Search Results

Search found 53168 results on 2127 pages for 'http profile'.

Page 11/2127 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • Incorrect gzipping of http requests, can't find who's doing it

    - by Ned Batchelder
    We're seeing some very strange mangling of HTTP responses, and we can't figure out what is doing it. We have an app server handling JSON requests. Occasionally, the response is returned gzipped, but with incorrect headers that prevent the browser from interpreting it correctly. The problem is intermittent, and changes behavior over time. Yesterday morning it seemed to fail 50% of the time, and in fact, seemed tied to one of our two load-balanced servers. Later in the afternoon, it was failing only 20 times out of 1000, and didn't correlate with an app server. The two app servers are running Apache 2.2 with mod_wsgi and a Django app stack. They have identical Apache configs and source trees, and even identical packages installed on Red Hat. There's a hardware load balancer in front, I don't know the make or model. Akamai is also part of the food chain, though we removed Akamai and still had the problem. Here's a good request and response: * Connected to example.com (97.7.79.129) port 80 (#0) > POST /claim/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > Referer: http://example.com/apps/ > Accept-Encoding: gzip,deflate > Content-Length: 29 > Content-Type: application/x-www-form-urlencoded > } [data not shown] < HTTP/1.1 200 OK < Server: Apache/2 < Content-Language: en-us < Content-Encoding: identity < Content-Length: 47 < Content-Type: application/x-javascript < Connection: keep-alive < Vary: Accept-Encoding < { [data not shown] * Connection #0 to host example.com left intact * Closing connection #0 {"msg": "", "status": "OK", "printer_name": ""} And here's a bad one: * Connected to example.com (97.7.79.129) port 80 (#0) > POST /claim/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > Referer: http://example.com/apps/ > Accept-Encoding: gzip,deflate > Content-Length: 29 > Content-Type: application/x-www-form-urlencoded > } [data not shown] < HTTP/1.1 200 OK < Server: Apache/2 < Content-Language: en-us < Content-Encoding: identity < Content-Type: application/x-javascript < Content-Encoding: gzip < Content-Length: 59 < Connection: keep-alive < Vary: Accept-Encoding < X-N: S < { [data not shown] * Connection #0 to host example.com left intact * Closing connection #0 ?V?-NW?RPR?QP*.I,)-???A??????????T??Z? ??/ There are two things to notice about the bad response: It has two Content-Encoding headers, and the browsers seem to use the first. So they see an identity encoding header, and gzipped content, so they can't interpret the response. The bad response has an extra "X-N: S" header. Perhaps if I could find out what intermediary adds "X-N: S" headers to responses, I could track down the culprit...

    Read the article

  • Strange request - http://66.196.81.202/error/vote

    - by mplungjan
    Hi a friend of mine is asking about the request which can for example be found here: http://www.geoidee.ch/geodata/geoserver-2.0.0/logs/2010_11_23.request.log His original message: On a couple of hundred web sites worldwide, one of the 50 most popular "File not found" error 404 is caused by the following request: "GET http://66.196.81.202/error/vote HTTP/1.0" It originates from a user agent that purports to be an iPhone. The two requests that hit my servers appeared to originate near Frankfort, Germany. The IP address in the request is part of Yahoo although I doubt that Yahoo had any intentional part. fe1.buzz.vip.re1.yahoo.com The HTTP request has a host header 66.196.81.202 and a X-Forwarded-For of 96.6.99.16 and my IP address I expected to be able to do a Google search and find some kind of security bulletin on it, but I found nothing. It could just be that my search skills are deficient. Thanks for any pointers to what this could be

    Read the article

  • http(/* argument here */) How is this Object (Http) being used without an explicit or implicit meth

    - by Randin
    In the example for coding with Json using Databinder Dispatch Nathan uses an Object (Http) without a method, shown here: import dispatch._ import Http._ Http("http://www.fox.com/dollhouse/" >>> System.out ) How is he doing this? Thank you for all of the answers unfortunatly I was not specific enough... It looks like it is simply passing an argument to a constructor of class or companion object Http. In another example, I've seen another form: http = new Http http(/* argument here */) Is this valid Scala? I guess it must be, because the author is a Scala expert. But it makes no sense to me. Actions are usually performed by invoking methods on objects, whether explicitly as object.doSomething() or implicitly as object = something (using the apply() method underneath the syntactic sugar). All I can think of is that a constructor is being used to do something in addition to constructing an object. In other words, it is having side effects, such as in this case going off and doing something on the web.

    Read the article

  • Eclipse 3.5.1 update error (HTTP 503)

    - by PiedPiper
    I'm trying to update Eclipse 5.3.1 (on Gentoo Linux) from the Galileo Discovery Site and I get this error message: Network connection problems encountered during search. Unable to access "http://download.eclipse.org/releases/galileo". Error accessing site stream. [Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd] Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd Error accessing site stream. [Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd] Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd It seems the 503 error code is intended to stop software from constantly downloading this file from w3.org. But how do I persuade Eclipse to stop requesting it?

    Read the article

  • Mercurial mirror: abort: No such file or directory: http://[...]/00manifest.i

    - by Sridhar Ratnakumar
    I am trying to setup a daily mirror of a mercurial repository - code.python.org in particular - within our local network, and serve that via Apache HTTPD. On the remote host that hosts apache, I did this: $ cd /var/www $ hg clone http://code.python.org/hg/trunk/ On my macbook, I ran: $ hg -v clone http://remote/trunk/ (falling back to static-http) abort: No such file or directory: http://remote/trunk/.hg/store/00manifest.i Google does not show any relevant result for this particular error. I remember back in those days being able to setup Bazaar mirrors by a simple clone. Doesn't Mercurial work like that? How do I setup a mirror that must further act like a clone URL?

    Read the article

  • Resolve SRs Faster Using RDA - Find the Right Profile

    - by Daniel Mortimer
    Introduction Remote Diagnostic Agent (RDA) is an excellent command-line data collection tool that can aid troubleshooting / problem solving. The tool covers the majority of Oracle's vast product range, and its data collection capability is comprehensive. RDA collects data about the operating system and environment, including environment variable, kernel settings network o/s performance o/s patches and much more the Oracle Products installed, including patches logs and debug metrics configuration and much more In effect, RDA can obtain a snapshot of an Oracle Product and its environment. Oracle Support encourages the use of RDA because it greatly reduces service request resolution time by minimizing the number of requests from Oracle Support for more information. RDA is designed to be as unobtrusive as possible; it does not modify systems in any way. It collects useful data for Oracle Support only and a security filter is provided if required. Find and Use the Right RDA Profile One problem of any tool / utility, which covers a large range of products, is knowing how to target it against only the products you wish to troubleshoot. RDA does not have a GUI. Nor does RDA have an intelligent mechanism for detecting and automatically collecting data only for those Oracle products installed. Instead, you have to tell RDA what to do. There is a mind boggling large number of RDA data collection modules which you can configure RDA to use. It is easier, however, to setup RDA to use a "Profile". A profile consists of a list of data collection modules and predefined settings. As such profiles can be used to diagnose a problem with a particular product or combination of products. How to run RDA with a profile? ( <rda> represents the command you selected to run RDA (for example, rda.pl, rda.cmd, rda.sh, and perl rda.pl).) 1. Use the embedded spreadsheet to find the RDA profile which is appropriate for your problem / chosen Oracle Fusion Middleware products. 2. Use the following command to perform the setup <rda> -S -p <profile_name>  3. Run the data collection <rda> Run the data collection. If you want to perform setup and run in one go, then use a command such as the following: <rda> -vnSCRP -p <profile name> For more information, refer to: Remote Diagnostic Agent (RDA) 4 - Profile Manual Pages [ID 391983.1] Additional Hints / Tips: 1. Be careful! Profile names are case sensitive.2. When profiles are not used, RDA considers all existing modules by default. For example, if you have downloaded RDA for the first time and run the command <rda> -S you will see prompts for every RDA collection module many of which will be of no interest to you. Also, you may, in your haste to work through all the questions, forget to say "Yes" to the collection of data that is pertinent to your particular problem or product. Profiles avoid such tedium and help ensure the right data is collected at the first time of asking.

    Read the article

  • ftp server offering http access ?

