Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 207/596 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

• How do i convert this Mod_rewrite rule to nginx

  - by bacho

  This is the Htacces rule: RewriteEngine on RewriteRule ^([A-Za-z0-9-]+)/?$ ir.php?id=$1 how should I pass it to a Nginx compliant rewrite rule... i read the doc and did this: rewrite ^([A-Za-z0-9-]+)/?$ ir.php?id=$1 last; But didnt work. and another question: Is there any equivalent of .htaccess to Nginx (per directory rules) Thanks

  Read the article

• apache mod_rewrite making permanent url problem

  - by Yc Zhang

  In file .htaccess <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^\/*get_post\/(.*)$ get_post.php?slug=$0 [L] </IfModule> If I type http://example.com/get_post/abcde, I get an empty array of $_GET variable. How can I achieve the effect like this: http://example.com/get_post?slug=abcde

  Read the article

• .htaccess trickery multi-language website

  - by user1658741

  I have a website right now that uses two languages (french and english) The way it works right now is that if someone goes to mysite.com/folder/file.php for example, file.php is simply a script that figures out which language to use, get's it's own path and filename(file.php) and serves up mysite.com/en/folder/file.php (if the language is english). However what shows up in the URL is still mysite.com/folder/file.php. For any folder and any file the same script is used. If I want to add a new file I have to add the file to the folder the user types into the browser as well to the en and fr folders. Could I do some .htaccess trickery so that whatever URL is typed, one .php file gets open that checks the language and what folder/file was requested and then serves up the correct language file? here's the php file that is served up for any files in the URL. <?php // Get current document path which is mirrored in the language folders $docpath = $_SERVER['PHP_SELF']; // Get current document name (Used when switching languages so that the same current page is shown when language is changed) $docname = GetDocName(); //call up lang.php which handles display of appropriate language webpage. //lang.php uses $docpath and $docname to give out the proper $langfile. //$docpath/$docname is mirrored in the /lang/en and /lang/fr folders $langfile = GetDocRoot()."/lang/lang.php"; include("$langfile"); //Call up the proper language file to display function GetDocRoot() { $temp = getenv("SCRIPT_NAME"); $localpath=realpath(basename(getenv("SCRIPT_NAME"))); $localpath=str_replace("\\","/",$localpath); $docroot=substr($localpath,0, strpos($localpath,$temp)); return $docroot; } function GetDocName() { $currentFile = $_SERVER["SCRIPT_NAME"]; $parts = Explode('/', $currentFile); $dn = $parts[count($parts) - 1]; return $dn; } ?>

  Read the article

• Securing Web Services approach valid?

  - by NBrowne

  Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article: http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not? thanks

  Read the article

• Url mod_rewrite for static chained pages

  - by user1121487

  How can I achieve this with mod_rewrite? from: .com/index.php?menu=home to: .com/home AND from: .com/index.php?menu=home&list=hello to: .com/home/hello ALSO (without the folder hierarki) from: .com/index.php?menu=home&list=hello to: .com/hello I'm using this for the first one: RewriteRule ^([^/\.]+)/?$ index.php?menu=$1 [L] But how to I connect them if there are multiple variables? Tried this: RewriteRule ^([^/]*)/([^/]*)?$ index.php?home=$1&list=$2

  Read the article

• How to only allow users to a page through a rewrite?

  - by Pietu1998

  I have a website where I am using SSI to include some stuff to the front page. However, I'd like to show users an URL that ends with .html. I have accomplished that via a .htaccess and mod_rewrite redirect. RewriteRule ^index\.html$ index.shtml [PT,L] Also, I am using another redirect pointing to this URL to internally load the pages' content with JavaScript (example.html to index.html#example.html) with a condition for not redirecting index.html. Now, I'd like to make the .shtml page 403 Forbidden. This is also easy: RewriteRule ^index\.shtml - [F] But, now index.html also gets forbidden. I have tried adding L to the .html-to-.shtml rule, but this doesn't help. How could this problem be solved?

  Read the article

• Mod_rewrite on all website images

  - by Esteve Camps

  I'm designing an image repository. I want to uncouple the filename from the image html link. For instance: image in filesystem is called images/items/12543.jpg HTML is <img src="images/car.jpg" /> Does anyone strongly discourages me to rewrite all image requests using PHP so when retrieving images/car.jpg, Apache really replies content from images/items/12543.jpg? I don't know if I may get performance problems.

  Read the article

• Converting IIS Redirect to .htaccess

  - by user1641321

  I am having trouble getting the rewrite to work on an apache server. The end result is so i can make subdomains on the fly just by adding a directory. For example anysubdomain.domain.com will redirect to domain.com/anysubdomain and still appear as anysubdomain.domain.com. Is there anyone out there that convert this for me? <rewrite> <rules> <rule name="Subdomain Redirect" patternSyntax="ECMAScript" stopProcessing="true"> <match url="^(.*)$" /> <conditions trackAllCaptures="true"> <add input="{HTTP_HOST}" pattern="^www\.obdevsite\.com" negate="true" /> <add input="{HTTP_HOST}" pattern="^(.*)\.obdevsite\.com" /> <add input="{REQUEST_URI}" pattern="^(.*)$" /> </conditions> <action type="Rewrite" url="/{C:1}/{C:2}" appendQueryString="false" /> </rule> </rules> </rewrite>

  Read the article

• HTACCESS redirection with a word replacement in url

  - by Marwen

  I'm having trouble with this reg expression which i belive is correct, but it is not working. What im trying to do is redirect bunch of urls containing a specific string like this: http://www.example.com/**undesired-string**_another-string to http://www.example.com/**new-string**_another-string and http://www.example.com/folder/**undesired-string**/another-string to http://www.example.com/folder/**new-string**/another-string So i have this code in the .htaccess: <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule (.+)+(undesired-string)+(.+) $1new-string$2 [R=301,L] </IfModule> This should replace ANY undesired-string in any url to new-string, but it is not working, any idea why ? Thank you

  Read the article

• Error in django using Apache & mod_wsgi

  - by Ignacio

  Hey, I've been doing some changes to my django develpment env, as some of you suggested. So far I've managed to configure and run it successfully with postgres. Now I'm trying to run the app using apache2 and mod_wsgi, but I ran into this little problem after I followed the guidelines from the django docs. When I access localhost/myapp/tasks this error raises: Request Method: GET Request URL: http://localhost/myapp/tasks/ Exception Type: TemplateSyntaxError Exception Value: Caught an exception while rendering: argument 1 must be a string or unicode object Original Traceback (most recent call last): File "/usr/local/lib/python2.6/dist-packages/django/template/debug.py", line 71, in render_node result = node.render(context) File "/usr/local/lib/python2.6/dist-packages/django/template/defaulttags.py", line 126, in render len_values = len(values) File "/usr/local/lib/python2.6/dist-packages/django/db/models/query.py", line 81, in __len__ self._result_cache = list(self.iterator()) File "/usr/local/lib/python2.6/dist-packages/django/db/models/query.py", line 238, in iterator for row in self.query.results_iter(): File "/usr/local/lib/python2.6/dist-packages/django/db/models/sql/query.py", line 287, in results_iter for rows in self.execute_sql(MULTI): File "/usr/local/lib/python2.6/dist-packages/django/db/models/sql/query.py", line 2369, in execute_sql cursor.execute(sql, params) File "/usr/local/lib/python2.6/dist-packages/django/db/backends/util.py", line 19, in execute return self.cursor.execute(sql, params) TypeError: argument 1 must be a string or unicode object ... ... ... And then it highlights a {% for t in tasks %} template tag, like the source of the problem is there, but it worked fine on the built-in server. The view associated with that page is really simple, just fetch all Task objects. And the template just displays them on a table. Also, some pages get rendered ok. Don't want to fill this Question with code, so if you need some more info I'd be glad to provide it. Thanks

  Read the article

• Problem compiling mod_wsgi for python2.6 on Cent OS 5.3

  - by webdev

  I am running a website on CentOS 5.3. I understand centos will break if the default python 2.4 is upgraded. I followed this site (http://www.question-defense.com/2009/12/25/how-to-install-python-2-6-on-centos-5-without-breaking-yum) and got python 2.6 installed. Now if I run "python" it runs python2.4 and if I run "python26" it runs python2.6. I am trying to compile mod_wsgi-3.2. When it run ./configure it takes only python 2.4 environment. I have tried using the --with-python=/usr/bin/python26. That way, "make" command does not work. Can someone throw some light on this? Thanks in advance

  Read the article

• Can I suppress or enforce URLs to be prefaced with http:// in ALL browsers?

