Cron Daemon Wget blocked

Question

I've got nginx on Debian 7 without cpanel.

I am seting-up my Crontab like this:

*/45 * * * * wget "http://example.com/cron-url.php" >/dev/null 2>&1

The above cron is being blocked with 403 forbidden:

--2014-12-10 05:40:01--  http://example.com/cron-url.php
Connecting to xyz.xx.xx.xxx:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-12-10 05:40:01 ERROR 403: Forbidden.

After searching here and googling, I understand that my server is probably blocking wget. I had a look at my nginx configuration file and I think it should be due to this:

if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
    return 403;
}

For cron command, I have to use the url to it and absolute link to script path doesn't work. Now, what do I do if I need to allow cron to work without getting blocked? I was thinking maybe I need to allow wget from my own server, but don't know how to do that with nginx. Can someone help me resolve this cron issue?

true.. but that will also allow others to use wget to download contents from my site, isint it? — Neel, Dec 09 '14 at 20:09
Now, I noticed that I can access the cron url from browser though. — Neel, Dec 09 '14 at 20:17
Hyppy's answer should work. Blocking the user-agent doesn't do a whole lot anyway because those are easily spoofed. — Nathan C, Dec 09 '14 at 20:19
makes sense. I now agree that removing wget is probably the way to go. Thank you NathanC and Hyppy — Neel, Dec 09 '14 at 20:20

score 5 · Accepted Answer · answered Dec 09 '14 at 20:14

5

Either remove wget exclusion from the nginx configuration, or add something like this as an option to your wget command:

--user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101  Firefox/21.0" --referrer whatever.example.com

answered Dec 09 '14 at 20:14

Hyppy

15,608
1
38
59

1

right... @NathanC was suggesting to remove `wget` from config too. But isint that a security risk? Can someone download sensitive files from my site using wget? – Neel Dec 09 '14 at 20:18
2

@blackops_programmer `wget` is only as powerful as someone using a browser ...they can't download "sensitive" stuff if it's otherwise hidden (because then they could just use a regular browser!) – Nathan C Dec 09 '14 at 20:19
2

Even if they were crawling your site with a script full of wgets, they could just modify the user agent and referrer to get the same result. I have no idea why nginx denies wget by default, perhaps it's some sort of greybeard pissing contest. – Hyppy Dec 09 '14 at 20:21
1

Perfect. I misunderstood how wget is used. Now everything makes sense. I dont see the point to add a special block for wget anymore.. :) – Neel Dec 09 '14 at 20:23

Cron Daemon Wget blocked

1 Answers1