    - by MikeJ
    Is there an FTP server that can also provide access via HTTP? Or what do I need to do to set up the mirror of FTP through HTTP access ? Some of my clients cannot access our FTP because of corporate policy and cannot get updates from me. However, they can use HTTP. Currently I use filezilla because it was fast/easy to set up but would switch to something with more flexibility.

    Read the article

  • check file revision through http only

    - by romant
    if the svn repo is exposed through say : http://svn to the users, and there's a file called script.sh Is there a way one can get the latest revision number of script.sh by means of just http access? Something along the lines of http://svn/rev?script.sh ?! Thank you.

    Read the article

  • Limit HTTP VERBS on Apache2

    - by user72295
    I am trying to limit the use of certain HTTP verbs on my site. I entered the following into my VirtualHost config file within the Directory element: <Limit GET POST HEAD> Allow from all </Limit> <Limit PUT DELETE OPTIONS> Deny from all </Limit> This seemed to work but with unexpected results: I ran the following telnet/HTTP commands before and after this change, open server 80 OPTIONS server/abs_path HTTP/1.1 User-Agent: Telnet/1.0 Host: server before the change I received a successful response with the Allowed headers. After the change, however, I was expecting to receive a 405 'Method not allowed' response but rather I received a 403 'Access Forbidden' response. What do I need to change in apache to return the 405 HTTP response? Many thanks

    Read the article

  • Configure tomcat behind loadbalancer to respond on HTTP and HTTPS

    - by user253530
    I have 2 tomcat machines behind a load balancer on Amazon EC2. Until now The load balancer was configured to respond only on https. So in order to access our services you would go to https://url. Tomcat was configured to listen on 8080 but the connector had additional params that would tell tomcat that it is behind a proxy and that it should respond on HTTPS 443. The connector looks like this: <Connector scheme="https" secure="true" proxyPort="443" proxyHost="my.domain.name" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" /> What i would like to do is to open port 80 on the load balancer and basically allow traffic on HTTP and HTTPS. I've configured the load balancer to redirect all HTTP traffic to the tomcat machines on port 8088. I was thinking that i could define a new connector so that all HTTPS traffic goes to 8080 and HTTP to 8088. Unfortunately i did not succeed. Here is my connector <Connector port="8088" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" /> Am I missing something? Thanks

    Read the article

  • Mercurial mirror: abort: No such file or directory: http://[...]/00manifest.i

    - by Sridhar Ratnakumar
    I am trying to setup a daily mirror of a mercurial repository - code.python.org in particular - within our local network, and serve that via Apache HTTPD. On the remote host that hosts apache, I did this: $ cd /var/www $ hg clone http://code.python.org/hg/trunk/ On my macbook, I ran: $ hg -v clone http://remote/trunk/ (falling back to static-http) abort: No such file or directory: http://remote/trunk/.hg/store/00manifest.i Google does not show any relevant result for this particular error. I remember back in those days being able to setup Bazaar mirrors by a simple clone. Doesn't Mercurial work like that? How do I setup a mirror that must further act like a clone URL?

    Read the article

  • Understanding tcptraceroute versus http response

    - by kojiro
    I'm debugging a web server that has a very high wait time before responding. The server itself is quite fast and has no load, so I strongly suspect a network problem. Basically, I make a web request: wget -O/dev/null http://hostname/ --2013-10-18 11:03:08-- http://hostname/ Resolving hostname... 10.9.211.129 Connecting to hostname|10.9.211.129|:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘/dev/null’ 2013-10-18 11:04:11 (88.0 KB/s) - ‘/dev/null’ saved [13641] So you see it took about a minute to give me the page, but it does give it to me with a 200 response. So I try a tcptraceroute to see what's up: $ sudo tcptraceroute hostname 80 Password: Selected device en2, address 192.168.113.74, port 54699 for outgoing packets Tracing the path to hostname (10.9.211.129) on TCP port 80 (http), 30 hops max 1 192.168.113.1 0.842 ms 2.216 ms 2.130 ms 2 10.141.12.77 0.707 ms 0.767 ms 0.738 ms 3 10.141.12.33 1.227 ms 1.012 ms 1.120 ms 4 10.141.3.107 0.372 ms 0.305 ms 0.368 ms 5 12.112.4.41 6.688 ms 6.514 ms 6.467 ms 6 cr84.phlpa.ip.att.net (12.122.107.214) 19.892 ms 18.814 ms 15.804 ms 7 cr2.phlpa.ip.att.net (12.122.107.117) 17.554 ms 15.693 ms 16.122 ms 8 cr1.wswdc.ip.att.net (12.122.4.54) 15.838 ms 15.353 ms 15.511 ms 9 cr83.wswdc.ip.att.net (12.123.10.110) 17.451 ms 15.183 ms 16.198 ms 10 12.84.5.93 9.982 ms 9.817 ms 9.784 ms 11 12.84.5.94 14.587 ms 14.301 ms 14.238 ms 12 10.141.3.209 13.870 ms 13.845 ms 13.696 ms 13 * * * … 30 * * * I tried it again with 100 hops, just to be sure – the packets never get there. So how is it that the server does respond to requests via http, even after a minute? Shouldn't all requests just die? I'm not sure how to proceed debugging why this server is slow (as opposed to why it responds at all).

