Is RSS working?

[Advil]

I've used HardForum's tech news link on my page for ages. Noticed the feed isn't showing anything. Is RSS still on?

 

[FrgMstr]

RoldanLT

 

[Nobu]

Seems to work for me.

I was able to add and fetch a feed from this location, but I had to turn on recursive discovery (whatever that does) in my reader. What is the URL for the feed you are using?

 

[RoldanLT]

It still works fine.
https://hardforum.com/forums/-/index.rss

 

[Advil]

I'm trying to pull just the Hardforum Tech News.

RSS Error: A feed could not be found at `https://hardforum.com/forums/hardforum-tech-news.116/index.rss`; the status code is `403` and content-type is `text/html; charset=UTF-8`

 

[Nobu]

That one works for me too.
Curl verbose output (note I get a 200 response):

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host hardforum.com:443 was resolved.
* IPv6: 2606:4700:3037::ac43:de0d, 2606:4700:3034::6815:191b
* IPv4: 172.67.222.13, 104.21.25.27
*   Trying 172.67.222.13:443...
* Connected to hardforum.com (172.67.222.13) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4224 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=hardforum.com
*  start date: Jan 22 23:22:23 2024 GMT
*  expire date: Apr 21 23:22:22 2024 GMT
*  subjectAltName: host "hardforum.com" matched cert's "hardforum.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://hardforum.com/forums/hardforum-tech-news.116/index.rss
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: hardforum.com]
* [HTTP/2] [1] [:path: /forums/hardforum-tech-news.116/index.rss]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /forums/hardforum-tech-news.116/index.rss HTTP/2
> Host: hardforum.com
> User-Agent: curl/8.5.0
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200 
< date: Mon, 29 Jan 2024 01:10:26 GMT
< content-type: application/rss+xml; charset=utf-8
< content-length: 46889
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< last-modified: Mon, 29 Jan 2024 01:08:34 GMT
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: private, no-cache, max-age=0
< strict-transport-security: max-age=63072000; includeSubDomains; preload
< access-control-allow-origin: *
< cf-cache-status: DYNAMIC
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
< 
{ [1360 bytes data]

 72 46889   72 34128    0     0   115k      0 --:--:-- --:--:-- --:--:--  115k
100 46889  100 46889    0     0   157k      0 --:--:-- --:--:-- --:--:--  157k
* Connection #0 to host hardforum.com left intact

 

[Nobu]

The W3C RSS validator seems to think it's getting a webpage instead of a feed, I imagine it's also getting a 403 page (although it's not saying that).

I wonder if CloudFlare is intercepting or maybe DNS is failing somewhere?
Would be helpful if you could capture the HTTP handshake and other communication from your feed reader somehow. Maybe from the browser's debugger?

 

[Advil]

Thanks for looking. Let me see what I can find out on our end. This isn't really my wheelhouse.

I talked to the person keeping up our site and apparently Hostgator pushed some more updates at our Wordpress site sometime recently. May be related.

It was hard to tell what end the was problem was on initially because all major browsers stopped displaying rss feeds natively a few years ago. You wouldn't think a basic RSS widget could be broken very easily it has been happily displaying your feed for years.

 

[Nobu]

So I went to the document validator and it showed indeed it was getting a 403 error. I enabled error page validation and looked at the source, and it's a hardforum generated page which apparently uses javascript to load a challenge form:

document.createElement('script');cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=84d2249d198042eb';window._cf_chl_opt.cOgUHash

Of course your embedded feed couldn't complete the challenge, and XSS (or some other) protection probably prevented it loading anyway.

 

[RoldanLT]

Please PM me your server IP; I'll check the firewall logs.

 

[cjcox]

I agree with those that said the content-type on presentation isn't there. IMHO, the rss feeds "needs some love".

 

[Advil]

Looks like it's up again. RoldanLT working late. Thanks.

​