when i am sending request on localhost using curl and php it got success as given below
This request is on localhost and get the output which is required to me
$url = "https://live12p.hotstar.com/hls/live/2024725/ipl2021/hin/1540008470/15mindvrm01c6817544da534447ba5b5f3760666fd923september2021/master_7.m3u8";
$referer = "https://www.hotstar.com/";
$origin = "https://www.hotstar.com";
$host = "live12p.hotstar.com";
$headers = array();
$headers[] = 'Host: ' . $host;
$headers[] = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0';
$headers[] = 'Cookie: hs_uid=5221b879-8857-496d-80bd-691646c0fcae; ajs_anonymous_id=%22e1cac957-8325-4cc5-a4c7-04c9322a50b5%22; ajs_user_id=%22971450d482ae40088b5d834ff952f60b%22; ajs_group_id=null; hdntl=exp=1632448848~acl=*ipl2021*~id=5267bf12e30107702f21c2ea2bf8b874~data=ip%3dwzSX5TdVuh1sa432PD6kIOuXAlfHJY32Vve29D3csZOD8xO2AjRrZpV-userid%3d8kP6OEf3LRYFUhAWTlF2R7ooxuElWlYpTzzEAosrFQCW-did%3dYfixYiH5EvZpALjGAYAzylXejGbgnbBi0BBLUmB93Jgj3HHJzJjbH16-~hmac=3508bd69101ca28bef6b9bb4ff4fb833c344404e3d62968cb38bcabb1d756a71';
$headers[] = 'Referer: ' . $referer;
$headers[] = 'Origin: ' . $origin;
//
$response = get_web_page($url);
echo $response;
function get_web_page($url)
{
global $referer;
global $headers;
$ch = curl_init($url);
$verbose = fopen('curl.txt', 'w+');
$options = array(
CURLOPT_REFERER => $referer,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "gzip, deflate, br",
CURLOPT_USERAGENT => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0",
CURLOPT_CONNECTTIMEOUT => 120,
CURLOPT_TIMEOUT => 120,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_VERBOSE => TRUE,
CURLOPT_STDERR => $verbose,
);
curl_setopt_array($ch, $options);
$content = curl_exec($ch);
rewind($verbose);
$verboseLog = stream_get_contents($verbose);
echo "Verbose information:\n<pre>", htmlspecialchars($verboseLog), "</pre>\n";
if (curl_errno($ch)) {
// this would be your first hint that something went wrong
die('Couldn\'t send request: ' . curl_error($ch));
} else {
// check the HTTP status code of the request
$resultStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($resultStatus != 200) {
die('Request failed: HTTP status code: ' . $resultStatus);
}
}
curl_close($ch);
return $content;
}
this time the output is what i want
* Trying 2600:140f:5800::17d7:d73a...
* TCP_NODELAY set
* Connected to live12p.hotstar.com (2600:140f:5800::17d7:d73a) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /Applications/XAMPP/xamppfiles/share/curl/curl-ca-bundle.crt
CApath: none
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=IN; ST=Maharashtra; L=Mumbai; O=Novi Digital Entertainment Pvt. Ltd.; CN=*.hotstar.com
* start date: Jul 5 00:00:00 2021 GMT
* expire date: Jul 13 23:59:59 2022 GMT
* subjectAltName: host "live12p.hotstar.com" matched cert's "*.hotstar.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /hls/live/2024725/ipl2021/hin/1540008470/15mindvrm01c6817544da534447ba5b5f3760666fd923september2021/master_7.m3u8 HTTP/1.1
Host: live12p.hotstar.com
Accept: */*
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
Cookie: hs_uid=5221b879-8857-496d-80bd-691646c0fcae; ajs_anonymous_id=%22e1cac957-8325-4cc5-a4c7-04c9322a50b5%22; ajs_user_id=%22971450d482ae40088b5d834ff952f60b%22; ajs_group_id=null; hdntl=exp=1632448848~acl=*ipl2021*~id=5267bf12e30107702f21c2ea2bf8b874~data=ip%3dwzSX5TdVuh1sa432PD6kIOuXAlfHJY32Vve29D3csZOD8xO2AjRrZpV-userid%3d8kP6OEf3LRYFUhAWTlF2R7ooxuElWlYpTzzEAosrFQCW-did%3dYfixYiH5EvZpALjGAYAzylXejGbgnbBi0BBLUmB93Jgj3HHJzJjbH16-~hmac=3508bd69101ca28bef6b9bb4ff4fb833c344404e3d62968cb38bcabb1d756a71
Referer: https://www.hotstar.com/
Origin: https://www.hotstar.com
< HTTP/1.1 200 OK
< Akamai-Path-Timestamp: i=1632413538.914;xi=1632413538.921;xo=1632413540.009;s=1632413540.017;
< Content-Encoding: gzip
< Content-Length: 1898
< Last-Modified: Thu, 23 Sep 2021 16:12:18 GMT
< X-Akamai-Live-Origin-QoS: d=4000;t=1632413538.918
< X-Akamai-Server: Akamai-SMT
< Vary: Accept-Encoding
< Akamai-Mon-Iucid-Ing: 2024725
< Expires: Thu, 23 Sep 2021 16:12:21 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Thu, 23 Sep 2021 16:12:21 GMT
< Connection: keep-alive
< Content-Type: application/x-mpegURL
< Access-Control-Allow-Origin: https://www.hotstar.com
< Access-Control-Max-Age: 86400
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,X-Reference-Error,X-ErrorType
< Access-Control-Allow-Headers: origin,range,hdntl,hdnts,X-allowRequest
< Access-Control-Allow-Methods: GET,POST,OPTIONS
but this time when i am sending this request online from www.xyz.com then the output is 403 Forbidden Why?