    Read the article

  • setup dns to redirect all http requests on a specific machine in LAN

    - by mox601
    Hello, i should set up the following configuration with 2 machines: machine A issues HTTP requests machine B serves the pages requested by A For testing purposes, i want that EVERY HTTP request issued by machine A gets served by machine B. For example, machine A browser tries to access www.website.com/article.php?1234 machine B has a folder in its http server that has the content and replies to A. How can I set up a dns on machine B to point ALL requests to itself? Thanks

    Read the article

  • Access Profile Provider property values in ASPX files

    - by AsM
    We have several companies using one web application. Companies may decide to display different values in Labels. e.g. CompanyA - ZipCodeCaption = "Zip Code" CompanyB - ZipCodeCaption = "Pin Code" CompanyA - USDSymbolCaption = "USD" CompanyB - USDSymbolCaption = "$" We are using profile provider to store each company's settings. We would like to access these profile values in ASPX to assign values to Label's text properties just like Web Config app settings are accessed in aspx. e.g. " Is this possible? Is there a better way to go about doing this?

    Read the article

  • iphone configuration profile installed via webkit.

    - by mamel
    Good day! I am using Xcode 3.1.4 and iPhone SDK 2.2.1. I am creating an iphone application and i would need the user to download a custom configuration profile (created by me) from a URL loaded via webkit. I have tested the URL in safari and it downloads and installs the profile just fine. however, the url opened via webkit could NOT download it. Why is this happening? Is this really possible? any help would be much appreciated. thanks.

    Read the article

  • Splitting an HTTP request into multiple byte-range requests

    - by redpola
    I have arrived at the unusual situation of having two completely independent Internet connections to my home. This has the advantage of redundancy etc but the drawback that both connections max out at about 6Mb/s. So one individual outbound http request is directed by my "intelligent gateway" (TP-LINK ER6120) out over one or the other connection for its lifetime. This works fine over complex web pages and utilises both external connects fine. However, single-http-request downloads are limited to the maximum rate of one of the two connections. So I'm thinking, surely I can setup some kind of proxy server to direct all my http requests to. For each incoming http request, the proxy server will issue multiple byte-range requests for the desired data and manage the reassembly and delivery of that data to the client's request. I can see this has some overhead, and also some edge cases where there will be blocking problems waiting for data. I also imagine webmasters of single-servers would rather I didn't hit them with 8 byte-range requests instead of one request. How can I achieve this http request deconstruct/reconstruction? Or am I just barking mad?

    Read the article

  • Client Profile Application prerequisites

    - by Carlo
    One last question about Client Profile installation. I downloaded the Microsoft .NET Framework Client Profile Online Installer because we want to put it in the installation CD because our end user might not have either .net framework 3.5 or internet. So we want to be able to handle both cases. In the prerequisites I'm able to select the location of where the file will be, but I don't know where it should be. I want to be able to somehow put the path of the cd, something like d:\ProductName\Prerequisites\DotNetFx35ClientSetup.exe so it can get it and install it from there. Does anyone have an idea of how this can be achieved? Thank you. Here's the prerequisites window:

    Read the article

  • Clickonce + .net client profile 4 framework + offline

    - by grimmersnee
    Hi, I have a windows form project using VS2010 and I am deploying using clickonce. I need the application to work offline as well as online. I have configured the prerequisite - .net client profile 4 and set the location to the same as the application. Everything seems to work as expected, but upon testing I have found it takes 5+ minutes to install the .net client profile 4 and it also requires a reboot. Why does it take so long to install offline (I thought this was going to be mega fast like promised? And why does it require a reboot!!!!????

