Apologies if someone's already responded - I usually get these a little later than most...

My first guess would be that your web server is expecting NTLM authentication, or possibly no authentication.

To verify: I'd try the same request, but remove the -u parm, and add a -v (verbose). You should get back some headers that say which authentication methods are accepted for this URL - perhaps BASIC or NTLM. If you don't see Basic listed, you can't use Basic authentication (the -u option) to access that url.

If the server is yours, you could check the event log to see if there are any security violations that would point you in the right direction...

--Kevin

>>> Erik Parker <eparker_at_mindsec.com> 12/18/00 4:23 PM >>>
curl -u username:pass -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" https://secure.domain.com/subdir/file.txt

Strangely using this doesn't work. If I use IE to the same url, same
User/pass, works just fine.

The remote server is running IIS.. I don't know anything more about it
really, except that if it were Apache, I bet it'd work.

IIS gives the error "HTTP 401.3 - Access denied by ACL on resource"

* SSL connection using EXP1024-RC4-SHA
* Server certificate:
* subject: /C=US/ST=Pennsylvania/L=Allentown/O=Company Inc/OU=IS Development/OU=Terms of use at www.verisign.com/rpa
(c)00/CN=secure.domain.com
* issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server
Certification Authority
* Connected to secure.domain.com (#.#.#.#)
> GET /subdir/file.txt HTTP/1.0
Authorization: Basic aGVscG15Ym9va3NcYWVsaXg6YWVsaXg=
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: secure.domain.com
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

Erik Parker
Mind Security

An armed society, is a polite society.
Received on 2000-12-19