ping 可以访问,但是 curl 和 wget 都不可以,会是什么原因

2022-12-19 17:14:25 +08:00
 twofox

项目需要访问单点认证的网址 单点认证那边是没问题的,防火墙也是开的,其他地方没有做限制的了

# curl -v https://login.XXX.com/XXX/login -4
* About to connect() to login.jxcia.com port 443 (#0)
*   Trying 117.XX.XX.X...
* Connection refused
* Failed connect to login.XXX.com:443; Connection refused
* Closing connection 0
curl: (7) Failed connect to login.XXX.com:443; Connection refused

ip addr 输出了很多的虚拟网卡,有没有可能跟这个有关

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
91906: vethbcb7517@if91905: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default 
    link/ether fa:0f:2e:xx:xx:xx brd ff:ff:ff:ff:ff:ff link-netnsid 17
    inet6 fe80::f80f:2eff:fe14:85c8/64 scope link 
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fe:fc:fe:52:0c:be brd ff:ff:ff:ff:ff:ff
    inet 10.10.2.13/24 brd 10.10.2.255 scope global noprefixroute ens18
       valid_lft forever preferred_lft forever
    inet 172.198.0.11/20 brd 172.198.15.255 scope global noprefixroute ens18
       valid_lft forever preferred_lft forever
    inet6 fe80::3307:1b7b:406a:9543/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:15:da:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
94980: veth32e54a5@if94979: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default 
    link/ether 02:69:2a:b4:aa:77 brd ff:ff:ff:ff:ff:ff link-netnsid 28
    inet6 fe80::69:2aff:feb4:aa77/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:15:da:c4 brd ff:ff:ff:ff:ff:ff
5: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:60:58:c0:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.200.0.1/16 brd 172.200.255.255 scope global docker_gwbridge
       valid_lft forever preferred_lft forever
    inet6 fe80::42:60ff:fe58:c0c2/64 scope link 
       valid_lft forever preferred_lft forever
94982: veth03890d9@if94981: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default 
    link/ether b2:6b:9c:5d:5a:79 brd ff:ff:ff:ff:ff:ff link-netnsid 27
    inet6 fe80::b06b:9cff:fe5d:5a79/64 scope link 
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:2a:8a:be:13 brd ff:ff:ff:ff:ff:ff
    inet 172.199.0.1/16 brd 172.199.255.255 scope global docker0
       valid_lft forever preferred_lft forever
91916: vethd710460@if91915: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default 
    link/ether 5e:b0:64:db:8e:c4 brd ff:ff:ff:ff:ff:ff link-netnsid 18
    inet6 fe80::5cb0:64ff:fedb:8ec4/64 scope link 
       valid_lft forever preferred_lft forever
3468 次点击
所在节点    Linux
25 条回复
tomemi
2022-12-19 17:16:46 +08:00
看看路由和防火墙
twofox
2022-12-19 17:19:43 +08:00
@tomemi 防火墙全关,路由也不会有限制的
newaccount
2022-12-19 17:22:32 +08:00
这里试了下,不加路径的二级域名是可以的。看返回头,隐藏了 nginx 版本,考虑是不是人家在服务器配置了 UA 检测?你改个浏览器的 UA 试试呢?
tomemi
2022-12-19 17:23:14 +08:00
@twofox #2 抓包
aaa5838769
2022-12-19 17:30:05 +08:00
telnet 看下端口通么。
twofox
2022-12-19 17:30:33 +08:00
@newaccount 单点服务也是我司的。。不会限制


@tomemi 有点为难我这个 CURD Boy 了
twofox
2022-12-19 17:33:18 +08:00
@aaa5838769 不通,就这一个地址不通,要是换成其他的域名。例如百度啥的,都是通的
cnit
2022-12-19 17:33:48 +08:00
你直接用 ip 加端口不走 nginx 试试
fengci
2022-12-19 17:34:41 +08:00
你是不是本地 hosts 了
Routeros
2022-12-19 17:35:03 +08:00
http_proxy?
cnit
2022-12-19 17:35:08 +08:00
# 拒绝 User-Agent
if ($http_user_agent ~* LWP::Simple|BBBike|wget|curl) {
return 444;
}
反正我们这有这个
twofox
2022-12-19 17:35:15 +08:00
@fengci 没有

@cnit 不行
cnit
2022-12-19 17:39:08 +08:00
你怕不是在命令行里面加了代理
twofox
2022-12-19 17:41:12 +08:00
@cnit 不可能的,系统会崩掉
motherfaka
2022-12-19 17:42:17 +08:00
telnet 不通,curl 其他网站通,大概率是服务端口的问题
cnit
2022-12-19 17:43:32 +08:00
额 我反正之前闹过这样的乌龙,其他的我想不到了 ,你可以试试在命令行里面能不能 curl google 或者 youtube 确认下
motherfaka
2022-12-19 17:45:35 +08:00
拿自己电脑测了一下,telnet 是通的,curl 也是通的,那还是客户端网络的问题……
julyclyde
2022-12-19 17:50:58 +08:00
refuse 不可能是 nginx 的功能
nginx 开始处理的时候都已经 accept 完毕了
lhbc
2022-12-19 17:53:49 +08:00
1. 云厂商的防火墙
2. 域名备案
twofox
2022-12-19 17:55:52 +08:00
@lhbc 本地机房,备案完善

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/903538

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX