Nginx returns status 403 when User-Agent is Railgun/5.3.3

cache
#1

When I use Railgun, Sometime nginx returns status 403 when User-Agent is Railgun/5.3.3.

But it will work normally after refreshing the page. How should I set it up?

#2

this is my nginx conf

server
{
    listen 80;
    server_name domain name ;
    root /wwwroot/x/public;
    allow my server ip;
    deny all;
    index index.php;
    include enable-php-73.conf;
  	location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
    {
        add_header Cache-Control: s-maxage=200,max-age=60;
        error_log off;
    }
    location / {
    	expires -1s;
    	try_files $uri /index.php$is_args$args;
	}
    
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    
    access_log  off;
}
#3
Railgun test results for ‘sgp’
my. domain is successfully connected to Railgun sgp! This website is now accelerated by Railgun.

Method: GET

url: https://www.my.domain

Response status: 200

Protocol: HTTP/2.0

Elapsed time: 0.448344s

Body size (in bytes): 4855 bytes

Body hash: f94ffadbfb0662676de9efd4788afa959047d016

missing_headers: No Content-Length or Transfer-Encoding

Connection close: false

CF-Ray ID: 49a9b8021f7b6da2-SJC

Railgun details: 0000000000 00 error

Location: 4 San Jose (SJC)

Cloudflare enabled: on

Railgun enabled: on
#4

nobody!

#5

Any ip blockings in place?

The first request is not served through railgun because the TCP connection gets closed after a few seconds.
(“Waiting for new WAN connection”). So it’s not railgun that connects to your host, you willnsee Cloudflare IPs instead.

After an immediate refresh, the connection between rg-listener and sender is established.

162.158.85.86 - user01 [17/Jan/2019:18:27:28 +0100] “GET /index.php/204 HTTP/1.1” 204 4437 “-” “Mozilla/5.0 (Android) ownCloud-android/3.4.1”
162.158.85.86 - user01 [17/Jan/2019:18:27:28 +0100] “GET /index.php/204 HTTP/1.1” 204 4447 “-” “Mozilla/5.0 (Android) ownCloud-android/3.4.1”
172.30.0.3 - user01 [17/Jan/2019:18:27:29 +0100] “GET /index.php/204 HTTP/1.1” 204 4615 “-” “Mozilla/5.0 (Android) ownCloud-android/3.4.1”

172.30.0.3 is my railgun instance.
That’s what I interprete from my logfiles and HTTP headers.

Polish and Railgun seems not working
#6

Any ip blockings in place?

Because I used railgun acceleration, I blocked all IPs.

The first request is not served through railgun because the TCP connection gets closed after a few seconds.
(“Waiting for new WAN connection”).

I got it

#7

this is my new conf, It’s working now! thanks for your help

server
{
    listen 80;
    server_name domain name ;
    root /wwwroot/x/public;
    allow my server ip;
    
    allow 103.21.244.0/22;
    allow 103.22.200.0/22;
    allow 103.31.4.0/22;
    allow 104.16.0.0/12;
    allow 108.162.192.0/18;
    allow 131.0.72.0/22;
    allow 141.101.64.0/18;
    allow 162.158.0.0/15;
    allow 172.64.0.0/13;
    allow 173.245.48.0/20;
    allow 188.114.96.0/20;
    allow 190.93.240.0/20;
    allow 197.234.240.0/22;
    allow 198.41.128.0/17;
    allow 2400:cb00::/32;
    allow 2606:4700::/32;
    allow 2803:f800::/32;
    allow 2405:b500::/32;
    allow 2405:8100::/32;
    allow 2c0f:f248::/32;
    allow 2a06:98c0::/29;
    deny all;
    index index.php;
    include enable-php-73.conf;
  	location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
    {
        add_header Cache-Control: s-maxage=200,max-age=60;
        error_log off;
    }
    location / {
    	expires -1s;
    	try_files $uri /index.php$is_args$args;
	}
    
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    
    access_log  off;
}
2 Likes
#8

You’re welcome :slightly_smiling_face:

1 Like
closed #9

This topic was automatically closed after 30 days. New replies are no longer allowed.