Verbose information:
* Added hotstar.com:2600:140f:5800::17d7:d73a to DNS cache
* Trying 23.37.230.73:443...
* Connected to live12p.hotstar.com (23.37.230.73) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=IN; ST=Maharashtra; L=Mumbai; O=Novi Digital Entertainment Pvt. Ltd.; CN=*.hotstar.com
* start date: Jul 5 00:00:00 2021 GMT
* expire date: Jul 13 23:59:59 2022 GMT
* subjectAltName: host "live12p.hotstar.com" matched cert's "*.hotstar.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /hls/live/2024725/ipl2021/hin/1540008470/15mindvrm01c6817544da534447ba5b5f3760666fd923september2021/master_7.m3u8 HTTP/1.1
Host: live12p.hotstar.com
Accept: */*
Cookie: hs_uid=5221b879-8857-496d-80bd-691646c0fcae; ajs_anonymous_id=%22e1cac957-8325-4cc5-a4c7-04c9322a50b5%22; ajs_user_id=%22971450d482ae40088b5d834ff952f60b%22; ajs_group_id=null; hdntl=exp=1632451493~acl=*ipl2021*~id=e1acc4c006ec4a10fb2422774e4b9806~data=ip%3dwzSX5TdVuh1sa432PD6kIOuXAlfHJY32Vve29D3csZOD8xO2AjRrZpV-userid%3d8kP6OEf3LRYFUhAWTlF2R7ooxuElWlYpTzzEAosrFQCW-did%3dYfixYiH5EvZpALjGAYAzylXejGbgnbBi0BBLUmB93Jgj3HHJzJjbH16-~hmac=c9248d2c8ea8b9e0420ad176918a1ea25561bab8af14b444594515491d00fb6e
Referer: https://www.hotstar.com/
Origin: https://www.hotstar.com
X-FORWARDED-FOR: 223.190.135.254
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: AkamaiGHost
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 416
< X-Reference-Error: 18.45e62517.1632413497.90e1a77
< Expires: Thu, 23 Sep 2021 16:11:37 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Thu, 23 Sep 2021 16:11:37 GMT
< Connection: keep-alive
< Country: IN
< X-ErrorType: geo-blocked
< Access-Control-Allow-Origin: https://www.hotstar.com
< Access-Control-Max-Age: 86400
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,X-Reference-Error,X-ErrorType
< Access-Control-Allow-Headers: origin,range,hdntl,hdnts,X-allowRequest
< Access-Control-Allow-Methods: GET,POST,OPTIONS
<
* Connection #0 to host live12p.hotstar.com left intact
Request failed: HTTP status code: 403
I don't know why this is happening and how can i solve it
if any one have idea please help me to solve this
The service you're trying to access is behind Akamai's network and it appears they're geo restricting access.
