tls – Debugging HTTP 403 Forbidden when using cURL for mutual authentication SSL (mTLS)

I’m a beginner in security but I am trying to send a request to a server through mutual authentication.
I was given

  1. CA pem file
  2. client cert pem file
  3. private key pem file

Right now, I’m trying to establish a connection to the server but it keeps hitting 403 error and I’m unsure how to debug from here.

Using cURL to execute the below command:
curl -H "Content-Type: application/json" -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" --cacert ca.pem --key privateKey.pem --cert client.pem https://svc.server.com -d '{}'

The log showing http 403 error

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 222.222.222.222:443...
* Connected to svc.server.com (222.222.222.222) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: ca.pem
*  CApath: none
} (5 bytes data)
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} (512 bytes data)
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ (63 bytes data)
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ (5573 bytes data)
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ (333 bytes data)
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ (5482 bytes data)
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ (4 bytes data)
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} (4024 bytes data)
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} (70 bytes data)
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
} (264 bytes data)
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} (1 bytes data)
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} (16 bytes data)
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ (16 bytes data)
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=BE; L=Waterloo; O=International Corporated; OU=BIP0 AIDC; CN=svc.server.com
*  start date: Apr  7 19:27:43 2020 GMT
*  expire date: Jul  6 19:57:43 2022 GMT
*  subjectAltName: host "svc.server.com" matched cert's "svc.server.com"
*  issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust CA
*  SSL certificate verify ok.
} (5 bytes data)
> POST /v1/0/activate HTTP/1.1
> Host: svc.server.com
> Accept: */*
> Content-Type: application/json
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
> Content-Length: 2
>
} (2 bytes data)
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Content-Type: application/json;charset=UTF-8
< Content-Length: 109
< Date: Fri, 10 Sep 2021 06:55:23 GMT
< Server: Information Not Disclosed
<
{ (109 bytes data)
100   111  100   109  100     2     86      1  0:00:02  0:00:01  0:00:01    87{
  "res": "",
  "code": "AUTHORIZATION_FAILED",
  "description": "Authorization failed."
}
* Connection #0 to host svc.server.com left intact  

I’ve also install the cert in my windows client machine and the server team has mention that there is nothing wrong from their side as others are able to send their request successfully.

Moreover further authentication is not required and just the certs are sufficient.

I’ve also checked the trace logs and it seems to be the same , showing TLS handshake done but receiving the same error.

Any help is greatly appreciated.

flask – erro 403 forbidden mercado livre

Estou tentando cadastrar um produto na plataforma seguindo a documentação do ML API, utilizando a biblioteca requests do Python, fiz todo o procedimento que esta na documentação, mas o servidor responde com o erro 403, o acces_token esta correto, então a unica causa que eu consigo pensar é o certificado SSL, testei com o servidor local como HTTP e com ssl_context=’adhoc’ para testar como HTTPS, continua com o mesmo problema, alguém teria alguma ideia do porque o servido esta dando esse erro.

Link da documentação:
https://developers.mercadolivre.com.br/pt_br/publicacao-de-produtos

apt mirror – 403 from au.archive.ubuntu.com

does anyone know why the au.archive is broken?

I’m getting the below on multiple systems trying to update them and this has been the case for a couple of hours now. I’ve tried apt clean as well with no joy.

  Err:11 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 linux-modules-extra-5.4.0-81-generic amd64 5.4.0-81.91
  403  Forbidden (IP: 202.158.214.106 80)
Get:12 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 linux-generic amd64 5.4.0.81.85 (1,900 B)
Get:13 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 linux-image-generic amd64 5.4.0.81.85 (2,572 B)
Err:14 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 linux-headers-5.4.0-81 all 5.4.0-81.91
  403  Forbidden (IP: 202.158.214.106 80)
Get:15 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 linux-headers-5.4.0-81-generic amd64 5.4.0-81.91 (1,410 kB)
Get:16 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 linux-headers-generic amd64 5.4.0.81.85 (2,440 B)
Fetched 28.4 MB in 48s (591 kB/s)
E: Failed to fetch http://au.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-modules-extra-5.4.0-81-generic_5.4.0-81.91_amd64.deb  403  Forbidden (IP: 202.158.214.106 80)
E: Failed to fetch http://au.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-5.4.0-81_5.4.0-81.91_all.deb  403  Forbidden (IP: 202.158.214.106 80)
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Unable to connect SharePoint 2010 Central Admin. HTTP 403 Forbidden

Recently when I am trying to go Central Admin SP2010 I received an error in IE. HTTP 403 Forbidden while login using Farm Account. There are no DB permission change that i am aware off.

