[jira] [Commented] (HTTPCLIENT-2118) Difference in behavior between 4.5.x and 5.0.x - CloseableHttpClient returns 403 after NoHttpResponseException

Thu, 01 Oct 2020 08:43:04 -0700 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205624#comment-17205624
 ] 

Michael Osipov commented on HTTPCLIENT-2118:
--------------------------------------------

I am inclined to close this one because your input is fishy:

1. HC 5.0.x: Where is the response to {{http-outgoing-1 >>}} at the end?
2. curl tells me the same:
{noformat}
$ curl -H "If-Modified-Since: Thu, 01 Oct 2020 14:37:03 GMT" 
"https://github-production-release-asset-2e65be.s3.amazonaws.com/23216272/1a38ec80-d0ce-11ea-9065-30a975f676ad?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20201001%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201001T143803Z&X-Amz-Expires=300&X-Amz-Signature=548ad8027c753ae28032a14bb520d40740e971bfa30993944e6287a897333c7e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=23216272&response-content-disposition=attachment%3B%20filename%3DGit-2.28.0-64-bit.exe&response-content-type=application%2Foctet-stream";
 --verbose -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
* Uses proxy env variable NO_PROXY == 'localhost .siemens.net .siemens.com 
.siemens.de'
* Uses proxy env variable HTTPS_PROXY == 'http://194.145.60.1:9400'
*   Trying 194.145.60.1:9400...
* Connected to 194.145.60.1 (194.145.60.1) port 9400 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to 
github-production-release-asset-2e65be.s3.amazonaws.com:443
> CONNECT github-production-release-asset-2e65be.s3.amazonaws.com:443 HTTP/1.1
> Host: github-production-release-asset-2e65be.s3.amazonaws.com:443
> User-Agent: curl/7.72.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< Proxy-Agent: Zscaler/6.0
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs/
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; 
CN=*.s3.amazonaws.com
*  start date: Nov  9 00:00:00 2019 GMT
*  expire date: Mar 12 12:00:00 2021 GMT
*  subjectAltName: host 
"github-production-release-asset-2e65be.s3.amazonaws.com" matched cert's 
"*.s3.amazonaws.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore 
CA-2 G2
*  SSL certificate verify ok.
> GET 
> /23216272/1a38ec80-d0ce-11ea-9065-30a975f676ad?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20201001%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201001T143803Z&X-Amz-Expires=300&X-Amz-Signature=548ad8027c753ae28032a14bb520d40740e971bfa30993944e6287a897333c7e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=23216272&response-content-disposition=attachment%3B%20filename%3DGit-2.28.0-64-bit.exe&response-content-type=application%2Foctet-stream
>  HTTP/1.1
> Host: github-production-release-asset-2e65be.s3.amazonaws.com
> Accept: */*
> If-Modified-Since: Thu, 01 Oct 2020 14:37:03 GMT
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
> (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< x-amz-request-id: 084EAF292161BA29
< x-amz-id-2: 
nbKs7FOel7l/pv0j86ARNkMWx9Cgy6X348mAj5VQbIrs6kPu9EeUscNtSr4xQrNL670UrGN5z8A=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Thu, 01 Oct 2020 15:37:46 GMT
< Server: AmazonS3
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host 194.145.60.1 left intact
<Error><Code>AccessDenied</Code><Message>Request has 
expired</Message><X-Amz-Expires>300</X-Amz-Expires><Expires>2020-10-01T14:43:03Z</Expires><ServerTime>2020-10-01T15:37:47Z</ServerTime><RequestId>084EAF292161BA29</RequestId><HostId>nbKs7FOel7l/pv0j86ARNkMWx9Cgy6X348mAj5VQbIrs6kPu9EeUscNtSr4xQrNL670UrGN5z8A=</HostId></Error>
{noformat}

Your request has expired: {{2020-10-01T14:43:03Z}}

> Difference in behavior between 4.5.x and 5.0.x - CloseableHttpClient returns 
> 403 after NoHttpResponseException
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2118
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2118
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic), HttpClient (Windows)
>    Affects Versions: 5.0.2
>         Environment: Microsoft Windows 10 version 2004 [10.0.19041.508]
> Oracle JDK 11.0.8
>            Reporter: Michael Lee
>            Priority: Major
>         Attachments: demo.zip, headers.log, test_output.txt
>
>
> My application reuses an instance of CloseableHttpClient to retrieve the 
> content from a list of URLs. After upgrading HttpClient from 4.5.x to 5.0.2 
> (also 5.0 and 5.0.1), it always gets a NoHttpResponseException followed by a 
> response code of 403 for a particular URL in the list.  When using 4.5.x, it 
> always gets a 200 or 304 for that particular URL.
> The behavior may be different if the order of the URLs in the list is changed.
> To illustrate the problem, I have extracted code from my application into the 
> sample Maven project attached. In the JUnit test, testHttpClient4() will get 
> either 200 or 304 for all the URLs. On the other hand, testHttpClient5() 
> always gets 403 for the last URL in the list. In this project, I 
> intentionally added a If-Modified-Since header with the value being current 
> time minus 1 minute so that we should get a 304 from most of the URLs.
> Can you investigate if this is really an obscure bug or an undocumented 
> behavior change related to how CloseableHttpClient handles redirects?
> Thanks.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to