    Read the article

  • How to eliminate the domain suffix off my user profile folder when migrating to a new domain?

    - by Jerry Dodge
    We have just upgraded a decade old SBS 2003 server to a brand new SBS 2011 machine. During the process, over 30 other client/server machines on that domain also needed to be dis-joined and re-joined from the old domain to the new one. These domains have different names and is not migrated in any way. It's built from scratch. Since each client machine had very unique user profiles under this domain, we needed to make sure these were all backed up and migrated over to the new domain. For the most part, profiles were migrated with no hassle, just by renaming the user profile folder names. However, in one case, when I log in to my domain account, it creates a profile folder with a suffix of the new domain name. I have replaced all the files in the profile's root which begin with "ntuser" with the files of the new profile. The only problem is half the applications can't find their data, because the folder name is different. How can I change this folder name and maintain this profile on the new domain? I have deleted every user account (except admin), deleted their profiles/folders, removed them from the registry, and made sure every trace of this account was gone. The computer was basically a dummy with only an admin account. Then, I log into the machine under my new domain user account (same username as the old domain). It creates a profile folder with my username plus a suffix extension of the new domain name. The client machine is Windows 7 Ultimate, the old server was SBS 2003, and the new server is SBS 2011.

    Read the article

  • What is correct HTTP status code when redirecting to a login page?

    - by PHP_Jedi
    When a user is not logged in and tries to access an page that requires login, what is the correct HTTP status code for a redirect to the login page? I don't feel that any of the 3xx fit that description. 10.3.1 300 Multiple Choices The requested resource corresponds to any one of a set of representations, each with its own specific location, and agent- driven negotiation information (section 12) is being provided so that the user (or user agent) can select a preferred representation and redirect its request to that location. Unless it was a HEAD request, the response SHOULD include an entity containing a list of resource characteristics and location(s) from which the user or user agent can choose the one most appropriate. The entity format is specified by the media type given in the Content- Type header field. Depending upon the format and the capabilities of the user agent, selection of the most appropriate choice MAY be performed automatically. However, this specification does not define any standard for such automatic selection. If the server has a preferred choice of representation, it SHOULD include the specific URI for that representation in the Location field; user agents MAY use the Location field value for automatic redirection. This response is cacheable unless indicated otherwise. 10.3.2 301 Moved Permanently The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise. The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request. 10.3.3 302 Found The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field. The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: RFC 1945 and RFC 2068 specify that the client is not allowed to change the method on the redirected request. However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client. 10.3.4 303 See Other The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable. The different URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). Note: Many pre-HTTP/1.1 user agents do not understand the 303 status. When interoperability with such clients is a concern, the 302 status code may be used instead, since most user agents react to a 302 response as described here for 303. 10.3.5 304 Not Modified If the client has performed a conditional GET request and access is allowed, but the document has not been modified, the server SHOULD respond with this status code. The 304 response MUST NOT contain a message-body, and thus is always terminated by the first empty line after the header fields. The response MUST include the following header fields: - Date, unless its omission is required by section 14.18.1 If a clockless origin server obeys these rules, and proxies and clients add their own Date to any response received without one (as already specified by [RFC 2068], section 14.19), caches will operate correctly. - ETag and/or Content-Location, if the header would have been sent in a 200 response to the same request - Expires, Cache-Control, and/or Vary, if the field-value might differ from that sent in any previous response for the same variant If the conditional GET used a strong cache validator (see section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers. If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional. If a cache uses a received 304 response to update a cache entry, the cache MUST update the entry to reflect any new field values given in the response. 10.3.6 305 Use Proxy The requested resource MUST be accessed through the proxy given by the Location field. The Location field gives the URI of the proxy. The recipient is expected to repeat this single request via the proxy. 305 responses MUST only be generated by origin servers. Note: RFC 2068 was not clear that 305 was intended to redirect a single request, and to be generated by origin servers only. Not observing these limitations has significant security consequences. 10.3.7 306 (Unused) The 306 status code was used in a previous version of the specification, is no longer used, and the code is reserved. 10.3.8 307 Temporary Redirect The requested resource resides temporarily under a different URI. Since the redirection MAY be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field. The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s) , since many pre-HTTP/1.1 user agents do not understand the 307 status. Therefore, the note SHOULD contain the information necessary for a user to repeat the original request on the new URI. If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. I'm using 302 for now, until I find THE correct answer.

