Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 205/596 | < Previous Page | 201 202 203 204 205 206 207 208 209 210 211 212 | Next Page >

Configure Django project in a subdirectory using mod_python. Admin not working.

- by David

HI guys. I was trying to configure my django project in a subdirectory of the root, but didn't get things working.(LOcally it works perfect). I followed the django official django documentarion to deploy a project with mod_python. The real problem is that I am getting "Page not found" errors, whenever I try to go to the admin or any view of my apps. Here is my python.conf file located in /etc/httpd/conf.d/ in Fedora 7 LoadModule python_module modules/mod_python.so SetHandler python-program PythonHandler django.core.handlers.modpython SetEnv DJANGO_SETTINGS_MODULE mysite.settings PythonOption django.root /mysite PythonDebug On PythonPath "['/var/www/vhosts/mysite.com/httpdocs','/var/www/vhosts/mysite.com/httpdocs/mysite'] + sys.path" I know /var/www/ is not the best place to put my django project, but I just want to send a demo of my work in progress to my customer, later I will change the location. For example. If I go to www.domain.com/mysite/ I get the index view I configured in mysite.urls. But I cannot access to my app.urls (www.domain.com/mysite/app/) and any of the admin.urls.(www.domain.com/mysite/admin/) Here is mysite.urls: urlpatterns = patterns('', url(r'^admin/password_reset/$', 'django.contrib.auth.views.password_reset', name='password_reset'), (r'^password_reset/done/$', 'django.contrib.auth.views.password_reset_done'), (r'^reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'django.contrib.auth.views.password_reset_confirm'), (r'^reset/done/$', 'django.contrib.auth.views.password_reset_complete'), (r'^$', 'app.views.index'), (r'^admin/', include(admin.site.urls)), (r'^app/', include('mysite.app.urls')), (r'^photologue/', include('photologue.urls')), ) I also tried changing admin.site.urls with ''django.contrib.admin.urls' , but it didn't worked. I googled a lot to solve this problem and read how other developers configure their django project, but didn't find too much information to deploy django in a subdirectory. I have the admin enabled in INSTALLED_APPS and the settings.py is ok. Please if you have any guide or telling me what I am doing wrong it will be much appreciated. THanks.

Read the article
mod_rewrite htaccess redirect on specific request

- by John

is there a way to make mod_rewrite redirect all urls contain the following request: ?do=page&f=* to a specific page? for example: http://example.com/index.php?do=page&f=2 http://example.com/index2.php?do=page&f=4 http://example.com/page.php?do=page&f=22 to: http://example.com/custom.php

Read the article
rewrite all requests from one folder to a parent folder htaccess

- by Neo

This one has me stumped, I need to re-write all requests to the javascript folder (js) to a special library handler system. e.g. rewrite http://localhost/admin/js/bar.js --> http://localhost/_lib/=admin/js/bar.js Any ideas? I have tried the following which creates an error RewriteCond %{REQUEST_URI} ^(.*)$ RewriteRule ^(.*)$ /%1/_lib/$1 [NC] (36)File name to long: cannot map GET /admin/js/bar.js to file

Read the article
mod_perl and libs

- by paulj3000

Hi, I just installed my system with Oracle 64bit Linux5.4 running Apache Server version: Apache/2.2.3 and mod_perl 2. Now, I have my perl libraries set in a specific path: /my/perl/libs and I have adjusted my httpd.conf to compensate for this (I added the below): SetEnv MY_LIBS /my/perl/libs and in my cgi I'm setting my environment to compensate: use lib($ENV{'MY_LIBS'}); Now the problem: Sometimes my perl modules will recognize the path of /my/perl/libs and call all the functions appropriately, and sometimes they won't, thus thowing a 500 error. Some observations: when I restart apache (/etc/init.d/httpd restart), things work fine but then the 500 error comes up. Are there any ideas? What should I be looking at? Thanks

Read the article
Secure to store an ID in an ASP.NET control ID?

- by Curtis White

I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

Read the article
does mod_rewrite output have to exist?

- by user788171

I am trying to use mod_rewrite to generate cleaner urls. I have the following in my .htaccess Options +FollowSymLinks RewriteEngine on RewriteBase / RewriteRule ^mypage.php$ https://%{HTTP_HOST}/mypage [R=301,L] The objective is to go from https://mysite.com/mypage.php to https://mysite.com/mypage This gives me a 404 error. I don't actually have the directory mypage/ existing. But from my understanding, I don't need to actually have mypage for mod_rewrite to work. What am I doing wrong?

