why server reject curl client on specific url path in php but curl in bash doesn't

Question

I'm trying to send a POST request to a destination server via curl in PHP but it does work fine on some URL

/machines/{machineID(5digit)}/doSomething >> doesn't work 
/machines/{machineID}(6digit)/doSomething >> working fine..

first I used Guzzle to made a request but It cause the same problem. So, I changed to curl. now It causes me the same problem again. but the weirdest part is If I use curl in bash. It works fine for both URLs like a charm. and It also works in Python as well. So, I don't know what happened I did some search and found this forum and I followed it already. still doesn't work. and both URLs return the same status code which is 200. It is even harder for me to debug this. is there any workaround in this situation.

Here is what I've found when I use curl -v and curl_setopt($curl, CURLOPT_VERBOSE, 1);

curl in bash (working fine)

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to xxxx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / xxxxx
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.xx.com
*  start date: Aug 14 00:00:00 2021 GMT
*  expire date: Sep 12 23:59:59 2022 GMT
*  subjectAltName: host "api.xxx.com" matched cert's "*.xxx.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5649d4954600)

> POST /machines/xxxxx/dosomething HTTP/2
> Host: api.xxx.com
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> x-api-key:xxx
> organization-id:xxx
> auth-token:xxx
> Content-Length: 29
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine

< HTTP/2 200
< date: Tue, 21 Sep 2021 09:35:55 GMT
< content-type: application/json; charset=utf-8
< content-length: 893
< server: nginx/1.20.0
< vary: Origin
< access-control-allow-origin: *
< access-control-expose-headers: auth-token
< x-ratelimit-limit: 50
< x-ratelimit-remaining: 49
< x-ratelimit-reset: 60
< auth-token: xxx
<
* Connection #0 to host api.xxx.com left intact
{json response here}

from curl client in PHP (work only for some routes)

*   Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to api.xx.com (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / xxxxx
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.xx.com
*  start date: Aug 14 00:00:00 2021 GMT
*  expire date: Sep 12 23:59:59 2022 GMT
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560738143210)

> POST /machines/xxxxx/doSomething HTTP/2
Host: api.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
Content-Type: application/json
Accept: */*
x-api-key:xxx
organization-id:xxx
auth-token: xxxx
Content-Length: 29

* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 200
< date: Wed, 22 Sep 2021 15:25:49 GMT
< content-type: application/json; charset=utf-8
< content-length: 893
< server: nginx/1.20.0
< vary: Origin
< access-control-allow-origin: *
< access-control-expose-headers: auth-token
< x-ratelimit-limit: 50
< x-ratelimit-remaining: 48
< x-ratelimit-reset: 57
< alliancels-auth-token:  xxx
<
* Connection #0 to host api.xxx.com left intact

Yes, I just did but still doesn't work. but thank you anyway :) — tanawat yakit, Sep 23 '21 at 02:31

why server reject curl client on specific url path in php but curl in bash doesn't

0 Answers0