    Read the article

  • Parsing every part of an HTTP header field-value

    - by brickner
    Hi all. I'm parsing HTTP data directly from packets (either TCP reconstructed or not, you can assume it is). I'm looking for the best way to parse HTTP as accurately as possible. The main issue here is the HTTP header. Looking at the basic RFC of HTTP/1.1, it seems that HTTP header parsing would be complex. The RFC describes very complex regular expressions for different parts of the header. Should I write these regular expressions to parse the different parts of the HTTP header? The basic parsing I've written so far for HTTP header is for the generic HTTP header: message-header = field-name ":" [ field-value ] And I've included replacing inner LWS with SP and repeating headers with the same field-name with comma separated values as described in section 4.2. However, looking at section 14.9 for example would show that in order to parse the different parts of the field-value I need a much more complex parsing scheme. How do you suggest I should handle the complex parts of HTTP parsing (specifically the field-value) assuming I want to give the parser users the full capabilities of HTTP and to parse every part of HTTP? Design suggestions for this would also be appreciated. Thanks.

    Read the article

  • ASP.NET and WIF: Showing custom profile username as User.Identity.Name

    - by DigiMortal
    I am building ASP.NET MVC application that uses external services to authenticate users. For ASP.NET users are fully authenticated when they are redirected back from external service. In system they are logically authenticated when they have created user profiles. In this posting I will show you how to force ASP.NET MVC controller actions to demand existence of custom user profiles. Using external authentication sources with AppFabric Suppose you want to be user-friendly and you don’t force users to keep in mind another username/password when they visit your site. You can accept logins from different popular sites like Windows Live, Facebook, Yahoo, Google and many more. If user has account in some of these services then he or she can use his or her account to log in to your site. If you have community site then you usually have support for user profiles too. Some of these providers give you some information about users and other don’t. So only thing in common you get from all those providers is some unique ID that identifies user in service uniquely. Image above shows you how new user joins your site. Existing users who already have profile are directed to users homepage after they are authenticated. You can read more about how to solve semi-authorized users problem from my blog posting ASP.NET MVC: Using ProfileRequiredAttribute to restrict access to pages. The other problem is related to usernames that we don’t get from all identity providers. Why is IIdentity.Name sometimes empty? The problem is described more specifically in my blog posting Identifying AppFabric Access Control Service users uniquely. Shortly the problem is that not all providers have claim called http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name. The following diagram illustrates what happens when user got token from AppFabric ACS and was redirected to your site. Now, when user was authenticated using Windows Live ID then we don’t have name claim in token and that’s why User.Identity.Name is empty. Okay, we can force nameidentifier to be used as name (we can do it in web.config file) but we have user profiles and we want username from profile to be shown when username is asked. Modifying name claim Now let’s force IClaimsIdentity to use username from our user profiles. You can read more about my profiles topic from my blog posting ASP.NET MVC: Using ProfileRequiredAttribute to restrict access to pages and you can find some useful extension methods for claims identity from my blog posting Identifying AppFabric Access Control Service users uniquely. Here is what we do to set User.Identity.Name: we will check if user has profile, if user has profile we will check if User.Identity.Name matches the name given by profile, if names does not match then probably identity provider returned some name for user, we will remove name claim and recreate it with correct username, we will add new name claim to claims collection. All this stuff happens in Application_AuthorizeRequest event of our web application. The code is here. protected void Application_AuthorizeRequest() {     if (string.IsNullOrEmpty(User.Identity.Name))     {         var identity = User.Identity;         var profile = identity.GetProfile();         if (profile != null)         {             if (profile.UserName != identity.Name)             {                 identity.RemoveName();                   var claim = new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", profile.UserName);                 var claimsIdentity = (IClaimsIdentity)identity;                 claimsIdentity.Claims.Add(claim);             }         }     } } RemoveName extension method is simple – it looks for name claims of IClaimsIdentity claims collection and removes them. public static void RemoveName(this IIdentity identity) {     if (identity == null)         return;       var claimsIndentity = identity as ClaimsIdentity;     if (claimsIndentity == null)         return;       for (var i = claimsIndentity.Claims.Count - 1; i >= 0; i--)     {         var claim = claimsIndentity.Claims[i];         if (claim.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")             claimsIndentity.Claims.RemoveAt(i);     } } And we are done. Now User.Identity.Name returns the username from user profile and you can use it to show username of current user everywhere in your site. Conclusion Mixing AppFabric Access Control Service and Windows Identity Foundation with custom authorization logic is not impossible but a little bit tricky. This posting finishes my little series about AppFabric ACS and WIF for this time and hopefully you found some useful tricks, tips, hacks and code pieces you can use in your own applications.