Read the article
Apache/PHP is determined to serve the wrong file

- by Lucas

I have a page that is called with a url like http://testserver/path/to/foo/bar/ but apache is serving the wrong file altogether. /path/to/ is a real directory where all the code and .htaccess file is. foo/bar/ is supposed to redirect to foo_bar.php with a RewriteRule, but it never gets there. It's not a mod_rewrite issue as I have commented out all the rules that could be interfering, which should give me 404s for that request, but the same problem occurs: the file that is served is /path/to/foo.php, so in it I var_dump $_SERVER and get: REQUEST_URI = /path/to/foo/bar/ SCRIPT_NAME = /path/to/foo.php SCRIPT_FILENAME = /real/path/to/foo.php PATH_INFO = /bar/ PATH_TRANSLATED = /real/bar/ PHP_SELF = /path/to/foo.php/bar/ Why is this request being routed to this file at all?

Read the article
Secure xml messages being read from database into app.

- by scope-creep

I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

Read the article
Can you look to the order of multiple file with url rewritting

- by Frank

Let's say I have a html file (foo.html) that make a request to a xml file onload (bar.xml). Is it possible, using a rewritting engine (isapi_rewrite for example) to detect if the xml file is being 'hotlinked' or being loaded by the 'index.html'? Thank you.

Read the article
PHP - How to determine if request is coming from a specific file.

- by John

I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

Read the article
Hidden features of mod_rewrite

- by Owen

There seem to be a decent number of mod_rewrite threads floating around lately with a bit of confusion over how certain aspects of it work. As a result I've compiled a few notes on common functionality, and perhaps a few annoying nuances. What other features / common issues have you run across using mod_rewrite?

Read the article
How to use .htaccess to redirect to an url that includes a query parameter

- by wbervoets

Hi guys, I've been struggling with a redirect where the final URL includes a query parameter that is an URL. It seems htaccess is escaping some characters. Here is my htaccess: Code: RewriteRule ^mypath http s://www.otherserver.com/cookie?param1=123&redirectto=http://otherserver2.com/&param2=1 [L,R=302] First, if I put Code: http s://www.otherserver.com/cookie?param1=123&redirectto=http://otherserver2.com/&param2=1 in my browser address bar, www.otherserver.com will do its thing and then redirect to otherserver2 (including the &param2=1 which is a parameter of that URL and not of the URL otherserver.com) That's the behaviour I need :-) Now when I try to use the htaccess redirect from my site: http://mysite/mypath; the behaviour is not the same then putting the same URL in the browser address bar; it now tries to redirect to http ://otherserver2.com/ (no param2=1 anymore). (ps: otherserver1 and otherserver2 are not under my control.) I've tried escaping the redirectto parameter in my htaccess, like below, but it didn't work either: Code: http s://www.otherserver.com/cookie?param1=123&redirectto=http%3a%2f%otherserver2.com%2f%3fparam2%3d1 Because then my browser tries to go to httpotherserver.com (all special characters are gone) In the end I would like to see http ://mysite/mypath to show the contents of Code: http s://www.otherserver.com/cookie?param1=123&redirectto=http://otherserver2.com/&param2=1 (preferred solution) or do a redirect to that URL. I hope my message is not to confusing, I hope someone can help me out; as I've already spent hours on this :-)

Read the article
Best (or appropriate) WSGI server for this Python script? - Python

- by RadiantHex

Hi folks, I'm having quite a problem deciding how to serve a few Python scripts. The problem is that the basic functionality could be generalized by this: do_something() time.sleep(3) do_something() I tried various WSGI servers, but they have all been giving me concurrency limitations, as in I have to specify how many threads to use and so on. I only wish that the resources on the server be used efficiently and liberally. Any ideas?

Read the article
mod_rewrite to make a short URL

- by Chris Stewart

I have a url like: http://skepticalgamer.com/category/slam-the-controller I'd like to strip out "category" from the URL. So I'd want: http://skepticalgamer.com/slam-the-controller to act as if it were the original URL above. Is that something that can be done with mod_rewrite?

Read the article
What causes Apache Environment Variable set using mod_rewrite to have "redirect_" appended to name?

