busybox wget https://www.netfilter.org fails
$ wget https://www.netfilter.org
Connecting to www.netfilter.org ([2001:4b98:dc0:43:216:3eff:fe87:a456]:443)
wget: server returned error: HTTP/1.1 403 Forbidden
curl works:
$ curl https://www.netfilter.org > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 21803 100 21803 0 0 16773 0 0:00:01 0:00:01 --:--:-- 16784
Adding --header 'Accept: *'
or --header 'Accept: */*'
makes it work:
$ wget --header 'Accept: */*' https://w
ww.netfilter.org
Connecting to www.netfilter.org ([2001:4b98:dc0:43:216:3eff:fe87:a456]:443)
saving to 'index.html'
index.html 100% |****************************************************| 21803 0:00:00 ETA
'index.html' saved
Curl also adds this header.
$ curl --silent --verbose https://www.
netfilter.org > /dev/null
* Host www.netfilter.org:443 was resolved.
* IPv6: 2001:4b98:dc0:43:216:3eff:fe87:a456
* IPv4: 92.243.18.11
* Trying [2001:4b98:dc0:43:216:3eff:fe87:a456]:443...
* Connected to www.netfilter.org (2001:4b98:dc0:43:216:3eff:fe87:a456) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [93 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4160 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / prime256v1 / rsaEncryption
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=iptables.org
* start date: Mar 2 10:37:06 2024 GMT
* expire date: May 31 10:37:05 2024 GMT
* subjectAltName: host "www.netfilter.org" matched cert's "www.netfilter.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
} [5 bytes data]
> GET / HTTP/1.1
> Host: www.netfilter.org
> User-Agent: curl/8.6.0
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Date: Mon, 11 Mar 2024 10:46:11 GMT
< Server: Apache
< Last-Modified: Fri, 17 Nov 2023 10:59:02 GMT
< ETag: "552b-60a570636932f"
< Accept-Ranges: bytes
< Content-Length: 21803
< Content-Type: text/html; charset=UTF-8
<
{ [5 bytes data]
* Connection #0 to host www.netfilter.org left intact
This was discovered in !61665 (merged)
I will report this upstream but I created this issue to have the details documented somewhere.