Issue #1149: https://mirror.stream.centos.org/9-stream redirects to https://origin1.stream.centos.org/9-stream/ - centos-infra

centos-infra

#1149 https://mirror.stream.centos.org/9-stream redirects to https://origin1.stream.centos.org/9-stream/

Closed: Fixed a year ago by arrfab. Opened a year ago by petersen.

or https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os redirects to https://origin1.stream.centos.org/9-stream/BaseOS/x86_64/os/

which presents as

Forbidden

You don't have permission to access this resource.

I think it should just redirect to the original url with a / appended.

petersen commented a year ago

I discovered this while working on http://github.com/juhp/fedora-repoquery yesterday

arrfab commented a year ago

Let me verify as it's a AWS Cloudfront setup so wondering if it needs tuning as https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/ works fine, so just adding / should do it (and don't know why Cloudfront even tries to redirect while clearly it shouldn't let people try to reach origin nodes anyway)

Metadata Update from @arrfab:
- Issue assigned to arrfab

a year ago

Metadata Update from @arrfab:
- Issue tagged with: centos-common-infra, centos-stream, medium-gain, medium-trouble

a year ago

Metadata Update from @arrfab:
- Assignee reset

a year ago

Metadata Update from @arrfab:
- Issue assigned to arrfab

a year ago

arrfab commented a year ago

I had a quick look and Cloudfront wasn't sending the Host: in headers but it's was modified and redeployed and should be fine now, per our own testing :

curl -I https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
HTTP/2 301 
content-type: text/html; charset=iso-8859-1
location: https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/
date: Mon, 08 May 2023 12:31:31 GMT
server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
via: 1.1 d8778dbc6e81818135a7305a388b2974.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P1
x-amz-cf-id: EpeY4EA56DCiD8TMV7svPzbUG1S9t8MSCkGQjP5BL88ibbI_NY5kCQ==
age: 231

It's still 301 (normal to just redirect to correct location with added / for a directory) but now to the correct host (Cloudfront itself).

Can you just confirm and close this ticket if working now for you ?

Metadata Update from @arrfab:
- Issue priority set to: Waiting on Reporter (was: Needs Review)

a year ago

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Metadata

Assignee

arrfab

Tags

Blocking

None

Depending on

None

Priority

Waiting on Reporter

centos-infra

Source Code

#1149 https://mirror.stream.centos.org/9-stream redirects to https://origin1.stream.centos.org/9-stream/ Closed: Fixed a year ago by arrfab. Opened a year ago by petersen.

Metadata

centos-common-infra medium-trouble medium-gain centos-stream

#1149 https://mirror.stream.centos.org/9-stream redirects to https://origin1.stream.centos.org/9-stream/

Closed: Fixed a year ago by arrfab. Opened a year ago by petersen.