Search Results

Search found 65593 results on 2624 pages for 'http put'.

Page 8/2624 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • HTTP Headers - need to check OPTIONS

    - by chris
    I've received the results of a pen test and there is some unwanted exposure in the HTTP OPTIONS where the fact that Frontpage Server Extensions was available (now removed) was reported. I need to run a check on the OPTIONS to see whether it has been removed. The test output from the report is below, I need to recreate it to establish that it has gone but don't know how to check the OPTIONS, I can only find tools that seem to check the "HEAD / HTTP/1.1". Does anyone know how to test this - I'm running a Windows environment? Many thanks OPTIONS / HTTP/1.1 Host: www.website.com HTTP/1.1 200 OK Allow: OPTIONS, TRACE, GET, HEAD Content-Length: 0 Server: Microsoft-IIS/6.0 Public: OPTIONS, TRACE, GET, HEAD, POST MS-Author-Via: MS-FP/4.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Date: Fri, 01 Feb 2010 16:09:15 GMT

    Read the article

  • Apache, Tomcat 5 and problem with HTTP basic auth

    - by Juha Syrjälä
    I have setup a Tomcat with a webapp that uses http basic auth in some of its URLs. There is a Apache server in front of the Tomcat. I have setup Apache as a proxy like this (all traffic should go directly to tomcat): /etc/httpd/conf.d/proxy_ajp.conf: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ There is a webapp installed to root of Tomcat (ROOT.war), so I should be able to use http://localhost/ to access my webapp. But it is not working with http basic auth. The problem is that everything works until I try to access URL that are protected by the HTTP basic auth. URLs without authentication work just fine. When accessing this url via apache I am getting an error message from Apache. If I access the same URL directly from tomcat, everything works just fine. I am getting this to Apache error log: [Wed Sep 01 21:34:01 2010] [error] proxy: dialog to [::1]:8009 (localhost) failed access log looks like this: ::1 - - [01/Sep/2010:21:34:01 +0300] "GET /protected_path/ HTTP/1.0" 503 360 "-" "w3m/0.5.2" I am using: Fedora release 13 (Goddard) httpd-2.2.16-1.fc13.x86_64 tomcat5-5.5.27-7.4.fc12.noarch The basic auth is implemented in the webapp (not in Apache or Tomcat). The webapp is actually implemented in Scala/Lift, but that shouldn't matter. The auth works if I access the tomcat directly. Error message that I am getting from Apache. It is curious that the title is Unauthorized and not Internal error: Unauthorized The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.16 (Fedora) Server at my.server.name.com Port 80 It could be that Apache is seeing a some thing else than 200 OK response and thinks that it is an error when it actually should pass the received 401 Unauthorized response directly to browser. If this is the problem, how to fix it?

