 inet proto icmp icmp-type 3 code 4 $FlushUDP # icmp needfrag (MTU)
pass in log quick on vio0 proto ipv6-icmp $FlushUDP
match in all scrub (no-df random-id max-mss 1440)
#came with the server
block return out log proto {tcp, udp} user _pbuild
block return in on ! lo0 proto tcp to port 6000:6010
match out on agress inet from !(egress:network) to any nat-to (egress:0)
#tcp rules
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port domain $Flush
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port auth $Flush
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port {gopher www http https} $Flush
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port { 6660:6669 6697} $Flush  #consdier adding more ports
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port 1337 $Flush #bouncer

#my own rules
block in quick on vio0 proto tcp from any os {"Mac OS", NMAP}
#pass in on egress proto tcp from any to egress port { www, https, 6667, 6697, git} synproxy state
#block in quick on egress proto {tcp, udp, icmp} from any to any modulate state (if-bound)
antispoof for vio0 inet
antispoof for vio0 inet6
block return    # block stateless traffic
pass            # establish keep-state

,/etc/pf/abuse 的內容:

127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
224.0.0.0/3
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24

,這裡是/etc/httpd.conf:

types{ include "/usr/share/misc/mime.types"}

server "example.com"{
       alias "www.example.com"
       listen on * port 80
       location "/.well-known/acme-challenge/*"{
               root "/htdocs/example.com"
               request strip 2
       }
}

hostname.vio0包含inet autoconf& inet6 2a03:6000:6e64:618::221 64在單獨的行上, mygate包含2a03:6000:6e64:618::1(因此只有路由器的 ipv6 地址),並且在單獨的行上resolv.conf包含nameserver [IP ADDRESS] # resolvd: vio0& lookup file bind,其中

$$ IP ADDRESS $$是伺服器的 ipv4 地址。 我想要得到的是 HTTP/1.0 302 Found 的 telnet 響應或到達 index.htm,它現在是簡單的文本。

預設indexindex.html,預設index位置是/var/www/htdocs,所以當請求發送到或時要查找/var/www/htdocs/index.html的位置也是。httpd``example.com``www.example.com

以下伺服器塊應該根據您上面的評論工作:

types { include "/usr/share/misc/mime.types" }

server "example.com" {
       alias "www.example.com"
       listen on * port 80
       location "/.well-known/acme-challenge/*" {
               root "/htdocs/example.com"
               request strip 2
       }
       root "/var/www/htdocs/example.com"
       directory index index.htm
}

或者,您應該找到您目前的index.htm

curl -I example.com/example.com/index.htm

引用自:https://serverfault.com/questions/1105344