search

tobychui / zoraxy

A general purpose HTTP reverse proxy and forwarding tool. Now written in Go!
https://zoraxy.arozos.com
GNU Affero General Public License v3.0
2.71k stars 162 forks source link

[BUG] ACL on standalone installation (no docker) #206

Closed barto95100 closed 2 months ago

barto95100 commented 3 months ago

I test to install zoraxy in standalone (no docker)

I test to import the configuration from my docker installation : all it's ok

but went i test to accèss from ip source 104.28.42.15 I received the 403 forbidden :(

But the ip is in ACL white list : CleanShot 2024-06-18 at 12 18 36

the header zoraxy received:

Frame 59: 458 bytes on wire (3664 bits), 458 bytes captured (3664 bits) on interface eth0, id 0
Ethernet II, Src: bc:24:11:e2:fd:8f (bc:24:11:e2:fd:8f), Dst: bc:24:11:e3:be:68 (bc:24:11:e3:be:68)
Internet Protocol Version 4, Src: 104.28.42.15, Dst: 192.168.99.9
Transmission Control Protocol, Src Port: 53441, Dst Port: 80, Seq: 1, Ack: 1, Len: 392
Hypertext Transfer Protocol
    GET / HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
            [GET / HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /
        Request Version: HTTP/1.1
    Host: sonarr.worldgeekwide.fr\r\n
    Upgrade-Insecure-Requests: 1\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1\r\n
    Accept-Language: fr-FR,fr;q=0.9\r\n
    Accept-Encoding: gzip, deflate\r\n
    Connection: keep-alive\r\n
    \r\n
    [Full request URI: http://sonarr.xxxxxxx.fr/]
    [HTTP request 1/1]
tobychui commented 3 months ago

@barto95100 Cannot reproduce with my machine and my public IP address, with /32 CIDR in place.

I guess this mostly is your network issue (again). If you don't know how to use wireshark for network capture, try turn off all Zoraxy http routing rules and clear today's statistic, only enable this HTTP proxy rule that have issues and keep refreshing until the actual connecting IP shows up in the statistic list as the top requesting IP. That might help you debug your networking issues.

tobychui commented 2 months ago

Closing this as there are no further information provided.