    Read the article

  • XNA Notes 005

    - by George Clingerman
    Another week and another crazy amount of activity going on in the XNA community. I’m fairly certain I missed over half of it. In fact, if I am missing things, make sure to email me and I’ll try and make sure I catch it next week! ([email protected]). Also, if you’ve got any advice, things you like/don’t like about the way these XNA Notes are going let me know. I always appreciate feedback (currently spammers are leaving me the nicest comments so you guys have work to do!) Without further ado, here’s this week’s notes! Time Critical XNA News The XNA Team Blob reminds us that February 7th is the last day to submit XNA 3.1 games to peer review! http://blogs.msdn.com/b/xna/archive/2011/01/31/7-days-left-to-submit-xna-gs-3-1-games-on-app-hub.aspx XNA MVPS Chris Williams kicks off the marketing campaign for our book http://geekswithblogs.net/cwilliams/archive/2011/01/28/143680.aspx Catalin Zima posts the comparison cheat sheet for why Angry Birds is different than Chickens Can’t Fly http://www.amusedsloth.com/2011/02/comparison-cheat-sheet-for-chickens-cant-fly-and-angry-birds/ Jim Perry congratulates the developers selected by Game Developer Magazine for Best Xbox LIVE Indie Games of 2010 http://machxgames.com/blog/?p=24 @NemoKrad posts his XNAKUUG talks for all to enjoy http://twitter.com/NemoKrad/statuses/33142362502864896 http://xna-uk.net/blogs/randomchaos/archive/2011/02/03/xblig-uk-2011-january-amp-february-talk.aspx George  (that’s me!) preps for his XNA talk coming up on the 8th http://twitter.com/clingermangw/statuses/32669550554124288 http://www.portlandsilverlight.net/Meetings/Details/15 XNA Developers FireFly posts the last tutorial in his XNA Tower Defense tutorial series http://forums.create.msdn.com/forums/p/26442/451460.aspx#451460 http://xnatd.blogspot.com/2011/01/tutorial-14-polishing-game.html @fredericmy posts the main difference when porting a game from Windows Phone 7 to Xbox 360 http://fairyengine.blogspot.com/2011/01/main-differences-when-porting-game-from.html @ElementCy creates a pretty rad video of a MineCraft type terrain created using XNA http://www.youtube.com/watch?v=Waw1f7wnl9I Andrew Russel gets the first XNA badge on gamedev.stackexchange http://twitter.com/_AndrewRussell/statuses/32322877004972032 http://gamedev.stackexchange.com/badges?tab=tags And his funding for ExEn has passed $7000 only $3000 to go http://twitter.com/_AndrewRussell/statuses/33042412804771840 Subodh Pushpak blogs about his Windows Phone 7 XNA talk http://geekswithblogs.net/subodhnpushpak/archive/2011/02/01/windows-phone-7-silverlight--xna-development-talk.aspx Slyprid releases the latest version of Transmute and needs more people to test http://twitter.com/slyprid/statuses/32452488418299904 http://forgottenstarstudios.com/ SpynDoctorGames celebrates the 1 year anniversary of Your Doodles Are Bugged! Congrats! http://twitter.com/SpynDoctorGames/statuses/32511689068908544 Noogy (creator of Dust the Elysian Tail) prepares his conversion to XNA 4.0 http://twitter.com/NoogyTweet/statuses/32522008449253376 @philippedasilva posts about the Indiefreaks Game Framework v0.2.0.0 Input management system http://twitter.com/philippedasilva/statuses/32763393957957632 http://indiefreaks.com/2011/02/02/behind-smart-input-system-feature/ Mommy’s Best Games debates what to do about High Scores with their new update http://mommysbest.blogspot.com/2011/02/high-score-shake-up.html @BinaryTweedDeej want to know if there’s anything the community needs to make XNA games for the PC. Give him some feedback! http://twitter.com/BinaryTweedDeej/status/32895453863354368 @mikebmcl promises to write us all a book (I can’t wait to read it!) http://twitter.com/mikebmcl/statuses/33206499102687233 @werezompire is going to live, LIVE, thanks to all the generosity and support from the community! http://twitter.com/werezompire/statuses/32840147644977153 Xbox LIVE Indie Games (XBLIG) Making money in Xbox 360 indie game development. Is it possible? http://www.bitmob.com/articles/making-money-in-xbox-360-indie-game-development-is-it-possible @AlejandroDaJ posts some thoughts abut the bitmob article http://twitter.com/AlejandroDaJ/statuses/31068552165330944 http://www.apathyworks.com/blog/view.php?id=00215 Kobun gets my respect as an XBLIG champion. I’m not sure who Kobun is, but if you’ve every read through the comment sections any time Kotaku writes about XBLIGs you’ll see a lot of confusion, disinformation in there. Kobun has been waging a secret war battling that lack of knowledge and he does it well. Also he’s running a pretty kick ass site for Xbox LIVE Indie Game reviews http://xboxindies.teamkobun.com/ @radiangames releases his last Xbox LIVE Indie Game...for now http://bit.ly/gMK6lE Playing Avaglide with the Kinect controller http://www.youtube.com/watch?v=UqAYbHww53o http://www.joystiq.com/2011/01/30/kinect-hacks-take-to-the-skies-with-avaglide/ Luke Schneider of Radiangames interviewed in Edge magazine http://www.next-gen.biz/features/radiangames-venture Digital Quarters posts thoughts on why XBLIG’s online requirement kills certain genres http://digitalquarters.blogspot.com/2011/02/thoughts-why-xbligs-online-requirement.html Mommy’s Best Games shares the news that several XBLIGs were featured in the March 2011 issue of Famitsu 360 http://forums.create.msdn.com/forums/p/33455/451487.aspx#451487 NaviFairy continues with his Indie-Game-A-Day http://gaygamer.net/2011/02/indie_game_a_day_epic_dungeon.html http://gaygamer.net/2011/02/indie_game_a_day_break_limit_r.html and more every day...that’s kind of the point! Keep your eye on this series! VVGTV continues with it’s awesome reviews/promotions for XBLIGs http://vvgtv.com/ http://vvgtv.com/2011/02/03/iredia-atrams-secret-xblig-review-2/ http://vvgtv.com/2011/02/02/poopocalypse-coming-soon-to-xblig/ ….and even more, you get the point. Magicka is an Indie Game doing really well on Steam AND it’s made using XNA http://www.magickagame.com/ http://twitter.com/Magickagame/statuses/32712762580799488 GameMarx reviews Antipole http://www.gamemarx.com/reviews/73/antipole-is-vvvvvvery-good.aspx Armless Octopus review Alpha Squad http://www.armlessoctopus.com/2011/01/28/xbox-indie-review-alpha-squad/ An interesting article about Kodu that Jim Perry found http://twitter.com/MachXGames/statuses/32848044105924608 http://www.develop-online.net/news/36915/10-year-old-Jordan-makes-games-The-UK-needs-more-like-her XNA Game Development Sgt. Conker posts about the Natur beta, a new book and whether you can make money with XBLIG http://www.sgtconker.com/ http://www.sgtconker.com/2011/01/a-new-book-on-the-block-and-a-new-natur-beta/ http://www.sgtconker.com/2011/01/making-money-in-xbox-360-indie-game-development-is-it-possible/ Tips for setting up SVN http://bit.ly/fKxgFh @bsimser found tons of royalty free music and soundfx for your XNA Games http://twitter.com/bsimser/statuses/31426632933711872 Post on the new features in the next Sunburn Editor http://www.synapsegaming.com/blogs/fivesidedbarrel/archive/2011/01/28/new-editor-features-prefabs-components-and-more.aspx @jasons_novaleaf posts source code for light pre-pass optimizations for #xna http://twitter.com/jasons_novaleaf/statuses/33348855403642880 http://jcoluna.wordpress.com/2011/02/01/xna-4-0-light-pre-pass-optimization-round-one/ I’ve been learning about doing an A.I. for turn based games and this article was a great resource. http://www.gamasutra.com/view/feature/1535/designing_ai_algorithms_for_.php?print=1

