starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 14:20:30 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

[PR #986] Allow to override user agent with CURL_OPTS #982

New Issue
Open
opened 2025-12-29 02:18:53 +01:00 by adam · 0 comments
adam commented 2025-12-29 02:18:53 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dehydrated-io/dehydrated/pull/986
Author: @raphaelm
Created: 12/11/2025
Status: 🔄 Open

Base: masterHead: patch-1

📝 Commits (1)

  • 4223674 Allow to override user agent with CURL_OPTS

📊 Changes

1 file changed (+3 additions, -3 deletions)

View changed files

📝 dehydrated (+3 -3)

📄 Description

Apparently, there is at least one CA out there where the WAF blocks requests using "dehydrated" in the User-Agent. I could try to bypass this with setting a different user-agent in CURL_OPTS, if the evaluation order was different, since curl man page states:

If --user-agent is provided several times, the last set value is used.

Context:

raphael ~ $ curl "https://acme-api.actalis.com/acme/directory"
{"newAuthz": "https://acme-api.actalis.com/acme/new-authz", "newNonce": "https://acme-api.actalis.com/acme/newnonce", "newAccount": "https://acme-api.actalis.com/acme/newaccount", "newOrder": "https://acme-api.actalis.com/acme/neworders", "revokeCert": "https://acme-api.actalis.com/acme/revokecert", "keyChange": "https://acme-api.actalis.com/acme/key-change", "renewalInfo": "https://acme-api.actalis.com/acme/renewal-info", "meta": {"home": "https://www.actalis.com", "author": "Actalis S.p.A. <info@actalis.com>", "name": "acme-server", "version": "1.1.3", "termsOfService": "https://www.actalis.it/acme/terms", "externalAccountRequired": true}, "a4f79e25fe3041b5b73d7b6308f8b94b": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"}
raphael ~ $ curl -A "dehydrated/1" "https://acme-api.actalis.com/acme/directory"
…<h3>Web Page Blocked!</h3><div class="notice"><p>The page cannot be displayed. Please contact the administrator for additional information.</p><p>URL: acme-api.actalis.com/acme/directory<br /><br/>Client IP: xx.xx.xx.xx<br/>Attack ID: 20000051<br/>Message ID: 001083935386</p><p></p></div></div></body></html>

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dehydrated-io/dehydrated/pull/986 **Author:** [@raphaelm](https://github.com/raphaelm) **Created:** 12/11/2025 **Status:** 🔄 Open **Base:** `master` ← **Head:** `patch-1` --- ### 📝 Commits (1) - [`4223674`](https://github.com/dehydrated-io/dehydrated/commit/4223674c76c5da252752ed9a792abb00ee83f0da) Allow to override user agent with CURL_OPTS ### 📊 Changes **1 file changed** (+3 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `dehydrated` (+3 -3) </details> ### 📄 Description Apparently, there is at least one CA out there where the WAF blocks requests using "dehydrated" in the User-Agent. I could try to bypass this with setting a different user-agent in CURL_OPTS, if the evaluation order was different, since curl man page states: ``` If --user-agent is provided several times, the last set value is used. ``` Context: ``` raphael ~ $ curl "https://acme-api.actalis.com/acme/directory" {"newAuthz": "https://acme-api.actalis.com/acme/new-authz", "newNonce": "https://acme-api.actalis.com/acme/newnonce", "newAccount": "https://acme-api.actalis.com/acme/newaccount", "newOrder": "https://acme-api.actalis.com/acme/neworders", "revokeCert": "https://acme-api.actalis.com/acme/revokecert", "keyChange": "https://acme-api.actalis.com/acme/key-change", "renewalInfo": "https://acme-api.actalis.com/acme/renewal-info", "meta": {"home": "https://www.actalis.com", "author": "Actalis S.p.A. <info@actalis.com>", "name": "acme-server", "version": "1.1.3", "termsOfService": "https://www.actalis.it/acme/terms", "externalAccountRequired": true}, "a4f79e25fe3041b5b73d7b6308f8b94b": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"} raphael ~ $ curl -A "dehydrated/1" "https://acme-api.actalis.com/acme/directory" …<h3>Web Page Blocked!</h3><div class="notice"><p>The page cannot be displayed. Please contact the administrator for additional information.</p><p>URL: acme-api.actalis.com/acme/directory<br /><br/>Client IP: xx.xx.xx.xx<br/>Attack ID: 20000051<br/>Message ID: 001083935386</p><p></p></div></div></body></html> ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
adam added the pull-request label 2025-12-29 02:18:53 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#982
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?