  - by Ryan Dunlap

  I want to ensure that regardless of what browser a user is in, they all see the EXACT same characters in the URL bar. Most browsers show the preceding protocol type in the URL bar. However, Chrome for example truncates http:// (not sure about https) and starts with the domain name, ie: Chrome: stackoverflow.com/questions/ask Safari: http://stackoverflow.com/questions/ask So, is there a way to either suppress the http:// in all browsers, or even enforce it in all browsers? Preferably suppress.

  Read the article

• mod_rewrite: check if isn't a certain domain

  - by weingage

  I'm migrating some code from a working web app, but can't get it to work on the new server. Everything seems to be configured correctly, but I'm getting internal redirect limit errors in Apache2. Here are my rewrites and explanation This WORKS - any subdomains that aren't cdn. or manage. should be redirected to u.php RewriteCond %{HTTP_HOST} ^(^.*)\.mediasprk\.com$ [NC] RewriteCond ^(.*)$ !^(cdn|manage)$ RewriteCond %{REQUEST_URI} !\.(png|gif|jpg)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ u.php?uri=$1&hostName=%{HTTP_HOST} This is no longer working. Goal here is to handle CName pointing. So if it's not my app domain (mediasprk.com), then handle it by sending it to u.php. RewriteCond %{HTTP_HOST} !^mediasprk\.com$ [NC] RewriteCond %{REQUEST_URI) !\.(png|gif|jpg)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ u.php?uri=$1&hostName=%{HTTP_HOST} Can anyone see the issue here in the second block that would cause the redirect limit errors? Maybe something wrong in the rewrites? Thanks.

  Read the article

• Images with unknown content: Dangerous for a browser?

  - by chris_l

  Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

  Read the article

• Is there any way to generate a set of JWebUnit tests from an apache rewrite config?

  - by robbbbbb

  Seems unlikely, but is there any way to generate a set of unit tests for the following rewrite rule: RewriteRule ^/(user|group|country)/([a-z]+)/(photos|videos)$ http:/whatever?type=$1&entity=$2&resource=$3 From this I'd like to generate a set of urls of the form: /user/foo/photos /user/bar/photos /group/baz/videos /country/bar/photos etc... The reason I don't want to just do this once by hand is that I'd like the bounded alternation groups (e.g. (user|group|country)) to be able to grow and maintain coverage without having the update the tests by hand. Is there a rewrite rule or regex parser that might be able to do this, or am I doing it by hand?

  Read the article

• asp.net impersonation identity: Where does it come from?

  - by Rising Star

  Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

  Read the article

• Htaccess help, $1 being used before its set??? what?

  - by jiexi

  I have this snippet RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond $1 !^(index\.php|images|img|css|js|robots\.txt) RewriteRule (.*) index.php?/$1 [L] It won't allow me to access a file at website.com/js/main.php but it will let me access index.php According to my webhost, $1 is being called before it is set. Any solutions? I'll accept answers when i get back tomorrow. Thank you!

  Read the article

• Why is using a Non-Random IV with CBC Mode a vulnerability?

  - by The Rook

  I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

  Read the article

• Subdomain to folder htaccess

  - by mikelbring

  I am trying to point sub.domain.com to domain.com/app/*sub, but the farthest I can get is making it a redirection and I do not want it to redirect. Here is what I have, it works but it redirects it instead of staying on the subdomain, which is what I want. RewriteCond %{HTTP_HOST} ^(.*).example.com RewriteCond %{HTTP_HOST} !^www.example.com [NC] RewriteRule ^(.*)$ http://example.com/app/%1/$1 [L]

  Read the article

• mod_rewrite rule for all urls except ones with some words

  - by zlog

  How do I write a mod_rewrite regulare expression rule that is the opposite of this: ^(.+)/path/(page1|page2)+$ ie, I want all pages except blah/path/page1 and blah/path/page2 to redirect to another path, where the x in blah/path/x is used in the new path. For example, I'd like write a rewrite rule like: RewriteRule some_regex /index.php?path/show/$1 [L] where some_regex would pull out the last component of a url in the format: /something/path/some_param to redirect to /index.php/path/show/some_param I'm trying to use ! and [^] syntax, but I don't quite understand how these work, especially when they involve words not single characters.

  Read the article

• .htaccess for multiple application in Kohana V3

  - by khairil

  Hi I have setup multiple application in Kohana v3, it works normally without enabling .htaccess (to remove index.php or admin.php) my setup + system/ + modules/ + applications/ + public/ + bootstrap.php + ... + admin/ + bootstrap.php + ... + index.php (for 'public' application) + admin.php (for 'admin' application) so to access the frontend sample url will be; http://mydomain.com/index.php/(controller_name)/... and to access administration site; http://mydomain.com/admin.php/(controller_name)/... The task is, I want to remove and replace index.php (default url) and admin.php with /admin/ using .htaccess (mod_rewrite) so it can be http://mydomain.com/(controller_name) <- 'public' application http://mydomain.com/admin/(controller_name) <- 'admin' application my current .htaccess (not working) is; # Turn on URL rewriting RewriteEngine On # Installation directory RewriteBase /ko3/ # Protect hidden files from being viewed Order Deny,Allow Deny From All # Protect application and system files from being viewed RewriteRule ^(?:web-apps|modules|core)\b.* index.php/$0 [L] # Allow any files or directories that exist to be displayed directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # TODO: rewrite admin URL to admin.php/URL #RewriteRule ^admin/(.*) admin.php/$0 [L] # Rewrite all other URLs to index.php/URL RewriteRule .* index.php/$0 [PT]

  Read the article

• mod_rewrite failing on uppercase dir

  - by user1855277

  I have a very basic mod_rewrite in a .htaccess file which I'm sure worked last time I looked at it, but now it is doing strange things with the case of the REQUEST_URI. It's intended purpose is to rewrite sub-domains to a given file, passing the subdomain as a php var of bnurl. Here is my code: RewriteCond %{REQUEST_URI}= "RSDEV/location/" [NC] RewriteCond %{HTTP_HOST} . RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteCond %{HTTP_HOST} ^([^.]+)\.mydomain\.co\.uk(:80)? [NC] RewriteRule ^RSDEV/location/$ RSDEV/newmain.php?bnurl=%1&accesstype=new [NC,L] Now, typing joebloggs.mydomain.co.uk/RSDEV/location/ into my web browser comes back with the response "The requested URL /RSDEV/location/ was not found on this server" which is a correct statement because /RSDEV/location/ is not a real directory, but why did it not rewrite to RSDEV/newmain.php?bnurl=joebloggs&accesstype=new as expected? Now, the really strange thing here is that if I enter joebloggs.mydomain.co.uk/rsdev/location/ into my browser (note rsdev is now lowercase), it correctly rewrites as expected. The script newmain.php is in dir RSDEV (uppercase) so if it was going to fail, I would have expected it to fail the other way round with the lowercase rsdev. As you can see, I have [NC] on each line. Is this my mod_rewrite code failing or some other mystical server force keeping me up all night?

  Read the article

• How secure is encryption?

  - by Stomped

  Let me preface this by saying I know nothing about encryption. I understand the basic concept of public key / private key encryption but I don't how easily it can be broken, if at all. If one were to believe the movies, encrypted data can be broken by a teenager with a decent computer in a few hours. I have a client who wants credit card information sent via email - encrypted of course, but I'm still not feeling terribly good about the idea. I feel it would be safer to store the info on the VPS, but even then its an unmanaged server and there's nobody watching it who knows much about security. So can anyone tell me if there's a safe way to store and/or send this data out? Thanks

  Read the article

• htaccess Rewriterule to make one query part of another

  - by Dan T

  I have a url /embed?t=X and I want to redirect it to /page/embed/X where X is any number of alpha numeric characters. I know must redirect rules go the other way but for the purpose of the applciation I need to reverse it. Any ideas? I have tried things like: RedirectRule ^embed\?t\=([a-zA-Z0-9]+)$ /page/embed/$1 but with no luck.

  Read the article

• Application Role and access second database

  - by lszk

  I have written a script to create an audit trails to my database in a second one db. So far I had no problems during tests on my dev machine from SQL Server Management Studio. Problems started to occurs when I first tried to test my triggers from my application by modyfing data in it. Using profiler I found out, that my audit trails db is not visible in sys.databases, so here lies the problem. The application using an Application Role, so as I found on MSDN, that's why I can't get access to other db on the server. I'm not a DBA. I have no experience with properly settings the security stuff, so please guide me, how can I set the setting for guest account (according to MSDN) to get access to this db? I need to have a record for this database in sys.databases and I need to be able to insert data in this database in all tables. No select, update or delete I need.

  Read the article

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >