Some sites are blocked from oneboxing

Feature
10

Thanks for kind info.

I tried the way mentioned on Amazon onebox fails on my site, but works here and found 403 on udemy as return code. I even cloned a site with old backup and it has the same problem. I wonder if other reason cause the issue, say, setting?

Please advice. Thanks for help.

root@localhost:~# curl https://www.udemy.com/course/certified-kubernetes-application-developer/ -o deleteme.html --verbose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:-- 0* Trying 2606:4700::6810:4255:443... * TCP_NODELAY set
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--  0* Connected to www.udemy.com (2606:4700::6810:4255) port 443  (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3726 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Udemy, Inc.; CN=*.udemy.com
*  start date: Sep 10 15:45:40 2020 GMT
*  expire date: Oct 12 15:45:40 2021 GMT
*  subjectAltName: host "www.udemy.com" matched cert's "*.udemy.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55ba70848e10)
} [5 bytes data]
> GET /course/certified-kubernetes-application-developer/ HTTP/2
> Host: www.udemy.com
> user-agent: curl/7.68.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
} [5 bytes data]
< HTTP/2 403
< date: Sat, 15 May 2021 09:15:50 GMT
< content-type: text/plain; charset=UTF-8
< content-length: 16
< x-frame-options: SAMEORIGIN
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-c                                                                             heck=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< cf-request-id: 0a10e892d400000ac0a696a000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-c                                                                             gi/beacon/expect-ct"
< set-cookie: __cf_bm=b04492251e1a16bfdad619155f03441f5707d134-1621070150-1800-AS6cROKp+jLfN9ubIJem+TuX5dANVYbshBzqeRTZhheBx6lOtfM8RPRDSGDLEObLD8tWwjbrp+D5Sh4RcCTXGNw=; path=/; expires=Sat, 15-May-21 09:45:50 GMT; domain=.udemy.com; HttpOnly; Secure; SameSite=None
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 64fb4397bea70ac0-NRT
<
{ [16 bytes data]
100    16  100    16    0     0     10      0  0:00:01  0:00:01 --:--:--    10
* Connection #0 to host www.udemy.com left intact
1 Like