Search Results

Search found 14878 results on 596 pages for 'mod security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 201/596 | < Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >

  • Rewrite all URL requests to https://www.example.com/$1

    - by xylar
    I have two domains, example.com and example.co.uk, that use the same application on my server. I would like to rewrite the address of the URL depending on what the user types in. The only URLs I want are https://www.example.com and https://www.example.co.uk In my .htaccess file I have the following: # Turn on URL rewriting RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.co.uk$ [NC] RewriteRule ^(.*)$ https://www.example.co.uk/$1 [L,R=301] RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301] If I goto http://www.example.com it doesn't add the https, if I goto http://example.com it does. What is the best way of making the ReWriteCond match the www url?

    Read the article

  • Apache MOD_REWRITE Domain Level Cookie

    - by BigMadKev
    I need to deal with Affiliate Tracking on our website. In our .htaccess we have: RewriteCond %{QUERY_STRING} affiliate=(.*) RewriteRule ^(.*)$ $1? [NC,R,L,co=AFFID:%1:%{HTTP:Host}:7200:/] Which creates a COOKIE called AFFID with the value of the URL Parameter affiliate. But the Cookie is not for the whole domain, i.e. Going to http://www.domain.com/?affiliate=bmk sets the AFFID cookie with the value bmk for .www.domain.com but I would like ti to be for .domain.com so that it can be used across our secure domain which will be secure.domain.com Any help would be appreciated Cheers

    Read the article

  • Reason to use more cookies than just a session hash for authentication?

    - by dierre
    I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

    Read the article

  • How do I ignore a directory in mod_rewrite?

    - by eddowding
    I'm trying to have the modrewrite rules skip the directory vip. I've tried a number of things as you can see below, but to no avail. # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / #RewriteRule ^vip$ - [PT] RewriteRule ^vip/.$ - [PT] #RewriteCond %{REQUEST_URI} !/vip RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress How do I get modrewrite to entirely ignore the /vip/ directory so that all requests pass directly to the folder?

    Read the article

  • How are CD Keys generated?

    - by The Rook
    CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

    Read the article

  • Html encoding in MVC input

    - by fearofawhackplanet
    I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

    Read the article

  • Reliably detect caller domain over cURL request?

    - by Utkanos
    OK so server-side security is not my forte. Basically, I'm building a service which users may use (via an SDK) only on the domain they stipulated when they signed up. The SDK calls my web service over cURL in PHP. Would I be right in thinking I cannot reliably detect the caller domain, i.e. enforce that it is the same domain they stipulated when signing up? cURL of course sends this over headers, but headers can always (?) be faked. Is there a better course of action to enforce domain for this sort of thing? (NB I'm already using an API key, too - it's just I wanted to restrict domain, too) Thanks in advance

    Read the article

  • apache proxy module gives 403 forbidden error

    - by naiquevin
    I am trying to use the apache's proxy module for working with xmpp on ubuntu desktop. For this i did the following things - 1) enabled mod_proxy by creating a symlink of proxy.conf, proxy.load and proxy_http.load from /etc/apache2/mods-available/ in the mods-enabled directory. 2) Added the following lines to the vhost <Proxy http://mydomain.com/httpbind> Order allow,deny Allow from all </Proxy> ProxyPass /httpbind http://mydomain.com:7070/http-bind/ ProxyPassReverse /httpbind http://mydomain.com:7070/http-bind/ I am new to using the proxy module but what i can make from the above lines is that requests to http://mydomain.com/httpbind will be forwarded to http://mydomain.com:7070/http-bind/. Kindly correct if wrong. 3) added rule Allow from .mydomain.com in /mods-available/proxy.conf Now i try to access http://mydomain.com/httpbind and it shows 403 Forbidden error.. What am i missing here ? Please help. thanks Edit : The problem got solved when i changed the following code in mods_available/proxy.conf <Proxy *> AddDefaultCharset off Order deny,allow Deny from all Allow from mydomain.com </Proxy> to <Proxy *> AddDefaultCharset off Order deny,allow #Deny from all Allow from all </Proxy> Didnt get what was wrong with the initial code though

    Read the article

  • PHP rewrite giving 404, .htaccess problem?

