403 using curl

I have the same problem when I try to download an rss feed from a website:

$ curl --head https://www.phoronix.com/rss.php HTTP/2 403 date: Tue, 28 Mar 2023 20:33:47 GMT content-type: text/html; charset=UTF-8 cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-frame-options: SAMEORIGIN cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8N9sjvGPwPPkNFlG11oW7rNbKIs7QDTAgdldTE6cyxBypeliRojMK4HMThhhUop3ofbD%2FOLPXXPF5q0Cx7mNBgLit8OqPVOoui9v41me%2FOnL2ry4W5CyvaVH%2F3PtCdv%2FaT5b"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7af2a6712d352c43-FRA

When I change the user agent to “curl …” in Chromium, I get the same thing and endless checking occurs. This hasn’t happened before. Please fix this

If this is your site then you should check the WAF rules to see what rule is blocking it. If it not your site then you will need to reach out to the webhost to have them change the rule.

3 Likes

Thank you for your reply. I contacted the site administrator and he said that everything works for him.

I’m from Russia, if that’s relevant to the problem.

I think I got it. The problem is Cloudflare, because when I try to curl fetch this page, I get the same 403 error

$ curl --head https://community.cloudflare.com/t/403-using-curl/490150 HTTP/2 403 date: Wed, 29 Mar 2023 14:00:52 GMT content-type: text/html; charset=UTF-8 cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-frame-options: SAMEORIGIN cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT set-cookie: __cf_bm=AcNfbEmgpCMIAMbu2O505XNXymHPYK6L93KcxICcqUQ-1680098452-0-ASZhf8NpCD4MHPuZRlBj3un34/LEzqoMfVuGwaAUIJdyPe0RSo1b+JxCmP6B7yuICDAjCk8saFjW6PwyS54XfzEBh3dzk0arH3omO1rWC5vv; path=/; expires=Wed, 29-Mar-23 14:30:52 GMT; domain=.community.cloudflare.com; HttpOnly; Secure; SameSite=None report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQIkDM%2BDuNAaPCm8t42zhyip7%2BDo5uX29IGcF7MxJ4U3uk2aVUQPsSfBuW4zzlzeeWmjfn%2FFYvA6xNeUrKNW4bQjCQNVvc2kHK%2BWtudRPRGlboVdZx7RnJ0tyuZP7t52kzy0AvnyIRQd3A%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=2592000 server: cloudflare cf-ray: 7af8a43fef50904f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Cloudflare provides a set of tools for website owners to use to protect their applications. Each owner can choose to deploy those tools in various ways. Only the site owner can decide how they want to configure their site, and there is no default blocking by Cloudflare for cURL or any other user-agent.

1 Like