Networking
訪問 OpenBSD httpd 頁面時收到 403 頁面
我正在 OpenBSD vm(這裡稱為 example.com)上編寫一個靜態網頁,當我通過 http 使用其域名訪問伺服器時,我得到 httpd 的 403 頁面,當我使用時
telnet example.com 80
我得到Date: Tue, 12 Jul 2022 01:07:01 GMT Server: OpenBSD httpd Connection: close Content-Type: text/html Content-Length: 498
後面是網站的一些 html,然後
curl -I example.com
返回HTTP/1.0 403 Forbidden... Connection: close
. 我認為它與我的 pf.conf 有關,所以這裡是:# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ # # See pf.conf(5) and /etc/examples/pf.conf IP4 = "10.0.0.1" IP6 = "2001:db8::/80" FlushUDP = "max-pkt-rate 10000/10 keep state (max 1000, source-track rule, max-src-nodes 200, max-src-states 200)" Flush = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-rate 50/10 overload <abuse> flush global)" block all set skip on lo set block-policy drop set loginterface vio0 set syncookies adaptive (start 25%, end 12%) table <abuse> persist file "/etc/pf/abuse" block in log quick from <abuse> pass in log quick proto udp to {$IP4 $IP6} port {domain, isakmp, ntp, ipsec-nat-t} $FlushUDP block in log quick proto udp to {$IP4 $IP6} block in log quick from urpf-failed pass in on vio0 inet proto icmp icmp-type 8 code 0 $FlushUDP # icmp packets pass in on vio0 inet proto icmp icmp-type 3 code 4 $FlushUDP # icmp needfrag (MTU) pass in log quick on vio0 proto ipv6-icmp $FlushUDP match in all scrub (no-df random-id max-mss 1440) #came with the server block return out log proto {tcp, udp} user _pbuild block return in on ! lo0 proto tcp to port 6000:6010 match out on agress inet from !(egress:network) to any nat-to (egress:0) #tcp rules pass in on vio0 log quick proto tcp to {$IP4 $IP6} port domain $Flush pass in on vio0 log quick proto tcp to {$IP4 $IP6} port auth $Flush pass in on vio0 log quick proto tcp to {$IP4 $IP6} port {gopher www http https} $Flush pass in on vio0 log quick proto tcp to {$IP4 $IP6} port { 6660:6669 6697} $Flush #consdier adding more ports pass in on vio0 log quick proto tcp to {$IP4 $IP6} port 1337 $Flush #bouncer #my own rules block in quick on vio0 proto tcp from any os {"Mac OS", NMAP} #pass in on egress proto tcp from any to egress port { www, https, 6667, 6697, git} synproxy state #block in quick on egress proto {tcp, udp, icmp} from any to any modulate state (if-bound) antispoof for vio0 inet antispoof for vio0 inet6 block return # block stateless traffic pass # establish keep-state
,/etc/pf/abuse 的內容:
127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24
,這裡是/etc/httpd.conf:
types{ include "/usr/share/misc/mime.types"} server "example.com"{ alias "www.example.com" listen on * port 80 location "/.well-known/acme-challenge/*"{ root "/htdocs/example.com" request strip 2 } }
hostname.vio0
包含inet autoconf
&inet6 2a03:6000:6e64:618::221 64
在單獨的行上,mygate
包含2a03:6000:6e64:618::1
(因此只有路由器的 ipv6 地址),並且在單獨的行上resolv.conf
包含nameserver [IP ADDRESS] # resolvd: vio0
&lookup file bind
,其中$$ IP ADDRESS $$是伺服器的 ipv4 地址。 我想要得到的是 HTTP/1.0 302 Found 的 telnet 響應或到達 index.htm,它現在是簡單的文本。
預設
index
是index.html
,預設index
位置是/var/www/htdocs
,所以當請求發送到或時要查找/var/www/htdocs/index.html
的位置也是。httpd``example.com``www.example.com
以下伺服器塊應該根據您上面的評論工作:
types { include "/usr/share/misc/mime.types" } server "example.com" { alias "www.example.com" listen on * port 80 location "/.well-known/acme-challenge/*" { root "/htdocs/example.com" request strip 2 } root "/var/www/htdocs/example.com" directory index index.htm }
或者,您應該找到您目前的
index.htm
:curl -I example.com/example.com/index.htm