    - by Hamid
    I have the following .htaccess: #Options +FollowSymLinks RewriteEngine on RewriteBase /phptest on my local testing server (http://localhost) I have to uncomment the first line for the site to work. Otherwise I get Error 403 (Forbidden). Once I upload the page to my webserver (FastHosts) I get Error 500 (Internal Server Error) if the first line is not commented out. If I comment it out, my page loads but it cannot find the page content which is mydomain.com/phptest/Home I get a 404. Any suggestions on what the problem might be?

    Read the article

  • How to use a rewrite rule to force calls for "domain.tld/subdir/file.html" to show as "subdir.domain.tld/file.html"?

    - by Wion
    Hi! First time poster. Very new to mod_rewrite. I'm on a shared server and the context of this problem is with a virtual directory under my root account. The domain (domain.tld) will have subdirectories representing annual mini-sites of static .html files. Subdirectory names (yyyy) will be the 4-digit year (e.g., "2010"). I want any call to domain.tld/yyyy/file.html to appear as yyyy.domain.tld/file.html in the browser address bar, and (of course) for the page to load properly. I already force dropping “www” by using… RewriteCond %{HTTP_HOST} ^www\.domain\.tld [NC] RewriteRule (.*) http://domain.tld/$1 [R=301,L] So far so good. But no matter what I try after that, I can’t get the subdomain to force to the front of the domain. Here’s one of the more complicated examples I’ve tried (no doubt wrong)… RewriteCond %{HTTP_HOST} ^domain\.tld/([0-9]+)/([a-z-]+)\.html [NC] RewriteRule (.*) %1.domain.tld/%2.html [NC] This doesn’t break anything (that I can tell), but it doesn’t do what I want either. I.e., if I type yyyy.domain.tld, I’ll see yyyy.domain.tld in the address bar, and navigating around will give me yyyy.domain.tld/file.html, etc. Fine. But if also type domain.tld/yyyy I’ll see domain.tld/yyyy, etc, which is not how I want people to see it. It doesn’t redirect or mask or alias or whatever you call it. Is it even possible to force one look over the other like that? Should I be handling this with DNS instead? Thanks in advance!

    Read the article

  • Combing a symlink to an external folder with a Rewrite Rule?

    - by Tristan
    I've created a symlink in an account to an folder external to that user account (although with the same ownership). The symlink works but I'd like to combine it with a RewriteRule, and I'm having problems with that. For instance I create the symlink with: ln -s /home/target shortcut And I add the following RewriteRule to .htaccess: RewriteRule ^shortcut/([a-zA-Z0-9_-]+) shortcut/index.php?var=$1 This however fails. Yet if instead of being located in an external folder, the target folder is in the same folder as the shortcut address, then the RewriteRule will work. i.e. it works if the symlink is: ln -s ./target shortcut How might I get the RewriteRule working for the case where the target folder is an external folder?

    Read the article

  • mod_rewrite not working for a specific directory

    - by punkish
    This has got me completely foxed for a couple of days now, and I am convinced that I will look stupid once I solve it, but will be even stupider if I don't ask for help now. I have mod_rewrite working successfully on my localhost (no vhosts involved; this is my laptop, my development machine), and I use .htaccess in various directories to help rewrite crufty URLs to clean ones. EXCEPT... it doesn't work in one directory. Since it is impossible to reproduce my entire laptop in this question, I provide the following details. In my httpd.conf, I have mod_rewrite.so loaded. LoadModule rewrite_module modules/mod_rewrite.so In my httpd.conf, I have included another conf file like so Include /usr/local/apache2/conf/other/punkish.conf In my punkish.conf, I have directories defined like so DocumentRoot "/Users/punkish/Sites" <Directory "/Users/punkish/Sites"> Options ExecCGI AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/Users/punkish/Sites/one"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory "/Users/punkish/Sites/two"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> In ~/Sites/one I have the following .htaccess file RewriteEngine On RewriteBase /one/ # If an actual file or directory is requested, serve directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Otherwise, pass everything through to the dispatcher RewriteRule ^(.*)$ index.cgi/$1 [L,QSA] and, everything works just fine. However, in my directory ~/Sites/two I have the following .htaccess file RewriteEngine On RewriteBase /two/ # If an actual file or directory is requested, serve directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Otherwise, pass everything through to the dispatcher RewriteRule ^(.*)$ index.cgi/$1 [L,QSA] and, nothing works. Nada. Zip. Zilch. I just get a 404. I have determined that mod_rewrite is not even looking at my ~/Sites/two/.htaccess by putting spurious commands in it and not getting any error other than 404. Another confounding issue -- I have turned on RewriteLog in my httpd.conf with RewriteLogLevel 3, but my rewrite_log is completely empty. I know this is hard to trouble shoot unless sitting physically at the computer in question, but I hope someone can give me some indication as to what is going on. **Update: ** There are no aliases involved anywhere. This is my laptop, and everything is under the above stated Document Root, so I just access each directory as http://localhost/. Yes, typos are a big possibility (I did say that I will look stupid once I solve it, however, for now, I have not discovered a single typo anywhere, and yes, I have restarted Apache about a dozen times now. I even thought that perhaps I had two different Apaches running, but no, I have only one, the one under /usr/local/apache2, and I installed it myself a while back.

    Read the article

  • RewriteRule and php download counter

    - by rcourtna
    (1) I have a site that serves up MP3 files: http://domain/files/1234567890.mp3 (2) I have a php script that tracks file download counts: http://domain/modules/download_counter.php?file=/files/1234567890.mp3 After download_counter.php records the download, it redirects to the original file: Header("Location: $FQDN_url"); (3) I'd like all my public links to be presented as the direct file urls from (1). I'm trying to use Apache to redirect the requests to download_counter.php: RewriteRule ^files/(.+\.mp3)$ /modules/download_counter.php?file=/files/$1 [L] I'm currently stuck on (3), as it results in a redirect loop, since download_counter.php simply redirects the request back to the original file (rather than streaming the file contents). I'm also motivated to use download_counter.php as is (without modifying it's redirect behaviour). This is because the script is part of a larger CMS module, and I'd like to avoid complicating my upgrade path. Perhaps there is no solution to my problem (other than modifying the download_counter script). WDYT?

    Read the article

  • Mod_rewrite with multiple variables

    - by Andrei
    Hello, I'm using a PHP script that dynamically generates transparent PNGs for use as CSS backgrounds from a query string that takes RGBa and HSLa values. The original script can be found here, I've only added HSLa support. Because background URLs with PHP query strings aren't very pretty, and because it seems to break the IE 6 transparent PNG hack, I thought of using mod_rewrite to allow the script to be called when a .png with this syntax is called : /assets/colors/h[0-360 value]_s[0-100 value]_l[0-100 value]_a[0-100 value].png which would be rewritten to : /assets/colors.php?h=[0-360 value]&s=[0-100 value]&l=[0-100 value]&a=[0-100 value] Here's the issues I'm encountering : passing multiple variables with mod_rewrite using an underscore as a delimiter I know this could be done by passing a single variable and then exploding it in the PHP script, however I would prefer it to be done by Apache. Thanks in advance and if anyone wants my HSLa enabled version of the script just ask. Anyway I recommend you check it out on it's author's website.

    Read the article

  • .htaccess is not working at all

    - by shuja
    i want to change this url localhost/classAds/classInc/home.php to localhost/classAds/classInc/home/ for this i created .htacess file as follow, RewriteEngine On #Turn on the rewriting engine RewriteRule ^home/?$ home.php [NC,L] #Handle requests for "home" and put this file in C:\wamp\www\classAds and then C:\wamp\www\classAds\classInc but at both places it did not work,i checked Apache error log but nothing there. actually i an new to this thing.. any idea please??

    Read the article

  • RewriteRule to disregard a url variable

    - by tridat
    I have some pages indexed by Google, for example: /product.html?affiliateid=142 I want a rewrite rule to 301 redirect to the same page if there's an affiliateid=xxx So far I have this: RewriteCond %{QUERY_STRING} ^affiliateid=[0-9]+$ RewriteRule ^$ /test.html$ [L,R=301] But its not working, I need to get rid of the variable and get the page name somehow.

    Read the article

  • Apache setting mod_auth_ldap require settings per sub-directory

    - by Anthony
    I would like to set up a primary directory that has one set of LDAP-based restrictions and then have various sub-directories use other restrictions, but only have the actual LDAP search done in the base directory. For example: .htaccess per directory /Primary_Directory AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)" Require group cn=admins ../Open2All Require valid-user ../No_Admins_Allowed Require group cn!=admins So basically, the primary directory (in this example) can only be accessed by users who are in the admins group, while the first sub-directory can be accessed by anyone in the directory, and the second sub-folder can be reached by anyone who is NOT in the admin-group. But I only want to set the Require line for the sub-directories, and not re-setup the LDAP query on each sub-directory. Is this possible, even though there are clear permissions conflicts from level to level? Does the deepest .htaccess file know that the Require line refers to the LDAP search in the parent folder?

    Read the article

  • PATH_INFO in Apache is eating the first part of the path. Why?

    - by makenai
    I'm writing a simple mod_perl handler that relies on $r-path_info() to do some request routing. However, I find that it's always eating the first part of PATH_INFO when mounted on root. Let's say that the handler just prints the value of $r-path_info: <Location /TEST> PerlHandler MyHandler </Location> Request: /TEST/123 Expected PATH_INFO: /123 Got PATH_INFO: /123 (yay!) <VirtualHost *:80> # or <Location /> for that matter PerlHandler MyHandler </VirtualHost> Request: /123 Expected PATH_INFO: /123 Got PATH_INFO: nothing! (boo!) Request: /TEST/123 Expected PATH_INFO: /TEST/123 Got PATH_INFO: /123 (boo!) What's happening here and how can I fix it to get the results I expect?

    Read the article

  • mod_rewrite: remove trailing slash (only one!)

    - by tshabalala
    Hello. I use mod_rewrite/.htaccess for pretty URLs. I'm using this condition/rule to eliminate trailing slashes (or rather: rewrite to the non-trailing-slash-URL, by a 301 redirect; I'm doing this to avoid duplicate content and because I like URLs with no trailing slashes better): RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{HTTP_HOST} !^\.localhost$ [NC] RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L] Working well so far. Only drawback: it also forwards "multiple-trailing-slash"-URLs to non-trailing-slash-URLs. Example: http://example.tld/foo/bar////// forwards to http://example.tld/foo/bar while I only want http://example.tld/foo/bar/ to forward to http://example.tld/foo/bar. So, is it possible to only eliminate trailing slashes if it's actually just one trailing slash? Sorry if this is a somewhat annoying or weird question! Thanks.

    Read the article

  • .htaccess for displaying the .html files

    - by user310850
    I have three files in a folder 'test' one.php two.php print.html And i have .htaccess file in the same folder RewriteEngine On RewriteBase /test/ RewriteRule ^(.+)\.html$ $1\.php [L] if we take the print.html in browser , there will be error , because of .htaccess file, for there is no 'print.php' page How can we solve it , by modifing the .htaccess file. So that while taking the print.html, it should display in the browser

    Read the article

  • WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

    - by Tom
    I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

    Read the article

  • RewriteRule to store thousands of files in subdirectories

    - by Brandon
    I have a website that will have millions of pages in a directory. I'd like to store those files on-disk in a bunch of subdirectories based on the first characters of the page name. For example http://mysite.com/hugedir/somefile.html would be stored in /var/www/html/hugedir/s/o/m/e/f/ile.html That is fairly trivial to do with a RewriteRule like so: RewriteRule ^hugedir/(.)(.)(.)(.)(.)(.*).html /hugedir/{$1}/{$2}/{$3}/{$4}/{$5}/$6.html RewriteRule ^hugedir/(.)(.)(.)(.)(.*).html /hugedir/{$1}/{$2}/{$3}/{$4}/{$5}.html RewriteRule ^hugedir/(.)(.)(.)(.*).html /hugedir/{$1}/{$2}/{$3}/{$4}.html RewriteRule ^hugedir/(.)(.)(.*).html /hugedir/{$1}/{$2}/{$3}.html RewriteRule ^hugedir/(.)(.*).html /hugedir/{$1}/{$2}.html RewriteRule ^hugedir/(.*).html /hugedir/{$1}.html However, the file name may contain hyphens or other non-standard characters and I'd really like to avoid having a directory named with a strange character. Ideally, I'd like to have a list of 'approved' characters and either eliminate or transform the unapproved characters to an underscore. Can anybody think of a way to do that? Or something else equivalent? Part of the requirement is that these be physical files on disk and it not be parsed with a scripting language.

    Read the article

  • does it make sense to send password information during email communication from websites

    - by Samuel
    Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >