IETF Logo Mail Archive

Re: IETF web site behind CloudFlare

Linus Nordberg <linus@nordu.net> Thu, 25 September 2014 20:13 UTC

Return-Path: <goi-ietf@m.gmane.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D73C41A0233 for <ietf@ietfa.amsl.com>; Thu, 25 Sep 2014 13:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.988
X-Spam-Level:
X-Spam-Status: No, score=-0.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_19=0.6, J_CHICKENPOX_26=0.6, J_CHICKENPOX_29=0.6, J_CHICKENPOX_51=0.6, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPcaJ6c5fXFa for <ietf@ietfa.amsl.com>; Thu, 25 Sep 2014 13:13:49 -0700 (PDT)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 213401A01D6 for <ietf@ietf.org>; Thu, 25 Sep 2014 13:13:49 -0700 (PDT)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <goi-ietf@m.gmane.org>) id 1XXFQA-0007K6-VD for ietf@ietf.org; Thu, 25 Sep 2014 22:13:46 +0200
Received: from smtp.adb-centralen.se ([193.10.5.129]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Thu, 25 Sep 2014 22:13:46 +0200
Received: from linus by smtp.adb-centralen.se with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Thu, 25 Sep 2014 22:13:46 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf@ietf.org
From: Linus Nordberg <linus@nordu.net>
Subject: Re: IETF web site behind CloudFlare
Date: Thu, 25 Sep 2014 22:14:43 +0200
Organization: NORDUnet A/S
Lines: 66
Message-ID: <87a95n1mq4.fsf@nordberg.se>
References: <87ha07eq9r.fsf@nordberg.se> <54240375.7080704@gmx.de>
Mime-Version: 1.0
Content-Type: text/plain
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: smtp.adb-centralen.se
User-Agent: Gnus/5.13 (Gnus v5.13)
Cancel-Lock: sha1:QSVxj3N33WxYPUXqmif1qaE52MY=
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/eCbubDfjZY2lVCgQoC1rFWfvHxw
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2014 20:13:51 -0000

Julian Reschke <julian.reschke@gmx.de> wrote
Thu, 25 Sep 2014 13:58:45 +0200:

| When you get the CAPTCHA page, does it come with a non-2xx HTTP status code?
| Best regards, Julian

Yes, 403.

--8<---------------cut here---------------start------------->8---
$ curl -v -s -A '' -x socks4a://127.0.0.1:9050/ https://www.ietf.org/ > www.ietf.org.html
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* SOCKS4 communication to www.ietf.org:443
* SOCKS4a request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 9050 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*        subject: OU=Domain Control Validated; CN=*.ietf.org
*        start date: 2014-07-25 19:02:22 GMT
*        expire date: 2015-08-11 23:12:50 GMT
*        subjectAltName: www.ietf.org matched
*        issuer: C=US; ST=Arizona; L=Scottsdale; O=Starfield Technologies, Inc.; OU=http://certs.starfieldtech.com/repository/; CN=Starfield Secure Certificate Authority - G2
*        SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.ietf.org
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
* Server cloudflare-nginx is not blacklisted
< Server: cloudflare-nginx
< Date: Thu, 25 Sep 2014 20:09:34 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=df905f6d4fc2798f596872df7b98498501411675774571; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.ietf.org; HttpOnly
< Cache-Control: max-age=2
< Expires: Thu, 25 Sep 2014 20:09:36 GMT
< CF-RAY: 16f9dc37031e0c23-AMS
< 
{ [data not shown]
* Connection #0 to host www.ietf.org left intact
$ 
--8<---------------cut here---------------end--------------->8---

v2.23.0 | Report a Bug | By Email