当前位置：文江博客话题详情

Facebook 调试返回 403 Forbidden

发布于 2024-12-20 20:01:15 字数 629 浏览 2 评论 0原文

我正在尝试通过 Facebook 调试器运行我的 URL，以查看我是否设置了正确的元标记，而且，看看这些东西总体上是否有效。

当我输入 URL 时，我得到一个 403 Forbidden 作为回报。

URL 指向子域，域本身也会返回 403 Forbidden。

阅读另一篇文章指向我网站的 Facebook 链接解析为 403 禁止，我认为我的主机可能设置了一个块或其他东西，但是，我似乎无法从我的计算机重新创建该块。

我一直在尝试欺骗引荐来源网址和用户代理，但没有成功。在致电房东之前，我可能错过了什么？

如果相关，则相关 URL 为： http://distorpia.dadiugames.dk/

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

伴随着你 2024-12-27 20:01:15

我用来测试这个问题的命令是curl -i -H 'Accept: */*' -H 'Range: bytes=0-40960' -H 'Connection: close' -A 'facebookexternalhit/1.1 (+ http://www.facebook.com/externalhit_uatext.php)' http://whatever.com - 这包括 Facebook 爬虫发送的一些标头，某些主机存在问题

看起来您的托管设置无法正确处理其中一个/某些标头 - 我复制了 403 错误：

对于您的 URL，返回：

HTTP/1.1 403 Forbidden
Date: Tue, 13 Dec 2011 20:54:07 GMT
Server: Apache/2.2.6 mod_auth_kerb/5.3 PHP/5.2.17 mod_fcgid/2.3.6
Accept-Ranges: bytes
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Parallels H-Sphere</title>

{{REMOVED THIS PART}}

    <h2>Error 403: Forbidden</h2>

<p>You don't have permissions to access this page.
This usually means one of the following:</p>
<ul>
<li>this file and directory permissions make them unavailable from the Internet.</li>
<li>.htaccess contains instructions that prevent public access to this file or directory.</li>
</ul>
<p>Please check file and directory permissions and .htaccess configuration if you are able to do this.
Otherwise, request your webmaster to grant you access.</p>

The command I use to test this issue is curl -i -H 'Accept: */*' -H 'Range: bytes=0-40960' -H 'Connection: close' -A 'facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)' http://whatever.com - this includes some of the headers sent by the Facebook crawler that some hosts have problems with

Looks like your hosting setup can't handle one/some of those headers properly - I replicated the 403 error:

For your URL, this returned:

HTTP/1.1 403 Forbidden
Date: Tue, 13 Dec 2011 20:54:07 GMT
Server: Apache/2.2.6 mod_auth_kerb/5.3 PHP/5.2.17 mod_fcgid/2.3.6
Accept-Ranges: bytes
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Parallels H-Sphere</title>

{{REMOVED THIS PART}}

    <h2>Error 403: Forbidden</h2>

<p>You don't have permissions to access this page.
This usually means one of the following:</p>
<ul>
<li>this file and directory permissions make them unavailable from the Internet.</li>
<li>.htaccess contains instructions that prevent public access to this file or directory.</li>
</ul>
<p>Please check file and directory permissions and .htaccess configuration if you are able to do this.
Otherwise, request your webmaster to grant you access.</p>

回复收藏 0 原文

尴尬癌患者 2024-12-27 20:01:15

脸书和Facebook 调试器发送：

curl -i -H 'Accept-Encoding: deflate, gzip' -H 'Accept: */*' -H 'Range: bytes=0-524287' -H 'User-Agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)' https://your.website/something

问题可能出在 owasp-modsecurity-crs 规则 #958291 中，该规则给出误报结果：https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/173

检查一下通过发送带有标头 Range: bytes=524287 的请求（代替 Range: bytes=0-524287）：

curl -i -H 'Accept-Encoding: deflate, gzip' -H 'Accept: */*' -H 'Range: bytes=524287' -H 'User-Agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)' https://your.website/something

解决方案

删除此规则 https://github.com/theasci/owasp-modsecurity-crs/commit/c8230c462c0b0df243146945327bf3fb711bd016

#SecRule REQUEST_HEADERS:范围“@beginsWith bytes=0-”“phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'6',accuracy:'8 ',t:none,block,msg:'范围：字段存在并开始于0.',logdata:'%{matched_var}',严重性:'4',id:'958291',标签:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',setvar:'tx.msg=%{rule.msg}',设置变量：tx。 anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ-%{matched_var_name}=%{matched_var}"

或者只是更新 OWASP ModSecurity 核心规则集 (CRS) https://github.com/coreruleset/coreruleset

Facebook & Facebook Debugger sends:

curl -i -H 'Accept-Encoding: deflate, gzip' -H 'Accept: */*' -H 'Range: bytes=0-524287' -H 'User-Agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)' https://your.website/something

The problem may be in the owasp-modsecurity-crs rule #958291, which gives false-positive result: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/173

Check it by sending request with header Range: bytes=524287 (in place of Range: bytes=0-524287):

curl -i -H 'Accept-Encoding: deflate, gzip' -H 'Accept: */*' -H 'Range: bytes=524287' -H 'User-Agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)' https://your.website/something

Solution

remove this rule https://github.com/theasci/owasp-modsecurity-crs/commit/c8230c462c0b0df243146945327bf3fb711bd016

#SecRule REQUEST_HEADERS:Range "@beginsWith bytes=0-" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'6',accuracy:'8',t:none,block,msg:'Range: field exists and begins with 0.',logdata:'%{matched_var}',severity:'4',id:'958291',tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ-%{matched_var_name}=%{matched_var}"