[MDEV-38680] Unexpected error 403 (Cloudflare Bot Protection) when configuring the Debian repository - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Cannot Reproduce
Affects Version/s: None
Fix Version/s: N/A
Component/s: Repositories
Labels:
None

Bug Category:
Not for Release Notes

Description

Try to follow https://mariadb.com/docs/server/server-management/install-and-upgrade-mariadb/installing-mariadb/binary-packages/gpg#mariadb-community-server-debian-ubuntu-key

I got 403 in GitHub Actions while trying to build Docker images https://github.com/ddev/ddev/pull/8062

This is something new, because we build Docker images with MariaDB repositories in daily tests, and this was not the case yesterday.

At the same time I can download these files from the browser.

$ curl -fsSL -O https://supplychain.mariadb.com/mariadb-keyring-2025.gpg

curl: (22) The requested URL returned error: 403

$ curl -LsSf https://downloads.mariadb.com/MariaDB/mariadb_repo_setup -o mariadb_repo_setup

curl: (22) The requested URL returned error: 403

$ curl -fsSL -O -v https://supplychain.mariadb.com/mariadb-keyring-2025.gpg

* Host supplychain.mariadb.com:443 was resolved.

* IPv6: 2606:4700::6811:bf0e, 2606:4700::6812:8718

* IPv4: 104.18.135.24, 104.17.191.14

*   Trying [2606:4700::6811:bf0e]:443...

* Immediate connect fail for 2606:4700::6811:bf0e: Network is unreachable

*   Trying 104.18.135.24:443...

* ALPN: curl offers h2,http/1.1

} [5 bytes data]

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

} [1567 bytes data]

* SSL Trust Anchors:

*   CAfile: /etc/ssl/certs/ca-certificates.crt

{ [5 bytes data]

* TLSv1.3 (IN), TLS handshake, Server hello (2):

{ [1210 bytes data]

* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):

{ [1 bytes data]

* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):

{ [19 bytes data]

* TLSv1.3 (IN), TLS handshake, Certificate (11):

{ [2527 bytes data]

* TLSv1.3 (IN), TLS handshake, CERT verify (15):

{ [78 bytes data]

* TLSv1.3 (IN), TLS handshake, Finished (20):

{ [52 bytes data]

* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):

} [1 bytes data]

* TLSv1.3 (OUT), TLS handshake, Finished (20):

} [52 bytes data]

* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey

* ALPN: server accepted h2

* Server certificate:

*   subject: CN=mariadb.com

*   start date: Jan 22 08:24:05 2026 GMT

*   expire date: Apr 22 09:23:58 2026 GMT

*   issuer: C=US; O=Google Trust Services; CN=WE1

*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256

*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384

*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384

*   subjectAltName: "supplychain.mariadb.com" matches cert's "*.mariadb.com"

* SSL certificate verified via OpenSSL.

* Established connection to supplychain.mariadb.com (104.18.135.24 port 443) from 192.168.1.84 port 49458

* using HTTP/2

* [HTTP/2] [1] OPENED stream for https://supplychain.mariadb.com/mariadb-keyring-2025.gpg

* [HTTP/2] [1] [:method: GET]

* [HTTP/2] [1] [:scheme: https]

* [HTTP/2] [1] [:authority: supplychain.mariadb.com]

* [HTTP/2] [1] [:path: /mariadb-keyring-2025.gpg]

* [HTTP/2] [1] [user-agent: curl/8.18.0]

* [HTTP/2] [1] [accept: */*]

} [5 bytes data]

> GET /mariadb-keyring-2025.gpg HTTP/2

> Host: supplychain.mariadb.com

> User-Agent: curl/8.18.0

> Accept: */*

* Request completely sent off

} [5 bytes data]

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

{ [238 bytes data]

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

{ [238 bytes data]

< HTTP/2 403

< date: Tue, 27 Jan 2026 20:16:40 GMT

< content-type: text/html; charset=UTF-8

< content-length: 8958

< accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA

< cf-mitigated: challenge

< critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA

< cross-origin-embedder-policy: require-corp

< cross-origin-opener-policy: same-origin

< cross-origin-resource-policy: same-origin

< origin-agent-cluster: ?1

< permissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()

< referrer-policy: same-origin

< server-timing: chlray;desc="9c4aedde4c7dbfe4"

< x-content-type-options: nosniff

< x-frame-options: SAMEORIGIN

< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0

< expires: Thu, 01 Jan 1970 00:00:01 GMT

< server: cloudflare

< cf-ray: 9c4aedde4c7dbfe4-WAW

* The requested URL returned error: 403

{ [5 bytes data]

* Connection #0 to host supplychain.mariadb.com:443 left intact

curl: (22) The requested URL returned error: 403

Attachments

Activity

People

Assignee:: Daniel Bartholomew

Reporter:: Stas Zhuk

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2026-01-27 20:18

Updated:: 2026-01-30 16:33

Resolved:: 2026-01-30 16:33

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.