Join Log in
Score:0
Stewart avatar Server

Need `sudo` to `wget localhost`

cn flag
Stewart

I'm having troubles connecting to a local webservice (apache2 default webpage). When I do a simple HTTP:GET request using wget the server returns 503 Service unavailable. However, when I sudo wget, I get 200 OK.

$ wget localhost
--2023-03-02 04:58:46--  http://localhost/
Connecting to 10.10.1.30:3128... connected.
Proxy request sent, awaiting response... 503 Service Unavailable
2023-03-02 04:58:46 ERROR 503: Service Unavailable.

$ wget 127.0.0.1
--2023-03-02 04:59:13--  http://127.0.0.1/
Connecting to 10.10.1.30:3128... connected.
Proxy request sent, awaiting response... 403 Forbidden
2023-03-02 04:59:13 ERROR 403: Forbidden.

$ sudo wget localhost
--2023-03-02 04:59:32--  http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10701 (10K) [text/html]
Saving to: ‘index.html’

index.html          100%[=================>]  10.45K  --.-KB/s    in 0s      

2023-03-02 04:59:32 (365 MB/s) - ‘index.html’ saved [10701/10701]

How is this possible?

Comparing some details:

$ wget localhost --debug                   | $ sudo wget localhost --debug
...                                        | ...
---request begin---                        | ---request begin---
GET http://localhost/ HTTP/1.1             | GET / HTTP/1.1
User-Agent: Wget/1.21                      | User-Agent: Wget/1.21
Accept: */*                                | Accept: */*
Accept-Encoding: identity                  | Accept-Encoding: identity
Host: localhost                            | Host: localhost
Connection: Keep-Alive                     | Connection: Keep-Alive
Proxy-Connection: Keep-Alive               |
---request end---                          | ---request end---
Proxy request sent, awaiting response...   | HTTP request sent, awaiting response... 
---response begin---                       | ---response begin---
HTTP/1.1 503 Service Unavailable           | HTTP/1.1 200 OK
Server: squid/3.5.28                       | Server: Apache/2.4.54 (Debian)
Mime-Version: 1.0                          | Last-Modified: Tue, 09 Aug 2022 17:13:01 GMT
Date: Thu, 02 Mar 2023 10:08:29 GMT        | Date: Thu, 02 Mar 2023 10:11:58 GMT
Content-Type: text/html;charset=utf-8      | Content-Type: text/html
Content-Length: 3718                       | Content-Length: 10701
X-Squid-Error: ERR_DNS_FAIL 0              | ETag: "29cd-5e5d20b6c3ce8"
Vary: Accept-Language                      | Vary: Accept-Encoding
Content-Language: en                       | Accept-Ranges: bytes
X-Cache: MISS from mgmt-11102              | Keep-Alive: timeout=5, max=100
Via: 1.1 mgmt-11102 (squid/3.5.28)         | 
Connection: keep-alive                     | Connection: Keep-Alive
---response end---                         | ---response end---
...

Why is my request going to a proxy?

The proxy is a gateway/firewall, but I'm surprised this request is leaving this machine at all. Comparable behaviour can be observed with curl and python3.urllib.

Here are some details of the system

$ cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   host
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

$ cat /etc/apt/apt.conf.d/99HttpProxy 
Acquire::http::Proxy "http://10.10.1.30:3128";
Acquire::http::No-Cache true;
Acquire::http::Pipeline-Depth 0;

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 78:ac:44:56:dc:b8 brd ff:ff:ff:ff:ff:ff
    altname enp24s0f0
    inet 10.10.1.1/24 brd 10.10.1.255 scope global eno1
       valid_lft forever preferred_lft forever

$ ip route
10.10.1.0/24 dev eno1 proto kernel scope link src 10.10.1.1

$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
address 10.10.1.1
netmask 255.255.255.0
107
1 + 0
Score:0
Stewart avatar Server
cn flag
Stewart

After some research I tried this:

$ env | grep proxy
http_proxy=http://10.10.1.30:3128
https_proxy=https://10.10.1.30:3128

This is what's causing wget, curl, urllib to send the request to the proxy.

This temporarily solves the issue:

$ unset http_proxy
$ wget localhost

I did this to figure out where it was being set:

$ cd /etc
$ grep -rw http_proxy
profile.d/proxy.sh:export http_proxy=http://10.10.1.30:3128

Now whenever I use a tool that needs to connect to a local server, I just need to unset the variable. Then restore it whenever I use a tool that connects to the internet.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.