Note the response header:
X-ErrorType: geo-blocked
Related
i want to send push notification for all of them user install application with Firebase Admin PHP SDK library in drupal 8 in the request time i have below error.
my code:
$messaging = (new Factory())->withServiceAccount(__DIR__ . '/file .json')->withEnabledDebug()->withProjectId('project name')->createMessaging();
$config = AndroidConfig::fromArray([
'ttl' => '3600s',
'priority' => 'normal',
'notification' => [
'title' => '$GOOG up 1.43% on the day',
'body' => '$GOOG gained 11.80 points to close at 835.67, up 1.43% on the day.',
'icon' => 'stock_ticker_update',
'color' => '#f45342',
'sound' => 'default',
],
]);
$title = 'My Notification Title';
$body = 'My Notification Body';
$imageUrl = 'http://lorempixel.com/400/200/';
$notification = Notification::fromArray([
'title' => $title,
'body' => $body,
'image' => $imageUrl,
]);
$topic = 'b-topic';
$message = CloudMessage::withTarget('topic', $topic)
->withAndroidConfig($config)
->withNotification($notification);
$messaging->send($message);
When I activate the log :
Hostname in DNS cache was stale, zapped
Trying 216.58.208.106...
TCP_NODELAY set
Connected to oauth2.googleapis.com (216.58.208.106) port 443 (#0)
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
Your question couldn’t be submitted
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use http/1.1
Server certificate:
subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=upload.video.google.com
start date: Oct 20 18:07:22 2020 GMT
expire date: Jan 12 18:07:22 2021 GMT
subjectAltName: host "oauth2.googleapis.com" matched cert's
.googleapis.com"
issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
SSL certificate verify ok.
> POST /token HTTP/1.1
Host: oauth2.googleapis.com
User-Agent: GuzzleHttp/6.5.4 curl/7.58.0 PHP/7.4.11
Cache-Control: no-store
Content-Type: application/x-www-form-urlencoded
Content-Length: 1209
* upload completely sent off: 1209 out of 1209 bytes
< HTTP/1.1 200 OK < Content-Type: application/json; charset=UTF-8 < Vary: X-Origin < Vary: Referer < Date: Sat, 07 Nov
2020 07:14:17 GMT < Server: scaffolding on HTTPServer2 < Cache-Control: private < X-XSS-Protection: 0 <
X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < Alt-Svc: h3-Q050=":443" ; ma=2592000,h3-29=":443" ;
ma=2592000,h3-T051=":443" ; ma=2592000,h3-T050=":443" ; ma=2592000,h3-Q046=":443" ; ma=2592000,h3-Q043=":443" ;
ma=2592000,quic=":443" ; ma=2592000; v="46,43" < Accept-Ranges: none < Vary: Origin,Accept-Encoding <
Transfer-Encoding: chunked < * Connection #0 to host oauth2.googleapis.com left intact * Trying 64.233.177.95... *
TCP_NODELAY set * Trying 2a00:1450:400e:800::200a... * TCP_NODELAY set * Immediate connect fail for
2a00:1450:400e:800::200a: Network is unreachable * Trying 2a00:1450:400e:806::200a... * TCP_NODELAY set * Immediate
connect fail for 2a00:1450:400e:806::200a: Network is unreachable * Trying 2a00:1450:400e:809::200a... * TCP_NODELAY
set * Immediate connect fail for 2a00:1450:400e:809::200a: Network is unreachable * Trying
2a00:1450:400e:80d::200a... * TCP_NODELAY set * Immediate connect fail for 2a00:1450:400e:80d::200a: Network is
unreachable * Connected to fcm.googleapis.com (64.233.177.95) port 443 (#1) * ALPN, offering http/1.1 * successfully
set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * SSL
connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: *
subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=edgecert.googleapis.com * start date: Oct 20
18:13:46 2020 GMT * expire date: Jan 12 18:13:46 2021 GMT * subjectAltName: host "fcm.googleapis.com" matched
cert's "fcm.googleapis.com" issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1 * SSL certificate verify ok.>
POST /v1/projects/pj name/messages:send HTTP/1.1
Host: fcm.googleapis.com
User-Agent: GuzzleHttp/6.5.4 curl/7.58.0 PHP/7.4.11
Content-Type: application/json; charset=UTF-8
authorization: Bearer
"token"
Content-Length: 396
* upload completely sent off: 396 out of 396 bytes
< HTTP/1.1 200 OK < Content-Type: application/json; charset=UTF-8 < Vary: X-Origin < Vary: Referer < Date: Sat, 07
Nov 2020 07:14:18 GMT < Server: ESF < Cache-Control: private < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff < Alt-Svc: h3-Q050=":443" ; ma=2592000,h3-29=":443" ;
ma=2592000,h3-T051=":443" ; ma=2592000,h3-T050=":443" ; ma=2592000,h3-Q046=":443" ; ma=2592000,h3-Q043=":443" ;
ma=2592000,quic=":443" ; ma=2592000; v="46,43" < Accept-Ranges: none < Vary: Origin,Accept-Encoding <
Transfer-Encoding: chunked < * Connection #1 to host fcm.googleapis.com left intact
i conected to google SDK but when i cant conected to fcm.googleapis.com and error to Transfer-Encoding .i try to ssl domain but not work again.
I'm attempting to make POST requests to an external API(Code below). I manage to get the curl coding working on my localhost but when I go to my staging server the curl returns error Peer reports incompatible or unsupported protocol version(35). From reading into this I need to add an error buffer to get more debugging info but the documentation is confusing.
Yet when I make a curl request directly in the servers terminal with I receive a connection successful. Which makes me extremely confused as the server is clearly capable to make curl requests.
PHP Curl Code
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode($body),
CURLOPT_HTTPHEADER => $header,
));
$response = curl_exec($curl);
$err = curl_error($curl);
echo "response: " . $response;
echo "<br><br>error: " . $err;
curl_close($curl);
Server Curl Response
curl https://support.zendesk.com/api/v2/users/create_or_update.json
* About to connect() to support.zendesk.com port 443 (#0)
* Trying 104.16.51.111...
* Connected to support.zendesk.com (104.16.51.111) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN= support.zendesk.com,O="CloudFlare, Inc.",L=San Francisco,ST=CA,C=US
* start date: Mar 08 00:00:00 2019 GMT
* expire date: Mar 08 12:00:00 2020 GMT
* common name: support.zendesk.com
* issuer: CN=CloudFlare Inc ECC CA-2,O="CloudFlare, Inc.",L=San Francisco,ST=CA,C=US
> GET /api/v2/users/create_or_update.json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: support.zendesk.com
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Fri, 12 Apr 2019 12:52:28 GMT
< Content-Type: application/json; charset=UTF-8
< Content-Length: 37
< Connection: keep-alive
< Set-Cookie: __cfduid=da0ecd56691c96b9b3dac091df58383d51555073548; expires=Sat, 11-Apr-20 12:52:28 GMT; path=/; domain=.ralphandrussoclientcare.zendesk.com; HttpOnly
< WWW-Authenticate: Basic realm="Web Password"
< Strict-Transport-Security: max-age=31536000;
< Cache-Control: no-cache
< X-Zendesk-Origin-Server: app23.pod17.euw1.zdsys.com
< X-Request-Id: 4c65566eacc82981-DUB
< X-Runtime: 0.032000
< X-Zendesk-Request-Id: 3360f95a861586e6f414
< Set-Cookie: __cfruid=7af98f1cbac97922c1c15b82f7c133c3945a446e-1555073548; path=/; domain=.ralphandrussoclientcare.zendesk.com; HttpOnly
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 4c65566eacc82981-DUB
<
* Connection #0 to host support.zendesk.com left intact
{"error":"Couldn't authenticate you"}
In order to solve this problem I performed a server SSL test using https://www.ssllabs.com/ssltest/ which showed me which Protocols were already open and available on the server.
From that I followed the answer to this question TLS 1.2 not working in cURL which showed me which PHP CURLOPT_SSLVERSION number to use in order to access an open protocol.
Therefore I had to add the following line of code to my Curl Array
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2
How to get the raw HTTP request from a multipart/form-data request?
The request is not written to test.log.. Only Response: is saved?
The client can upload files etc. and I need to check if the user gzip the binary data parts.. If not I need to throw an error
request
$boundary = 'jlasdifj439';
$field1 = json_encode(['test' => 123]);
$body = '--'.$boundary."\r\n"
.'Content-Disposition: form-data; name="json"'."\r\n"
.'Content-Type: application/json'."\r\n"
.'Content-Length: '.strlen($field1)."\r\n\r\n"
.$field1."\r\n"
.'--'.$boundary.'--';
$socket = curl_init();
curl_setopt_array($socket, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE => true,
CURLOPT_ENCODING => '',
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_2_0,
]);
curl_setopt($socket, CURLOPT_URL, 'https://my-url');
curl_setopt($socket, CURLOPT_HTTPHEADER, [
'Content-Type: multipart/form-data; boundary='.$boundary,
]);
curl_setopt($socket, CURLOPT_POSTFIELDS, $body);
if(!$response = curl_exec($socket)){
echo "ERROR!";
}
echo $response;
response
$body = file_get_contents('php://input');
file_put_contents('/var/www/test.log', "Response:\n".$body);
test.log
Response:
curl verbose
* Hostname was NOT found in DNS cache
* Trying xxx.xxx.xxx.xxx...
* Connected to test.com (xxx.xxx.xxx.xxx) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=*xxxxx
* start date: 2017-10-02 00:00:00 GMT
* expire date: 2018-12-01 23:59:59 GMT
* subjectAltName: test.com matched
* issuer: C=US; O=thawte, Inc.; OU=Domain Validated SSL; CN=thawte DV SSL SHA256 CA
* SSL certificate verify ok.
> POST / HTTP/1.1
Host: xxxxx
Accept: */*
Accept-Encoding: deflate, gzip
Content-Type: multipart/form-data; boundary=jlasdifj439
Content-Length: 143
* upload completely sent off: 143 out of 143 bytes
< HTTP/1.1 200 OK
* Server nginx is not blacklisted
< Server: nginx
< Date: Sun, 10 Jun 2018 20:49:43 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< content-encoding: gzip
<
* Connection #0 to host xxxxx left intact
When I try to open url1(https://www.google.co.in), url2(https://www.amazon.com), url5(https://www.instagram.com) its working fine that is I can load url1, url2 and url5 but when I try to open url3(https://www.facebook.com), url4(https://www.twitter.com), its printing my error message:"Error, Unable to open." as it can't open facebook, twitter page. I dont want to use API. Thank you in advance.
<?php
$curl = curl_init();
//url1 = https://www.google.co.in
//url2 = https://www.amazon.com
//url3 = https://www.facebook.com
//url4 = https://www.twitter.com
//url5 = https://www.instagram.com
$url ="https://www.facebook.com";
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($curl);
if($output)
{
echo $output;
}
else
{
echo "Error, Unable to open.";
}
?>
when debugging issues like that, enable CURLOPT_VERBOSE. furthermore, when debugging, don't use echo, use var_dump. if you did that, you'd see something like
* Rebuilt URL to: https://www.facebook.com/
* Trying 157.240.20.35...
* TCP_NODELAY set
* Trying 2a03:2880:f10a:83:face:b00c:0:25de...
* TCP_NODELAY set
* Immediate connect fail for 2a03:2880:f10a:83:face:b00c:0:25de: Network is unreachable
* Connected to www.facebook.com (157.240.20.35) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com
* start date: Dec 15 00:00:00 2017 GMT
* expire date: Mar 22 12:00:00 2019 GMT
* subjectAltName: host "www.facebook.com" matched cert's "*.facebook.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
< HTTP/1.1 302 Found
< Strict-Transport-Security: max-age=15552000; preload
< Location: https://www.facebook.com/unsupportedbrowser
< Content-Type: text/html; charset=UTF-8
< X-FB-Debug: x3NeeaaJHxPQkX5Z9H7yMX3evzYJocXmZpzMV6GoWtacO8bXLL3O58vidPHZUvXTuP9iE9pHPEnbr/RvNsT23Q==
< Date: Mon, 19 Feb 2018 09:12:51 GMT
< Connection: keep-alive
< Content-Length: 0
<
* Connection #0 to host www.facebook.com left intact
string(0) ""
the problem being that facebook tried to issue a HTTP redirect (to https://www.facebook.com/unsupportedbrowser), and you didn't follow it. enable CURLOPT_FOLLOWLOCATION to have curl automatically handle redirects. why did facebook redirect you? because you didn't supply any user-agent header. set one that facebook will recognize as supported with CURLOPT_USERAGENT, for example Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 (aka Firefox 52 ESR running on Windows 7 x64)
as for twitter.com,
* Rebuilt URL to: https://www.twitter.com/
* Trying 104.244.42.193...
* TCP_NODELAY set
* Connected to www.twitter.com (104.244.42.193) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=4337446; C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=tsa_o Point of Presence; CN=twitter.com
* start date: Jul 25 00:00:00 2017 GMT
* expire date: Jul 30 12:00:00 2018 GMT
* subjectAltName: host "www.twitter.com" matched cert's "www.twitter.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
Host: www.twitter.com
Accept: */*
< HTTP/1.1 301 Moved Permanently
< content-length: 0
< date: Mon, 19 Feb 2018 09:17:51 GMT
< location: https://twitter.com/
< server: tsa_o
< set-cookie: personalization_id="v1_ersTgWQIOjuJkjk6VFUlXw=="; Expires=Wed, 19 Feb 2020 09:17:51 UTC; Path=/; Domain=.twitter.com
< set-cookie: guest_id=v1%3A151903187127250514; Expires=Wed, 19 Feb 2020 09:17:51 UTC; Path=/; Domain=.twitter.com
< strict-transport-security: max-age=631138519
< x-connection-hash: aae827a6347e88db5f417a0c31bba366
< x-response-time: 101
<
* Connection #0 to host www.twitter.com left intact
string(0) ""
it tried to redirect you to the non-www url version of the site, and again, you didn't follow the redirect. enable CURLOPT_FOLLOWLOCATION to have curl automatically follow http redirects.
I am writing a PHP webapplication that has to connect to a webservice using Kerberos 5 authentication (Active Directory). My PHP website is hosted on IIS 7.5 with PHP 5.5. The application pool is running under the account that is authorized in Active Directory and for the target webservice.
I tried every example code that I could find on this site and other sites but to no avail.
This is the PHP code I am using now:
$url = 'http://mywebservice/login/kerberos';
$ch = curl_init();
$options = [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE => true,
CURLOPT_HTTPAUTH => CURLAUTH_GSSNEGOTIATE,
CURLOPT_HTTPHEADER => ['Authorization: Negotiate'],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_USERPWD => 'myuser',
CURLOPT_URL => $url,
CURLOPT_HEADER => 1
];
curl_setopt_array( $ch, $options);
$result = curl_exec($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($result, 0, $header_size);
$body = substr($result, $header_size);
print $result;
This gives me the following message:
HTTP/1.1 302 Found Date: Fri, 21 Oct 2016 14:49:15 GMT X-Robots-Tag: noindex,nofollow WWW-Authenticate: Location: http://mywebservice/login?login_fail Content-Length: 0
When I remove the CURLOPT_HTTPHEADER => ['Authorization: Negotiate'] l get an Internal Server error from the curl module.
When I use curl commandLine I get the following result:
curl --negotiate http://mywebservice/login/kerberos -umyuser#mydomain --verbose -c "c:\cookie.txt" -b "c:\cookie.txt"
Enter host password for user 'myuser#mydomain':
* Trying (192.168.1.1...
* Connected to mywebservice (192.168.1.1) port 80 (#0)
> GET /login/kerberos HTTP/1.1
> User-Agent: curl/7.41.0
> Host: mywebservice
> Accept: */*
> Cookie: JSESSIONID_PUBLIC=X(MASKED)XXXXXXXXXXXXXXXXX
>
< HTTP/1.1 401 Unauthorized
< Date: Fri, 21 Oct 2016 14:52:46 GMT
< X-Robots-Tag: noindex,nofollow
< WWW-Authenticate: Negotiate
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 20 Oct 2016 14:52:46 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< P3P: CP=CAO PSA OUR
< Content-Type: text/html; charset=UTF-8
< Content-Length: 3643
<
* Ignoring the response-body
* Connection #0 to host mywebservice left intact
* Issue another request to this URL: 'http://mywebservice/login/kerberos'
* Found bundle for host mywebservice: 0xXXXXXXX
* Re-using existing connection! (#0) with host mywebservice
* Connected to mywebservice (192.168.1.1) port 80 (#0)
* Server auth using Negotiate with user 'myuser#mydomain'
> GET /login/kerberos HTTP/1.1
> Authorization: Negotiate X(MASKED)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXD
w==
> User-Agent: curl/7.41.0
> Host: mywebservice
> Accept: */*
> Cookie: JSESSIONID_PUBLIC=X(MASKED)XXXXXXXXXXXXXXXXX
>
< HTTP/1.1 302 Found
< Date: Fri, 21 Oct 2016 14:52:46 GMT
< X-Robots-Tag: noindex,nofollow
< WWW-Authenticate:
< Location: http://mywebservice/?login_fail
< Content-Length: 0
<
* Connection #0 to host mywebservice left intact
When I test with the KerberosAuthenticationTester tool (http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx) it authenticates me right away when I pass the url and credentials.
I assume that it is not working because I am missing the krb5 library. I could not find it as a DLL so I tried recompiling it with the PHP source in Visual Studio. This is not working for me as well, I am missing the config.w32 file. If necessary I can elaborate on that but first I want to know if this is really needed.
I also installed MIT Kerberos but this did not help aswell.
Is it correct that I need the krb5 DLL, or am I on the wrong track? If I need this DLL, where can I get it or how can I compile it? If there is another solution I would be very happy to hear it.
Thanks everyone for taking your time for me and replying!