I could not see any error logs. The error that i can see is ConnectionString: 'Data Source=DB;Initial Catalog=WSS_Config_DB;Integrated Security=True;Enlist=False;Connect Timeout=15' ConnectionState: Closed ConnectionTimeout: 15

What i have done:

  • Run Microsoft SharePoint Product configuration which run successfully
  • Check DB permission which appear to be correct.
  • No other error log records in Event Viewer except The SharePoint Health Analyzer detected an error. Drives are running out of free
    space
    .
  • Central Admin Application Pool is assigned to Farm Admin
  • Verify if the password is not expired or locked.
  • Reboot the server

googleapi: Error 403: 567x@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object

I stay trying my project based on this: https://github.com/GoogleCloudPlatform/iot-smart-home-cloud

My issue is:

cloudfunctions.googleapis.com
google.cloud.functions.v1.CloudFunctionsService.UpdateFunction
projects/casaminha-2e0ca/locations/us-central1/functions/syncOnRemove
neuberfran@gmail.com
Build failed: could not resolve source: googleapi: Error 403: 567xxxx1772xxxxxxxxxxxx@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden
com.google.net.rpc3.client.RpcClientException: APPLICATION_ERROR;google.devtools.cloudbuild.v1/ArgoAdminV1.CreateBuild;could not resolve source: googleapi: Error 403: 5676xxxxxx062@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden;AppErrorCode=3;StartTimeMs=999999999999540;unknown;ResFormat=AUTOMATIC;ServerTimeSec=0.999999999999999;LogBytes=256;Non-

I deleted in 27/jul/2021 cloud build or cloud run (I don’t use cloud run in my project) I deleted in GCP console. I thought that was what was giving credential error in my action project on google. Then I started to receive the current error.

I remember that the service account I deleted was associated with google controller only (there was a question mark there)

I think the gcf command will rebuild this. But not sure if this is correct. And I also don’t know how to use gcf-sources-<PROJECT_NUMBER>-

I stay trying actions on google, using firestore and GCP.

commands:

firebase –project casaminha-2e0ca functions:config:set cloudiot.region=us-central1

firebase –project casaminha-2e0ca functions:config:set smarthome.id=567617xxxxxxxxxxxxxx9r9upjxxxxxxx0t.apps.googleusercontent.com smarthome.secret=D99999999999

firebase –project casaminha-2e0ca functions:config:set smarthome.key=”99999999″

firebase deploy –project casaminha-2e0ca

THis is my project in github:https://github.com/neuberfran/firebasefunction

This is my issueTracker: https://issuetracker.google.com/issues/194942955?pli=1

Can you help

theming – How can I customize the 403 page for specific routes?

On a D9 site, with an existing custom 403 page twig. I’ve been requested to show a different, variable, message from the “standard one” for a couple of specific routes.

I’ve tried with theme_preprocess_page__403(&$variables) but I couldn’t determine the original route.

E.g. using Drupal::routeMatch()->getRouteName() I got system.403 instead of the route name I need to check. I’ve checked solutions to find the refer route but none of them seemed to work.

Actually the two routes that need this specific 403 are created programmatically with a *routing.yml and relative controller in a custom module.

I wonder if it is possible somehow to specify the redirect path if the route requirements fails. I didn’t find any documentation about, but that would another way to implements this requirement.

theming – 9 – How customize 403 page for some routes?

On a D9 site, with an existing custom 403 page twig. I’ve been requested to show a different, variable, message from the “standard one” for a couple of specific routes.

I’ve tried with theme_preprocess_page__403(&$variables) but I couldn’t determine the original route.

E.g. using Drupal::routeMatch()->getRouteName() I got system.403 instead of the route name I need to check. I’ve checked solutions to find the refer route but none of them seemed to work.

Actually the two routes that need this specific 403 are created programmatically with a *routing.yml and relative controller in a custom module.

I wonder if it is possible somehow to specify the redirect path if the route requirements fails. I didn’t find any documentation about, but that would another way to implements this requirement.

sharepoint online – REST API ERROR 403 when POSTING to SP 2013 List

UPDATE
I tried adding the following to my JS hoping it would help, but I get the error Uncaught ReferenceError: data is not defined

Added JS:

    function getFormDigest(webUrl) {
    return $.ajax({
        url: webUrl + "/_api/contextinfo",
        method: "POST",
        headers: { "Accept": "application/json; odata=verbose" }
    });
}         

And I changed the following header:

"X-RequestDigest": data.d.GetContextWebInformation.FormDigestValue,

I have created a custom HTML Page which I will provide the code below. It is a single page, with a button that opens up a Bootstrap form which once the user hits submit, it “POSTS” it to a SharePoint list called Uncleared. When I put it within a web part on a new Page, it posts fine. When I drag the index.html file into SharePoint designer, I then rename it to Questionnaire.aspx and it creates a new SharePoint page and I then go to that. Once I am on the page, I fill out the form, click submit, then I get a Error 403? Why is this? I have full control over the site, and you would think if it is in a web part and working, why would it not work on a different page on the same site?

Here is my HTML:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Questionnaire</title>
<!-- CSS only -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">  <link rel="stylesheet" href="http://sharepoint.stackexchange.com/SiteAssets/site.css">
<!--    <link rel="stylesheet" href="http://sharepoint.stackexchange.com/SiteAssets/fixed.css">
     -->    <!--- Script Source Files -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js" referrerpolicy="no-referrer"></script><!-- JavaScript Bundle with Popper -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
    <script src="https://use.fontawesome.com/releases/v5.5.0/js/all.js"></script>
    
    <!--- End of Script Source Files -->
</head>
<div class="container">
<div class="modal fade bd-example-modal-lg" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel" aria-hidden="true">
  <div class="modal-dialog modal-lg">
    <div class="modal-content">
      <div class="modal-header d-block">
        <button type="button" class="close float-right" data-dismiss="modal" aria-hidden="true">&times;</button>
        <h4 class="modal-title text-center" id="myModalLabel">Questionnaire</h4>
      </div>
<div class="modal-header d-block">
  <div class="overflow-auto">
<form id="myForm" method="POST" type="post" runat="server" onsubmit="InsertListItem()">
  <div class="overflow-auto">
  <fieldset>
  <div class="required">
  <div class="row">
    <div class="col">
      <label for="Question1">1. Lorem ipsum dolor sit amet consectetur, adipisicing elit. Sit culpa exercitationem consequatur corporis, enim provident!</label>
      <input type="text" name="Question1" id="Question1" class="form-control" autocomplete="off">
      <br><br>
      <label for="Question2">2. Lorem ipsum dolor sit amet consectetur, adipisicing elit. Error quidem minus temporibus repellendus reprehenderit omnis.</label>
      <input type="text" name="Question2" id="Question2" class="form-control" autocomplete="off"> 
      <br><br>
      <label for="Question3">3. Lorem ipsum dolor sit amet consectetur adipisicing elit. Quisquam quaerat odio ab neque, laudantium aliquid.</label>
      <input type="text" name="Question3" id="Question3" class="form-control" autocomplete="off">
      <br><br>
      <label for="Question4">4. Lorem ipsum dolor sit amet consectetur, adipisicing elit. Veritatis ducimus modi veniam assumenda voluptates sit.</label>
      <input type="text" name="Question4" id="Question4" class="form-control" autocomplete="off">
      <br><br>
      <label for="Question5">5. Lorem, ipsum dolor sit amet consectetur adipisicing elit. Accusamus saepe modi facere dolor aperiam animi?</label>
      <input type="text" id="Question5" name="Question5" class="form-control" autocomplete="off">
      <br><br>
      <label for="Question6">6. Lorem ipsum dolor sit amet consectetur adipisicing elit. Molestiae tenetur nihil, suscipit itaque praesentium velit!</label>
      <input type="text" name="Question6" id="Question6" class="form-control" autocomplete="off"> 
      <br><br>
      <label for="Question7">7. Lorem ipsum dolor sit amet consectetur, adipisicing elit. In est, modi libero minima expedita eligendi.</label>
      <input type="text" name="Question7" id="Question7" class="form-control" autocomplete="off">
      <br><br>
      <label for="Question8">8. Lorem ipsum dolor sit amet consectetur adipisicing elit. Reiciendis distinctio deserunt repudiandae ipsam molestias pariatur.</label>
      <input type="text" name="Question8" id="Question8" class="form-control" autocomplete="off">
      <br><br>
      <label for="Question9">9. Lorem ipsum, dolor sit amet consectetur adipisicing elit. Itaque, officia aliquam optio dolor quos voluptas.</label>
      <input type="text" name="Question9" id="Question9" class="form-control" autocomplete="off">
      <br>
    </div>
    </div>
  </div>
  <div class="submitbtn">
    <button type="submit" id="btnSubmit" class="btn btn-primary">Submit</button>
  </div>
</fieldset>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
<body>

<!-- Start Navigation-->
<nav class="navbar navbar-expand-md navbar-dark bg-dark fixed-top">
    <a class="navbar-brand" href="#" alt=""><img class="" src="/SiteAssets/header-image-v1.png"></a>
    <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive">
        <span class="navbar-toggler-icon"></span>
    </button>
    
</nav>
<!-- Start Image Slider -->
<div id="carouselExampleIndicators" class="carousel slide" data-ride="carousel" data-interval="6000">
    <ol class="carousel-indicators">
        <li data-target="#carouselExampleIndicators" data-slide-to="0" class="active"></li>
    </ol>
    <div class="carousel-inner" role="listbox">
        <!-- Slide 1 -->
        <div class="carousel-item active" style="background-image: url(/SiteAssets/cybersecurity-feature-14jan2020.jpg); opacity: 1;">
            <div class="carousel-caption text-center">
                <h1>Welcome to the Questionnaire</h1>
                <h3>Click the Button Below to Fill Out the Questionnaire</h3>
                <a class="btn btn-outline-light btn-lg" onclick="openModal()" data-toggle="modal" data-target="#myModal">Questionnaire</a>
            </div>
        </div>
    </div>
    <!-- End of Carousel Inner-->
</div>
<!-- End of Image Slider -->
</body>
</html>

Here is my JS:

function openModal() {
    $('#myModal').modal('show'); 
  }
  $(function () {
      $("#btnSubmit").click(function () {
          InsertListItem();
      });
  });

    function InsertListItem() {
    var item = {
      "__metadata": { "type": "SP.Data.UnclearedListItem"  },
      "Title": "No Title",
      "Question1": $("#Question1").val(),
      "Question2": $("#Question2").val(),
      "Question3": $("#Question3").val(),
      "Question4": $("#Question4").val(),
      "Question5": $("#Question5").val(),
      "Question6": $("#Question6").val(),
      "Question7": $("#Question7").val(),
      "Question8": $("#Question8").val(),
      "Question9": $("#Question9").val()
  };
  $.ajax({ 
                // use your dynamically generated URL here
                url: _sPPageContextInfo.webAbsoluteUrl + "/_api/web/lists/GetByTitle('Uncleared')/items",
                method: "POST",  
                data: JSON.stringify(item),
                headers: {
                    "content-type": "application/json;odata=verbose; charset=utf-8",
                    "X-RequestDigest": $("#__REQUESTDIGEST").val(),
                    "Accept": "application/json;odata=verbose",
                    "If-Match": "*"
                },
                success: function(data) {
                    alert('Success'); // Used sweet alert for success message
                    console.log(data + " success in updating item");
                },
                error: function(data) {
                    alert(JSON.stringify(item));
                    console.log(data);

                }

            });
  }

I have also tried using the direct URL as well, and it gives the same error. With the _sPPageContextInfo.webAbsoluteUrl I get an error saying “_sPPageContextInfo is not defined“`