Want to subscribe to topics you're interested in?
Become a Member

IPv6 Request Responding with 403...

Discussion in 'Nginx and PHP-FPM news & discussions' started by Liam W, Nov 22, 2016.

  1. Liam W

    Liam W Member

    58
    16
    8
    Jun 26, 2014
    Barrow-in-Furness, Cumbria, England
    Ratings:
    +20
    Local Time:
    9:34 PM
    nginx/1.9.11
    10.1.11
    This is a strange one.

    Last night, I decided to migrate my websites to a CentOS 7 server in London. I installed Centminmod on it and all is well.

    I copied the web files and the config files other and everything appeared to work... However, when a website is requested using IPv6, it returns a 403 error.

    This happens for all domains.

    It worked fine on the old server... Any idea where I should look? There's nothing in the global access/error logs or the access/error logs for the relevant site...

    Liam
     
  2. Liam W

    Liam W Member

    58
    16
    8
    Jun 26, 2014
    Barrow-in-Furness, Cumbria, England
    Ratings:
    +20
    Local Time:
    9:34 PM
    nginx/1.9.11
    10.1.11
    Hmm, now I don't think it's a 403. I think it can't actually connect at all:

    Code (Text):
    [liam@maim ~]$ wget xf-liam.com
    
    URL transformed to HTTPS due to an HSTS policy
    
    --2016-11-21 15:37:42--  Products | XF Liam
    
    Resolving xf-liam.com (xf-liam.com)... 2a06:8ec0:3::1:c8cb, 185.117.22.190
    
    Connecting to xf-liam.com (xf-liam.com)|2a06:8ec0:3::1:c8cb|:443... failed: Permission denied.
    
    Connecting to xf-liam.com (xf-liam.com)|185.117.22.190|:443... connected.
    
    HTTP request sent, awaiting response... 303 See Other
    
    Location: Products | XF Liam [following]
    
    --2016-11-21 15:37:43--  Products | XF Liam
    
    Reusing existing connection to xf-liam.com:443.
    
    HTTP request sent, awaiting response... 200 OK
    
    Length: 64494 (63K) [text/html]
    
    Saving to: ‘index.html.1’
    
    
    index.html.1                                       100%[================================================================================================================>]  62.98K   384KB/s    in 0.2s 
    
    
    2016-11-21 15:37:43 (384 KB/s) - ‘index.html.1’ saved [64494/64494]
    


    Netstat shows that nginx is listening to ipv6:

    Code (Text):
    [root@crucio xf-liam.com]# sudo netstat -plnt
    
    Active Internet connections (only servers)
    
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name 
    
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      812/redis-server 12
    
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      32523/nginx: master
    
    tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2602/unicorn master
    
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1455/master      
    
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      32523/nginx: master
    
    tcp        0      0 0.0.0.0:453             0.0.0.0:*               LISTEN      3753/sshd        
    
    tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1052/php-fpm: maste
    
    tcp6       0      0 :::3306                 :::*                    LISTEN      1561/mysqld      
    
    tcp6       0      0 :::80                   :::*                    LISTEN      32523/nginx: master
    
    tcp6       0      0 ::1:25                  :::*                    LISTEN      1455/master      
    
    tcp6       0      0 :::443                  :::*                    LISTEN      32523/nginx: master
    
    tcp6       0      0 :::453                  :::*                    LISTEN      3753/sshd        
    


    I tried disabling the firewall and same error.

    The strangest thing is that it works if requested locally on the server directly.
     
  3. Liam W

    Liam W Member

    58
    16
    8
    Jun 26, 2014
    Barrow-in-Furness, Cumbria, England
    Ratings:
    +20
    Local Time:
    9:34 PM
    nginx/1.9.11
    10.1.11
    I'm an idiot. I forgot to enable IPv6 in CSF...

    Liam
     
    • Like Like x 1