File is globally readable:
(venv)tools.video2commons@tools-bastion-02:~$ ls www/static/video2commons.js -al -rw-r--r-- 1 tools.video2commons tools.video2commons 18882 Jan 26 12:31 www/static/video2commons.js
But:
$ curl -v https://tools-static.wmflabs.org/video2commons/video2commons.js * Hostname was NOT found in DNS cache * Trying 208.80.155.174... * Connected to tools-static.wmflabs.org (208.80.155.174) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES128-GCM-SHA256 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Wikimedia Foundation, Inc.; CN=*.wmflabs.org * start date: 2015-09-15 15:41:05 GMT * expire date: 2016-09-15 15:41:05 GMT * subjectAltName: tools-static.wmflabs.org matched * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2 * SSL certificate verify ok. > GET /video2commons/video2commons.js HTTP/1.1 > User-Agent: curl/7.35.0 > Host: tools-static.wmflabs.org > Accept: */* > < HTTP/1.1 403 Forbidden * Server nginx/1.4.6 (Ubuntu) is not blacklisted < Server: nginx/1.4.6 (Ubuntu) < Date: Tue, 26 Jan 2016 12:32:52 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 177 < Connection: keep-alive < <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.4.6 (Ubuntu)</center> </body> </html> * Connection #0 to host tools-static.wmflabs.org left intact
Setting X-Wikimedia-Debug doesn't work either.