    Read the article

  • .htaccess blocking images on some internal pages

    - by jethomas
    I'm doing some web design for a friend and I noticed that everywhere else on her site images will load fine except for the subdirectory I'm working in. I looked in her .htaccess file and sure enough it is setup to deny people from stealing her images. Fair Enough, except the pages i'm working on are in her domain and yet I still get the 403 error. I'm pasting the .htaccess contents below but I replaced the domain names with xyz, 123 and abc. So specifically the page I'm on (xyz.com/DesignGallery.asp) pulls images from (xyz.com/machform/data/form_1/files) and it results in a forbidden error. RewriteEngine on <Files 403.shtml> order allow,deny allow from all </Files> RewriteCond %{HTTP_REFERER} !^http://xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/data/form_1/files/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/data/form_1/files/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] deny from 69.49.149.17 RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^ArtGraphics\.html$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^ArtGraphics\.asp$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Gear\.asp$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Gear\.html$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^NewsletterSign\-Up\.html$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^NewsletterSign\-Up\.asp$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^KidzStuff\.html$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^KidzStuff\.asp$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]

    Read the article

  • http://localhost does not work, http://127.0.0.1 works

    - by dskanth
    Iam running Zend with Apache and got to see a strange behaviour.... If i type http://127.0.0.1 in my browser url, it works fine, but after typing: http://localhost, i will get a file download window, saying file type as: application/x-httpd-php And in my httpd.conf file, i have the following under VirtualHost *:80 definition: ServerName localhost DocumentRoot E:\zend\Apache2\htdocs\my_project\public Directory E:\zend\Apache2\htdocs\my_project\public Perhaps some configuration problem... can anyone guide me..

    Read the article

  • HTTP: can GET and POST requests from a same machine come from different IPs?

    - by NoozNooz42
    I'm pretty sure I remember reading --but cannot find back the links anymore-- about this: on some ISP (including at least one big ISP in the U.S.) it is possible to have a user's GET and POST request appearing to come from different IPs. (note that this is totally programming related, and I'll give an example below) I'm not talking about having your IP adress dynamically change between two requests. I'm talking about this: IP 1: 123.45.67.89 IP 2: 101.22.33.44 The same user makes a GET, then a POST, then a GET again, then a POST again and the servers see this: - GET from IP 1 - POST from IP 2 - GET from IP 1 - POST from IP 2 So altough it's the same user, the webserver sees different IPs for the GET and the POSTs. Surely seen that HTTP is a stateless protocol this is perfectly legit right? I'd like to find back the explanation as to how/why certain ISP have their networks configured such that this may happen. I'm asking because someone asked me to implement the following IP filter and I'm pretty sure it is fundamentally broken code (breaking havoc for at least one major american ISP users). Here's a Java servlet filter that is supposed to protect against some attacks. The reasoning is that: "For any session filter checks that IP address in the request is the same that was used when session was created. So in this case session ID could not be stolen for forming fake sessions." http://www.servletsuite.com/servlets/protectsessionsflt.htm However I'm pretty sure this is inherently broken because there are ISPs where you may see GET and POST coming from different IPs. Any info on this subject is very welcome.

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >