Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 203/596 | < Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >

• Securing an ajax request

  - by asdasdsa

  i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

  Read the article

• My mod_rewrite won't work, what's wrong?

  - by Tim Rogers

  I have the following rewrite rule, but nothing is hapenning at all when I try to use it. I have the file in the directory server.blahblahblah.com/todo and the following is my .htaccess file: Options +FollowSymLinks Options +Indexes RewriteEngine On RewriteBase / RewriteRule ^tasks/view/([0-9]+)?/$ controller.php?task=view&id=$1 RewriteRule ^tasks/view/([0-9]+).xml$ controller.php?task=viewxml&id=$1 RewriteRule ^tasks/new?/$ controller.php?task=new RewriteRule ^tasks/delete/([0-9]+)?/$ controller.php?task=delete&id=$1 RewriteRule ^tasks/completed/([0-9]+)?/$ controller.php?task=complete&id=$1 RewriteRule ^tasks?/$ controller.php?task=home Does anyone know why this won't work at all? Thanks, Tim

  Read the article

• Creating a virtual, data-driven section of a Wordpress-powered site

  - by lgomez

  Hello all, I want to create a plugin for wordpress to automatically serve pages containing data pulled from a provider's API. The API returns one or more records containing data for that record and I simply want to have the plugin intercept the request, call the API with parameters pulled from the request URI and display the data using a template that I can either let them upload to the server or let them copy and paste into the plugins admin settings. For example, I may want one of my wordpress installations to show products pulled from such an API under the url "example.com/products". The plugin would catch that request, extract the variables from the URL, call the API and render the template with the returned results. I'd like to avoid requiring editing the .htaccess file like some caching plugins do. Some of the admins of these pages won't know how to do that or simply won't have access to the .htaccess file. Thanks!

  Read the article

• Disadvantages of hard coding credentials? What's the resolution?

  - by SeeBees

  I am building a Sharepoint web part that will be used by all users. The web part connects to a web service which needs credentials with higher privileges than common users. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, source code of the web apart is available to people who are not allowed to see the credential. This is bad enough, But is there any other drawback of this approach? How to prevent hard coding credentials into the source code? Thanks

  Read the article

• How to capture a 'sub-section' of a URL in a rewrite rule?

  - by George Edison

  I know the title is a little bit strange, but here is what the URLs look like: /user/xxx/page /user/xxx/page?error=yyy The rule for the first URL looks something like this: RewriteRule ^user/(\d+)/page$ something.pl?id=$1 [L] And to make it work with the second URL, it becomes: RewriteRule ^user/(\d+)/page(error=\d+)?$ something.pl?id=$1 [L] My question is... how do I capture the error number? I tried both of these: RewriteRule ^user/(\d+)/page(error=(\d+))?$ something.pl?id=$1&error=$2 [L] RewriteRule ^user/(\d+)/page(error=(\d+))?$ something.pl?id=$1&error=$3 [L] But it isn't working... How can I do this?

  Read the article

• Sending passwords over the web

  - by Falmarri

  So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes. This is what the server looks like (in pseudocode) $pass = $_POST['pass']; if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS; This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

  Read the article

• MD5 password twice

  - by NoviceCoding

  I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

  Read the article

• How Can I optimize this RewriteEngine Code?

  - by Lucki Mile

  I have server overload, server admin said that this issue is caused from htaccess file This is the code: RewriteEngine On RewriteBase /here/ RewriteRule ^top/?$ index.php?mode=top [QSA] RewriteRule ^top/video/?$ index.php?mode=top&cat=vids [QSA] RewriteRule ^top/picture/?$ /index.php?mode=top&cat=pics [QSA] RewriteRule ^random$ index.php?mode=random [QSA] RewriteRule ^random/video/?$ index.php?mode=random&cat=vids [QSA] RewriteRule ^random/picture/?$ index.php?mode=random&cat=pics [QSA] RewriteRule ^new/?$ index.php [QSA] RewriteRule ^new/video/?$ index.php?mode=&cat=vids [QSA] RewriteRule ^new/picture/?$ index.php?mode=&cat=pics [QSA] RewriteRule ^video/([0-9]+)_(.*)$ item.php?cat=vids&id=$1 [QSA] RewriteRule ^picture/([0-9]+)_(.*)$ item.php?cat=pics&id=$1 [QSA] ErrorDocument 404 /item.php

  Read the article

• Pointing a domain to a subscription based web-app?

  - by jefff

  Hello everyone, I'm about to start building a subscription based website that will function much like 37signals offerings in terms of users paying a monthly fee to use the site. But in my case I would like for them to be able to use their own hosted domain names and have them point to my server. Is this possible? How do i link up the domain name with their account on my server? Thanks a mil!

  Read the article

• How to send file from C# to apache with mod_wsgi and python?

  - by SuitUp

  How to send file from C# to apache with mod_wsgi and python? It will be nice to see code example in both c# (client) and python (server).

  Read the article

• having trouble with a mod_rewrite rule

  - by Jeff

  want to rewrite urls like site.com/software to wp-content/themes/dir/software.php and something is not working.. Here's what I have: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] RewriteRule ^software wp-content/themes/dir/software.php [L] Thanks!

  Read the article

• I'm trying to implement 2 factor authentication on the cheap. How would I do that?

  - by Biff MaGriff

  Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user. Is this a valid method of 2 factor authentication? What is another way of doing this? Are there any pitfalls that I should be aware of? Thanks for your help!

  Read the article

• Using htaccess rewrite to make a subdirectory be its own root for root relative path requests

  - by Scott

  Can I use htaccess to capture requests from a certain subdirectory and make that directory use itself as the root directory for any root relative path requests? For example if I have... http://www.example.com/subFIXED/subANY/restofpath ...where subFIXED is always the same directory, subANY is any immediate subdirectory of subFIXED, and I want a redirection of all href/src requests from any file under subANY to use subANY as the 'root' (sort of like a subdomain), in effect having root level requests use this as the root directory level: http://www.example.com/subFIXED/subANY/ Instead of this: http://www.example.com/ I'm assuming I can put an htaccess file in subFIXED to handle all calls coming from anything under any subANY, but not being very familiar with htaccess rewriting, variables, etc., I can't figure out how to capture which subANY directory is making the root level request and then use that capture to make a rewrite to consider that directory the root level of any root relative path requests from it. Thanks for your help

  Read the article

• web site in pure php with clean url

  - by Testadmin

  Hi I have enabled mod_rewrite in my Xampp apache. When I run my php info page, I saw mod_rewrite under Loaded Modules. So I think it's enabled. Then I create a folder clean-url under htdocs. Inside clean-url folder I have 3 files 1) index.php here I put Welcome 2) Test. php 3) .htaccess Here I put RewriteEngine On RewriteRule ^([a-z]+)/([a-z-]+)$ /$1/$2.php [L] I want to run the index page, and by clicking on that hyper link I want to display the test.php page with URL mydomain/clean-url/test I know I am in a wrong path. Does any one help me? Or correct me? ALso i don't know any idea about url rewriting and .htaccess. Please help me.

  Read the article

• mod_rewrite params inversion

  - by Fernando Constantino

  How can I create the mod_rewrite rule so I can convert the following URLs: From: domain/something/param/action ex:domain/cities/Chicago/view to: domain/something/action.php?param1=param ex: domain/cities/view.php?city=Chicago Changing to cities/view/Chicago cannot be an alternative. Thanks in advance.

  Read the article

• Django urlconf AND .htaccess rewrites, is this possible?

  - by Infinity

  Is it possible to have Apache htaccess rewrites take effect before it hits django? For example so I can redirect iPhone users to a completely different domain without even hitting django. Thanks

  Read the article

• Remove .php extension (explicitly written) for friendly URL

  - by miquel

  htaccess to remove the .php extension of my site's files. RewriteEngine on RewriteBase / RewriteCond %{SCRIPT_FILENAME} !-d RewriteCond %{SCRIPT_FILENAME} !-f RewriteRule ^(.*)$ $1.php [L,QSA] Now, if I go to my site www.mysite.com/home works fine, it redirects to home.php but the URL is still friendly. But if I write this URL: www.mysite.com/home.php The home.php is served, and the URL is not friendly. How can I avoid this behavior? I want that if the user writes www.mysite.com/home.php, the URL displayed in the URL bar be www.mysite.com/home

  Read the article

• Getting rid of index.php in the URL when using recess framework and lighttpd

  - by spudnik1979

  I am using the recess php framework with lighttpd Does anyone know how I can use the shorter urls of: http://www.myserver.com/recess Instead of: http://www.myserver.com/index.php/recess The recess readme file says that if I have mod_rewrite I can use the shorter url: -- "Do you have mod_rewrite? -- Yes: Open your browser to the location you unzipped -- No: Open your browser to the location you unzipped followed by index.php" I do have mod_rewrite enabled on lighttpd and i have removed the index.php but I get a 404. Do I need any special rules in my lighttpd.conf?

  Read the article

• Simple problem with mod_rewrite in the Fat Free Framework

  - by ian

  I am trying to setup and learn the Fat Free Framework for PHP. http://fatfree.sourceforge.net/ It's is fairly simple to setup and I am running it on my machine using MAMP. I was able to get the 'hello world' example running just fin: require_once 'path/to/F3.php'; F3::route('GET /','home'); function home() { echo 'Hello, world!'; } F3::run(); But when I try to add in the second part, which has two routes: require_once 'F3/F3.php'; F3::route('GET /','home'); function home() { echo 'Hello, world!'; } F3::route('GET /about','about'); function about() { echo 'About Us.'; } F3::run(); I get a 404 error if I try the second URL: /about Not sure why one of the mod_rewrite commands would be working and not the other. Below is my .htaccess file: # Enable rewrite engine and route requests to framework RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-l RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule .* index.php [L,QSA] # Disable ETags Header Unset ETag FileETag none # Default expires header if none specified (stay in browser cache for 7 days) <IfModule mod_expires.c> ExpiresActive On ExpiresDefault A604800 </IfModule>