- by trowel

I am trying to set Apache environment variables (for use in PHP) with the [E=VAR:VAL] flag on RewriteRule rules in an .htaccess file. I have already discovered the variables are accessed in PHP as server variables $_SERVER rather than $_ENV (which makes a certain amount of sense). However, my problem is for some rules the [E=VAR:VAL] flag works as expected and I end up with a variable $_SERVER['VAR'] but for other rules I end with a variable $_SERVER['REDIRECT_VAR'] or $_SERVER['REDIRECT_REDIRECT_VAR'], etc A. What causes an Environment Variable set in Apache using the [E=VAR:VAL] flag to get renamed by having "REDIRECT_" appended to the front of the variable name? B. What can I do to make sure I end up with an Environment Variable with an unchanged name so I can access it in PHP as $SERVER['VAR'] without having to resort to checking for variations of the variable name having one of more instances of "REDIRECT" appended to the front of it?

Read the article
mod_rewrite with GET requests

- by iMaster

I have mod_rewrite working on most of my site. Right now I have a search that normally would point to search.php?keyword=KEYWORD And I'm trying to rewrite that to search/?keyword=KEYWORD Just to make it a little bit cleaner. So here's my mod_rewrite. (There are other rules I'm just posting the one that isn't working.) RewriteRule ^search/?keyword=([^/\.]+)/?$ search.php?search=$1 When I type a search in the address bar way I want it to be, I get a page telling me its a "broken link" (I'm guessing that that's Chrome's equivalent of a 404 error). So what am I doing wrong? I think that the problem is the '=' or the '?' sign in the rule (the first part) because when I take the ?keyword= part out, it works. Does that make sense?

Read the article
Error in django using Apache & mod_wsgi

- by Ignacio

Hey, I've been doing some changes to my django develpment env, as some of you suggested. So far I've managed to configure and run it successfully with postgres. Now I'm trying to run the app using apache2 and mod_wsgi, but I ran into this little problem after I followed the guidelines from the django docs. When I access localhost/myapp/tasks this error raises: Request Method: GET Request URL: http://localhost/myapp/tasks/ Exception Type: TemplateSyntaxError Exception Value: Caught an exception while rendering: argument 1 must be a string or unicode object Original Traceback (most recent call last): File "/usr/local/lib/python2.6/dist-packages/django/template/debug.py", line 71, in render_node result = node.render(context) File "/usr/local/lib/python2.6/dist-packages/django/template/defaulttags.py", line 126, in render len_values = len(values) File "/usr/local/lib/python2.6/dist-packages/django/db/models/query.py", line 81, in __len__ self._result_cache = list(self.iterator()) File "/usr/local/lib/python2.6/dist-packages/django/db/models/query.py", line 238, in iterator for row in self.query.results_iter(): File "/usr/local/lib/python2.6/dist-packages/django/db/models/sql/query.py", line 287, in results_iter for rows in self.execute_sql(MULTI): File "/usr/local/lib/python2.6/dist-packages/django/db/models/sql/query.py", line 2369, in execute_sql cursor.execute(sql, params) File "/usr/local/lib/python2.6/dist-packages/django/db/backends/util.py", line 19, in execute return self.cursor.execute(sql, params) TypeError: argument 1 must be a string or unicode object ... ... ... And then it highlights a {% for t in tasks %} template tag, like the source of the problem is there, but it worked fine on the built-in server. The view associated with that page is really simple, just fetch all Task objects. And the template just displays them on a table. Also, some pages get rendered ok. Don't want to fill this Question with code, so if you need some more info I'd be glad to provide it. Thanks

Read the article
Retrieve web user's Identity outside of request scope

- by Kendrick

I have an ASP.NET app that logs Audit reports using nHibernate's IPreUpdateListener. In order to set the current user in the Listener events, I was using System.Security.Principal.WindowsIdentity.GetCurrent(). This works fine when debugging on my machine, but when I move it to the staging server, I'm getting the ASP.NET process credentials, not the requesting user. In the ASP.NET page, I can use Request.LogonUserIdentity (which works fine since I'm using integrated authentication), but how do I reference this user directly without having to pass it directly to my event? I don't want to have to pass this info through the pipeline because it really doesn't belong in the intermediate events/calls.

Read the article
.htaccess url rewrite with ssl redirection

- by Stuart McAlpine

I'm having trouble combining a url query parameter rewrite (fancy-url) with a .htaccess ssl redirection. My .htaccess file is currently: Options +FollowSymLinks Options -Indexes ServerSignature Off RewriteEngine on RewriteBase / # in https: process secure.html in https RewriteCond %{server_port} =443 RewriteCond $1 ^secure$ [NC] RewriteRule ^(.+).html$ index.php?page=$1 [QSA,L] # in https: force all other pages to http RewriteCond %{server_port} =443 RewriteCond $1 !^secure$ [NC] RewriteRule ^(.+).html$ http://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] # in http: force secure.html to https RewriteCond %{server_port} !=443 RewriteCond $1 ^secure$ [NC] RewriteRule ^(.+).html$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] # in http: process other pages as http RewriteCond %{server_port} !=443 RewriteCond $1 !^secure$ [NC] RewriteRule ^(.+).html$ index.php?page=$1 [QSA,L] The fancy-url rewriting is working fine but the redirection to/from https isn't working at all. If I replace the 2 lines containing RewriteRule ^(.+).html$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] with RewriteRule ^(.+).html$ https://%{HTTP_HOST}/index.php?page=$1 [QSA,L] then the https redirection works fine but the fancy-url rewriting doesn't work. Is it possible to combine these two?

Read the article
Web Application - Authentication / Login Framework

- by user456563

This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

Read the article
Django AND .htaccess rewrites/redirects, is this possible?

- by Infinity

Is it possible to have Apache htaccess rewrites take effect before it hits django? For example so I can redirect iPhone users to a completely different domain without even hitting django. We're using apache2 with mod_wsgi and the apache vhost looks like this: <VirtualHost *:80> DocumentRoot /usr/local/www/site/static Alias /css/ /usr/local/www/site/static/css/ Alias /js/ /usr/local/www/site/static/js/ Alias /img/ /usr/local/www/site/static/img/ Alias /flash/ /usr/local/www/site/static/flash/ <Directory /usr/local/www/site/static> AllowOverride All Order allow,deny Allow from all </Directory> WSGIDaemonProcess mallorca-site threads=15 WSGIScriptAlias / /usr/local/www/site/config/dev/dev.wsgi </VirtualHost> Thanks

Read the article
Leaving SQL Management open on the internet

- by Tim Fraud

I am a developer, but every so often need access to our production database -- yeah, poor practice, but anyway... My boss doesn't want me directly on the box using RDP, and so we decided to just permit MS SQL Management Console access so that I can do my tasks. So right now we have the SQL box somewhat accessible on the internet (on port 1433 if I am not mistaken), which opens a security hole. But I am wondering, how much of an uncommon practice is this, and what defaults should I be concerned about? We use MSSQL2008 and I created an account that has Read-Only access, because my production tasks only need that. I didn't see any unusual default accounts with default passwords on the system, so I would be interested to hear your take. (And of-course, is there a better way?)

Read the article
Established javascript solution for secure registration & authentication without SSL

- by Tomas

Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

Read the article
RewriteCond and RewriteRule in .htaccess

- by RD

I have a client folder located at http://www.example.com/client However, I've now installed SSL on the server, and want to add a permanent redirect using HTACCESS so that whenever /client is accessed, that it redirects to: https://www.example.com/client Anybody know how to do that? I've redirected my domains in the past like this: RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] RewriteCond %{HTTP_HOST} ^www.example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] This should not affect the solution, but the site must still redirect to www.example.com FIRST, and then to https://www.example.com/client if for example, http://www.example.co.za/client is entered.

Read the article
URL rewrite to remove parameters

- by samoyed

Hello to all, I'm working on a site where all the pages are actually index.php + a 'name' parameter that is analyzed and loads the appropriate template and content. the homepage url is: http://www.some_site.com/?page=homepage 1. i was asked to "change" the homepage url to: http://www.some_site.com can i use url rewite and htaccess for that and if so, what should i write there? working on my local machine, i tried this code (mode rewrite is enabled): <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteRule /index.php /index.php?page=homepage </IfModule> i would still need the 'name' parameter to be available to the php code of course, so i can load the template and css files. 2. it would be nice for other pages (not homepage) to be converted from (example) http://www.some_site.com/?page=products to: http://www.some_site.com/products this is less crucial. thanx in advance and have a nice day :-)

Read the article

< Previous Page | 201 202 203 204 205 206 207 208 209 210 211 212 | Next Page >