stackoom
  简体   繁体   中英

Accessing TWiki page with Python http.client

 原文  2013-05-27 21:54:13       python/ http/ twiki

Question

I'm trying to access my local TWiki installation with python http.client. For some reason I always end up with 403 Forbidden. I can access other sub folders in my server, but not twiki. I can access this TWiki page with curl. Is there something special you need to do when accessing /bin/ or /cgi-bin/ folders with python http.client?

Here is example with twiki.org pages, because my localhost is not accessible outside: 

>>> import httplib
>>> conn = httplib.HTTPConnection("twiki.org")
>>> conn.request("GET", "/cgi-bin/view/")
>>> r1 = conn.getresponse()
>>> print r1.status, r1.reason
403 Forbidden
>>> data1 = r1.read()
>>> data1
'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don\'t have permission to access /cgi-bin/view/\non this server.</p>\n<hr>\n<address>Apache/2.2.3 (CentOS) Server at twiki.org Port 80</address>\n</body></html>\n'
>>>

1 answers

solution1
 1 ACCPTED  2013-05-27 23:02:43

I just tried this myself and I found that setting a User-Agent header seemed to fix it. It didn't seem to matter what the header was, simply that it was set: 

>>> import httplib
>>> conn = httplib.HTTPConnection("twiki.org")
>>> conn.request("GET", "/cgi-bin/view/", headers={"User-Agent": "foo"})
>>> r1 = conn.getresponse()
>>> print r1.status, r1.reason
200 OK

Unfortunately I can't shed any light on why Twiki returns a 403 without a User-Agent header - I just tried it on the basis that it's one of the likely differences between clients. I assume it's something like the fact that it's trying to decide whether to return the mobile version of the site, but it's really poor not to handle the case of no header gracefully.

Hopefully that at least provides a work-around for you, however.

EDIT

Apparently this is part of their default Apache config using the BrowserMatchNoCase directive to set an environment variable blockAccess which is presumably picked up later to return the observed 403 Forbidden response.

They seem to think that this prevents DoS attacks somehow, although I'm really unconvinced by anything that can be worked around by simply setting a random User-Agent string. As you can tell from that config, they also have a list of "known bad" user agents they attempt to block. You can observe this by attempting to use one of them to fetch from the command-line: 

$ GET -Ssed -H "User-Agent: some-random-name" http://twiki.org/cgi-bin/view/
GET http://twiki.org/cgi-bin/view/
200 OK
[...]
$ GET -Ssed -H "User-Agent: FAST" http://twiki.org/cgi-bin/view/
GET http://twiki.org/cgi-bin/view/
403 Forbidden
[...]

I'm sure they have their reasons for doing this, but I must say I'm not impressed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question accessing korbit api with python http.client Python http.client getaddrinfo failed Python mock exception http.client response Whether to use http.client or Socket package in Python? how to add header and payload info in python http.client methods Badlinestatus: <html> | Python with http.client - Works for some sites but not others In Python 3.2, I can open and read an HTTPS web page with http.client, but urllib.request is failing to open the same page Python version 2.7 does not have module http.client Python http.client json request and response. How? run curl call in python using requests / http.client
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM