Proxy Blocking apt-get, Allowing wget/curl
The problem is with the reported user-agent. This is why the proxy worked with wget and not apt-get.
I ran tcpdump -Ai eth0 port 8080
to see what the http looked like and received a 'non approved user-agent' message from our corporate proxy.
<...snip...>
<h1>ACCESS DENIED</h1>
<p>The software you are accessing the internet with is not reporting an
approved "User-Agent"</p>
<...snip...>
The Ubuntu Manpage had a section that explains that configuration parameter.
Acquire::http::User-Agent can be used to set a different User-Agent for the http download method as some proxies allow access for clients only if the client uses a known identifier.
apt-get 307 error provided the needed syntax, you simply add the below syntax to /etc/apt/apt.conf.d/30proxy
(or whatever you choose).
Acquire::http::User-Agent "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)";
Now, apt-get updates go through flawlessly.
root@server:/etc/apt/apt.conf.d# apt-get update
Hit http://security.ubuntu.com precise-security Release.gpg
Hit http://us.archive.ubuntu.com precise Release.gpg
<...snip...>
Hit http://us.archive.ubuntu.com precise-backports/multiverse Translation-en
Hit http://us.archive.ubuntu.com precise-backports/restricted Translation-en
Hit http://us.archive.ubuntu.com precise-backports/universe Translation-en
Reading package lists... Done
Related videos on Youtube
Ryan Foley
Updated on September 18, 2022Comments
-
Ryan Foley over 1 year
I'm having an issue getting passed my corporate proxy server. I had an exception put in place to allow my IP address to pass through, but haven't been able to get
apt-get
to work.wget
can get to the Ubuntu repos without any issues.root@server:/tmp# http_proxy=http://<PROXY>:8080 wget http://us.archive.ubuntu.com/ubuntu/dists/precise-backports/multiverse/binary-i386/Packages.bz2 --2014-01-24 09:17:38-- http://us.archive.ubuntu.com/ubuntu/dists/precise-backports/multiverse/binary-i386/Packages.bz2 Resolving <PROXY> (<PROXY>)... x.x.x.25, x.x.x.24 Connecting to <PROXY> (<PROXY>)|x.x.x.25|:8080... connected. Proxy request sent, awaiting response... 200 OK Length: 5178 (5.1K) [application/x-bzip2] Saving to: `Packages.bz2' 100%[========================================>] 5,178 --.-K/s in 0.001s 2014-01-24 09:17:38 (7.78 MB/s) - `Packages.bz2' saved [5178/5178] root@server:/tmp# ll -h total 16K drwxrwxrwt 2 root root 4.0K Jan 24 09:17 ./ drwxr-xr-x 23 root root 4.0K Jan 16 14:14 ../ -rw-r--r-- 1 root root 5.1K Jan 24 09:05 Packages.bz2 root@server:/tmp#
I setup my apt-conf.d proxy configurations.
root@server:/tmp# cat /etc/apt/apt.conf.d/30proxy Acquire::http::proxy "http://<PROXY>:8080"; Acquire::ftp::proxy "ftp://<PROXY>:8080"; Acquire::https::proxy "https://<PROXY>:8080"; root@server:/tmp#
apt-get
still fails with a403 Forbidden
error.root@server:/tmp# apt-get update Ign http://us.archive.ubuntu.com precise Release.gpg <...snipped excess...> Ign http://us.archive.ubuntu.com precise-backports/universe TranslationIndex Err http://security.ubuntu.com precise-security/main Sources 403 Forbidden [IP: x.x.x.25 8080] <...snipped excess...> Err http://security.ubuntu.com precise-security/multiverse i386 Packages 403 Forbidden [IP: x.x.x.25 8080] W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise/main/source/Sources 403 Forbidden [IP: x.x.x.24 8080] <...snipped excess...> W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/precise-security/multiverse/binary-i386/Packages 403 Forbidden [IP: x.x.x.25 8080] E: Some index files failed to download. They have been ignored, or old ones used instead. root@server:/tmp#
PROXY replaces my proxy server's FQDN
-
ggalaxy over 10 yearsthe answer is already with you, try this :
root@server:/tmp# http_proxy=http://<PROXY>:8080 apt-get update
orroot@server:/tmp# http_proxy=http://<PROXY>:8080 | apt-get update
-
Ryan Foley over 10 years@ggalaxy I did that, that's why I'm getting a
403 forbidden
back from[IP: x.x.x.25 8080]
-
Ryan Foley over 10 years@ggalaxy It shouldn't be the proxy, notice how the first command subset goes through; notice the
200 OK
.
-