  Read the article

• Codeigniter .htaccess not working in subdirectory

  - by xzdead

  I have this codeingniter project structure webRoot | |/application | | | |/controllers | | | |/admin | |/public | | | |/admin | | | | | |/css | | |/img | |/css | |/img And this is my .htacess file, located in /public. I use this in every local project running xampp: <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php/$1 [L] </IfModule> <IfModule !mod_rewrite.c> # If we don't have mod_rewrite installed, all 404's # can be sent to index.php, and everything works as normal. # Submitted by: ElliotHaughin ErrorDocument 404 /index.php </IfModule> It works fine in localhost, but doesn't work in a dreamhost server. I always get "no input file specified". So after searching the web and trying lots of combinations, the best I got is this .htaccess file: Options +FollowSymLinks RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] With this one, if I go to http://development.mydomain.com - I see the codeigniter welcome page But if I go to: http://development.mydomain.com/admin - I see the directory listing of /public/admin and doesn't execute the controller in /application/controllers/admin Again, if I go to: http://development.mydomain.com/admin/admin - I see the private area, it executes the controller and goes to the default controller defined in routes, "dashboard" This works fine too: http://development.mydomain.com/admin/dashboard I have set in my config file: $config['index_page'] = ''; $config['base_url'] = ''; $config['uri_protocol'] = 'AUTO'; I think that whatever is wrong in my .htaccess is causing other path issues I have with my project. Any help would be great. Thanks to all in advance EDIT: I removed this line: RewriteCond %{REQUEST_FILENAME} !-d because admin directory exists, that's why I see the public directory listing. But now I see the codeigniter welcome page when I go to http://development.mydomain.com/admin So now my .htaccess file looks like: Options +FollowSymLinks RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] #RewriteRule ^(.*)$ /index.php?/$1 [L] I also tried with the commented RewriteRule but I get the same result.

  Read the article

• Apache Rewrite Exclusion

  - by dtufano

  Hey guys! I'm having trouble figuring out how to exclude /public/bin from this rewrite rule RewriteCond %{REQUEST_URI} !firerift.php RewriteRule ^(.*)$ firerift.php/$1 [L,QSA,NC] Any help would be appreciated.

  Read the article

• How to send file from C# to apache with mod_wsgi (django) and python?

  - by SuitUp

  How to send file from C# to apache with mod_wsgi (django) and python? It will be nice to see code example in both c# (client) and python (server).

  Read the article

• Zend Server CE Apache mod_rewrite REQUEST_FILENAME SCRIPT_FILENAME Problem

  - by liumiuyong

  Hi,there! I use this .htaccess file in a project: RewriteCond %{SCRIPT_FILENAME} !-f RewriteCond %{SCRIPT_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] It works well in Apache 2.2 Recently I started to use Zend Server CE , the ReWrite Rule didn't work ! And this works: RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] This is what Apache's document say: The variables SCRIPT_FILENAME and REQUEST_FILENAME contain the same value - the value of the filename field of the internal request_rec structure of the Apache server. The first name is the commonly known CGI variable name while the second is the appropriate counterpart of REQUEST_URI (which contains the value of the uri field of request_rec). Anyone can figure out why? Appreciate!

  Read the article

• Can Spring access-denied-handler refer to popup?

  - by Rens Groenveld

  I am working with Spring Security 3.1.x and have implemented method annotation securities. As I want, when I perform a certain action while being logged in as a used that doesn't have the rights, I get a 403 acces is denied in my console! Perfect! Now I would like to catch this 403, and give the user a popup with a custom message. I don't want to redirect users to a page saying that they have no rights. Is there any way the access-denied-handler of Spring can take care of a popup? Or can it only redirect to another page? Maybe there are other options for me? Thanks in advance!

  Read the article

• Website image caching with Apache

  - by Piskvor

  How can I get static content on Apache to be {cached by browser} and not {checked for freshness {with every request}}? I'm working on a website hosted on Apache webserver. Recently, I was testing something with headers (Content-Type for different types of content) and saw a lot of conditional requests for images. Example: 200 /index.php?page=1234&action=list 304 /favicon.ico 304 /img/logo.png 304 /img/arrow.png (etc.) Although the image files are static content and are cached by the browser, every time an user opens a page that links to them, they are conditionally requested, to which they send "304 Not Modified". That's good (less data transferred), but it means 20+ more requests with every page load (longer page load due to all those round-trips, even with Keep-Alive and pipelining enabled). How do I tell the browser to keep the existing file and not check for newer version? EDIT: the mod_expires method works, even with the favicon.

  Read the article

< Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >