Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proxy.golang.org, pkg.go.dev: 403 Forbidden #55907

Closed
uneeqmo opened this issue Sep 28, 2022 · 12 comments
Closed

proxy.golang.org, pkg.go.dev: 403 Forbidden #55907

uneeqmo opened this issue Sep 28, 2022 · 12 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. proxy.golang.org WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
proxy.golang.org/...

Comments

@uneeqmo
Copy link

uneeqmo commented Sep 28, 2022

go mod download fails with the following errors:

go mod download: github.com/aws/aws-sdk-go@v1.25.13: reading https://proxy.golang.org/github.com/aws/aws-sdk-go/@v/v1.25.13.zip: 403 Forbidden                                                                                                  
go mod download: google.golang.org/genproto@v0.0.0-20200428115010-c45acf45369a: reading https://proxy.golang.org/google.golang.org/genproto/@v/v0.0.0-20200428115010-c45acf45369a.zip: 403 Forbidden

This was working fine previously, I started seeing 403 errors recently
@dmitshur dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 28, 2022
@dmitshur dmitshur added this to the Unreleased milestone Sep 28, 2022
@dmitshur
Copy link
Contributor

Is this still happening reproducibly for you, or were these errors happening occasionally?

CC @golang/tools-team.

@heschi
Copy link
Contributor

heschi commented Sep 28, 2022

Perhaps an instance of the problem described in #49144.

@uneeqmo
Copy link
Author

uneeqmo commented Sep 28, 2022

Is this still happening reproducibly for you, or were these errors happening occasionally?

CC @golang/tools-team.

Yes, 100% reproducible

@hyangah
Copy link
Contributor

hyangah commented Sep 29, 2022

@uneeqmo Can you please check if adjusting the egress rule to allow our project id 912338787515 addresses the issue (as described in #49144) ?

https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules#egress-rules-reference

@uneeqmo
Copy link
Author

uneeqmo commented Sep 29, 2022

This is what get in the browser if I open https://pkg.go.dev/mod/github.com/aws/aws-sdk-go@v1.25.13:

Error: Forbidden
Your client does not have permission to get URL /mod/github.com/aws/aws-sdk-go@v1.25.13 from this server.

Could it be that the proxy is blocking the request because it's detecting my geolocation incorrectly?

@uneeqmo
Copy link
Author

uneeqmo commented Sep 29, 2022

GOPROXY=direct go mod download works fine

@uneeqmo
Copy link
Author

uneeqmo commented Oct 3, 2022

This is still happening 100% of the time. Please advise. Anything I can do on my side to fix this?

@findleyr
Copy link
Contributor

findleyr commented Oct 3, 2022

This is what get in the browser if I open https://pkg.go.dev/mod/github.com/aws/aws-sdk-go@v1.25.13:

@uneeqmo pkg.go.dev is almost entirely unrelated to proxy.golang.org: it does not share any components in the serving path. That suggests to me that the error is not coming from our servers.

@seankhliao
Copy link
Member

Full output of curl -Lv $url for both proxy and pkgsite urls?

@seankhliao seankhliao added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Oct 3, 2022
@uneeqmo
Copy link
Author

uneeqmo commented Oct 4, 2022

proxy.golang.org seems to be working fine now 🤷 Still getting forbidden error from pkg.go.dev

Here are the curl output:

# curl -Lv https://pkg.go.dev/github.com/microcosm-cc/bluemonday@v1.0.21
*   Trying 34.149.140.181:443...
* Connected to pkg.go.dev (34.149.140.181) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=pkg.go.dev
*  start date: Sep  2 15:47:07 2022 GMT
*  expire date: Dec  1 15:47:06 2022 GMT
*  subjectAltName: host "pkg.go.dev" matched cert's "pkg.go.dev"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1D4
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5579f2f572c0)
> GET /github.com/microcosm-cc/bluemonday@v1.0.21 HTTP/2
> Host: pkg.go.dev
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403 
< content-type: text/html; charset=UTF-8
< referrer-policy: no-referrer
< content-length: 337
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
< 

<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>403 Forbidden</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Forbidden</h1>
<h2>Your client does not have permission to get URL <code>/github.com/microcosm-cc/bluemonday@v1.0.21</code> from this server.</h2>
<h2></h2>
</body></html>
* Connection #0 to host pkg.go.dev left intact

# curl -Lv https://proxy.golang.org/github.com/microcosm-cc/bluemonday/@v/v1.0.21.zip
*   Trying 142.250.67.17:443...
* Connected to proxy.golang.org (142.250.67.17) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=misc-sni.google.com
*  start date: Sep 12 08:16:45 2022 GMT
*  expire date: Dec  5 08:16:44 2022 GMT
*  subjectAltName: host "proxy.golang.org" matched cert's "*.golang.org"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55ea10b7b2c0)
> GET /github.com/microcosm-cc/bluemonday/@v/v1.0.21.zip HTTP/2
> Host: proxy.golang.org
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200 
< accept-ranges: bytes
< access-control-allow-origin: *
< content-length: 188411
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 0
< date: Tue, 04 Oct 2022 11:53:01 GMT
< expires: Tue, 04 Oct 2022 14:53:01 GMT
< cache-control: public, max-age=10800
< age: 126
< last-modified: Mon, 03 Oct 2022 08:49:09 GMT
< etag: "29187dc01efb8d4bdafd5df40919636b93ca5faa4a2ea3122375055a24fefea5"
< content-type: application/zip
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< 
Warning: Binary output can mess up your terminal. Use "--output -" to tell 
Warning: curl to output it to your terminal anyway, or consider "--output 
Warning: <FILE>" to save to a file.
* Failure writing output to destination
* stopped the pause stream!
* Connection #0 to host proxy.golang.org left intact

@joedian joedian removed the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Oct 10, 2022
@hyangah
Copy link
Contributor

hyangah commented Oct 13, 2022

@uneeqmo Are you still experiencing the issue? Do you have problems with other pages in pkg.go.dev?
I can access https://pkg.go.dev/github.com/microcosm-cc/bluemonday@v1.0.21.

Looks like this is client-side network issue. Not sure if there is anything actionable fro ourside.

@hyangah hyangah added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Oct 13, 2022
@hyangah hyangah changed the title proxy.golang.org: go mod download: X: reading https://proxy.golang.org/X: 403 Forbidden proxy.golang.org, pkg.go.dev: 403 Forbidden Oct 13, 2022
@gopherbot
Copy link

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@golang golang locked and limited conversation to collaborators Nov 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. proxy.golang.org WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
proxy.golang.org/unplanned
Development

No branches or pull requests
9 participants
@dmitshur @hyangah @gopherbot @seankhliao @joedian @jamalc @heschi @findleyr @uneeqmo