    Read the article

  • HTTP Compression Proxy

    - by Praveen
    I'm looking for a HTTP compression proxy. Basically, I need a proxy to compress images and text to be transferred over a slow internet connection when accessing the web. To put it into a diagram CLIENT ---/fast local network/--- HTTP COMPRESSION PROXY ---/slow internet connection/--- WEB (e.g. Facebook, Wiki, Google) I will be using Squid for caching but from what i've it does not support HTTP compresion (gzip, deflate)

    Read the article

  • top tweets WebLogic Partner Community – September 2012

    - by JuergenKress
    Send your tweets @wlscommunity #WebLogicCommunity and follow us at http://twitter.com/wlscommunity Oracle Exalogic? VIDEO: Oracle Public Cloud Built on Exalogic!, http://www.youtube.com/watch?v=UGzjDloUw_s&feature=plcp … oracleopenworld #NetBeans Community Day at #JavaOne http://ow.ly/dunFL Oracle Cloud Zone Building an enterprise Cloud? Have Oracle show you the RIGHT way to plan, deploy and monitor enterprise clouds.... http://fb.me/286978S4S OTNArchBeat? Oracle Exalogic X2-2 walk-through with Brad Cameron | @jvzoggel http://pub.vitrue.com/yE7d Oracle Technet? Stash your cash. September OTN Member Offers - discounts on books, more | OTN Blog http://pub.vitrue.com/yTr9 C2B2 Consulting? C2B2 is Speaking at @UKOUG App Server Middleware SIG Meeting 'Real Life #WebLogic Performance Tuning' http://www.c2b2.co.uk/ukoug_application_server_middleware_sig_meeting … @wlscommunity JAXenter.com? From yesterday, @smeyen offers his views on the next generation #Java - do you agree? http://jaxenter.com/next-gen-java-we-don-t-need-another-revolutionary-44334.html … Markus Eisele? Awesome: professor from ITU uploads her programming lectures to #YouTube. Programming classes without having to pay! http://bit.ly/UtkJIW Adam Bien? Real World Java EE 6 Patterns--Rethinking Best Practices Reloaded: A completely rewritten, second, iteration of ... http://bit.ly/Qc3xTH Markus Eisele [blog] #PrimeFaces Push with #Atmosphere on #GlassFish 3.1.2.2 http://goo.gl/fb/jPDzA Lucas Jellema? Forms community event at Oracle Open World - Tuesday, 2nd Oct with the BIG names in Forms - see: http://oracleformsinfo.wordpress.com/2012/08/28/ask-the-product-manager-join-us-at-the-oracle-forms-community-event-at-openworld-2012/ … WebLogic Community WebLogic & Coherence & Cloud presentations for customer meetings http://wp.me/p1LMIb-kw Adam Bien? New Book: Rethinking Best Practices with Java EE 6 is out: http://realworldpatterns.com (fully rewritten, re-edited and reformatted) WebLogic Community? Want to become and WebLogic 12c expert? free WebLogic 12c partner bootcamps &ndash;new locations: Madrid Spain http://wp.me/p1LMIb-kK WebLogic Community? Promote Your WebLogic events at http://oracle.com http://wp.me/p1LMIb-ku OracleBlogs Gartner review Oracle ADF http://ow.ly/1mgkCV Simon Haslam Next #ukoug App Server & MW SIG on 10 Oct: http://www.ukoug.org/events/ukoug-application-server-and-middleware-sig-meeting8/ … Hopefully plenty of good admin stuff! Michel Schildmeijer My book "WebLogic 12c; First look" has been reviewed again..see http://www.amazon.com/review/R28L6E3CC9RPMK/ref=cm_cr_pr_perm?ie=UTF8&ASIN=1849687188&linkCode=&nodeID=&tag= … … Markus Eisele? #Weblogic 11g Interactive Quick Reference Map: http://bit.ly/Ugsq52 #wls #oracle #reference /via @TonyvanEsch Marc? Playing with #syslog server and #weblogic. Is there a simple how-to to configure all the logging from #WLS to #syslog-ng WebLogic Community Java update http://wp.me/p1LMIb-kI WebLogic Community top tweets WebLogic Partner Community &ndash; August 2012 http://wp.me/p1LMIb-kA Andrejus Baranovskis? Oracle University Training: ADF/WebCenter 11g Development in Depth | Andrejus Baranovskis http://fb.me/253ZTS2zp OracleSupport_WLS? How neat is a free tool that allows you to inspect and debug traffic from virtually any application? http://pub.vitrue.com/vXdP WebLogic Community WebLogic Partner Community Newsletter August 2012 http://wp.me/p1LMIb-kn OTNArchBeat Integrating Coherence & Java EE 6 Applications using ActiveCache | Ricardo Ferreira http://pub.vitrue.com/rwGg Adam Bien? Thanks for attending the #javaee #techtalk "Enterprise Java 2.0" I pushed the project and slides to: http://kenai.com/projects/javaee-patterns/sources/hg/show/hacks/techtalk2012?rev=429 … JDeveloper & ADF? How to service-enable Oracle ADF Business Components http://ht.ly/1mcfsZ OracleSupport_WLS? Do you know that #WebLogic 12.1.1.0 is certified for production with JDK 7? @ http://pub.vitrue.com/35Kn Andreas Koop? My latest upload : WebLogic Administration und Deployment mit WLST on @slideshare http://www.slideshare.net/multikoop/weblogic-administration-und-deployment-mit-wlst … OTNArchBeat? Demo for OPN: Oracle Coherence Management with EM Cloud Control 12c http://pub.vitrue.com/reoo Markus Eisele? [blog] Java Champions at #JavaOne 2012 http://goo.gl/fb/Ibb6N #javachampion OracleBlogs Buy This Book!: Oracle Exalogic Elastic Cloud Handbook http://ow.ly/1malM1 WebLogic Community? Coherence Management with EM Cloud Control 12c &ndash;demo for partners http://wp.me/p1LMIb-iE Arun Gupta? Learn how Java can help Internet of Things at Java Embedded at JavaOne: http://bit.ly/POBizh WebLogic Community? Follow WebLogicCommunity on facebook http://www.facebook.com/WebLogicCommunity … #WebLogicCommunity WebLogic Community? Building Java EE in the Cloud–Webcast August 30th 2012 https://weblogiccommunity.wordpress.com/2012/08/27/building-java-ee-in-the-cloudwebcast-august-30th-2012/ … #WebLogicCommunity #Java #oracle #opn WebLogic Community? Call for WebLogic Community newsletter content. Please send @wlscommunity #WebLogicCommunity OracleSupport_WLS? The #weblogic wasp: lots of tips, Q&A and examples http://pub.vitrue.com/v0bw Frank Nimphius? Free ADF Best Practices Webinar by Andrejus Baranovskis for ODTUG (18, 2012 12:00 PM - 1:00 PM EDT) http://bit.ly/OiSWbi ADF Code Corner Webcast- Friday September 14, 8:30 AM - 9.00 AM (CET) - ADF as a basis of Fusion Apps (in English) - with Chris Muir: http://bit.ly/OiQVMb Oracle WebLogic? New blog post: Developing Custom User Principal Object http://pub.vitrue.com/ltam JAX London? Just 4days left to get in on the early bird special, don't miss out!! http://jaxlondon.com/ #JAXLondon #Java WebLogic Community Building Java EE in the Cloud&ndash;Webcast August 30th 2012 http://wp.me/p1LMIb-kE Andrejus Baranovskis? New Record Master-Detail Validation and ADF BC Groovy Use Case http://fb.me/1D2NEIl8g JAX London? Don't miss out!!! Only 6 days left to make use of our early bird offer #JAXLondon #JAVA http://jaxlondon.com/ Michel Schildmeijer Qualogy launches Proof of Concept Center for Oracle Fusion Applications http://www.qualogy.com/qualogy-launches-proof-of-concept-center-for-oracle-fusion-applications/ … via @Qualogy_news OracleSupport_WLS ?Need to troubleshoot redeployment failure in #Weblogic? Check this http://pub.vitrue.com/auhz OracleEnterpriseMgr? Blog : Managing Oracle #Exalogic Elastic #Cloud with Oracle Enterprise Manager Ops Center http://ow.ly/dd40e #em12c ODTUG? Want free advanced technical ADF training?Join @andrejusb for an @odtug webinar! check out his blog for more info http://bit.ly/SvKJDq chriscmuir Oracle Open World 2012 and ADF EMG http://zite.to/QyusZE OTNArchBeat? Boost your infrastructure with Coherence into the Cloud | Nino Guarnacci http://pub.vitrue.com/v3aJ WebLogic Community? Presentations & Training material OFM Summer Camps & Impressions & Feedback http://wp.me/p1LMIb-ks Arun Gupta? Java EE 6 pocket guide by O'Reilly available for pre-order from Amazon: http://amzn.to/O6YyoP and B&N: http://bit.ly/NjWLk1 OTNArchBeat Joining the Existing Cluster in Coherence | A. Fuat Sungur http://pub.vitrue.com/6uLh Andrejus Baranovskis Sample Application for Switching Application Module Data Sources http://fb.me/1PSURUzch OTNArchBeat Oracle WebLogic DevCast: Building Java EE in the Cloud - August 30 - 10am PT/ 1pm ET http://pub.vitrue.com/xXg0 OTNArchBeat? GlassFish Community Event at #javaone - Sept 30 -11am – 1pm -Moscone South. Register Now! http://pub.vitrue.com/p2f5 OracleSupport_WLS? Connecting To HTTPS Site Using Simple Java Program When Using Proxy http://pub.vitrue.com/stVv Michel Schildmeijer? Before you go to #OOW take the sneak preview of WebLogic 12c with you: http://www.qualogy.com/ga-nog-niet-naar-oow-en-neem-mee-weblogic-12c/ … via @Qualogy_news Simon Haslam? Even more great ADF content at #oow2012 this year including a packed ADF EMG day on Sunday: https://blogs.oracle.com/onesizedoesntfitall/entry/the_year_after_the_year … OracleBlogs ExaLogic trainings for partners http://ow.ly/1m6a5D Robin? First presentation on DOAG conference (thanks to @Steffen2042) "Weblogic Server for Dummies". Now I´m pretty excited :) http://www.doag.org/de/events/konferenzen/doag-2012.html … Markus Eisele There is a #facebook page for the upcoming #Java Mission Control (JRockit Mission Control for #Hotspot)! ttp://on.fb.me/Q31oyA Adam Bien? The almost free #javaee workshop in Rapperswil has only 60 registrations so far: http://www.adam-bien.com/roller/abien/entry/enterprise_java_2_0_swiss … What's the problem? :-) WebLogic Community ExaLogic trainings for partners http://wp.me/p1LMIb-iC OracleBlogs How to install Oracle Weblogic Server using Generic Package installer? http://ow.ly/1m5ms7 OracleSupport_WLS #Weblogic Server new blog post - Developing Custom User Principal Object http://pub.vitrue.com/ltam OracleBlogs? Architects and Architecture at JavaOne 2012 http://ow.ly/1m4oS5 WebLogic Community Are you WebLogic or Application Grid Specialized? Do you get Recognized? Get your plaque https://weblogiccommunity.wordpress.com/2012/08/21/plaques-weblogic-application-grid-specialization/ … #WebLogicCommunity #opn WebLogic Community? Plaques WebLogic & Application Grid Specialization http://wp.me/p1LMIb-iA JDeveloper & ADF? First Steps With Oracle Application Testing Suite: Recording a Test With OpenScript http://dlvr.it/222npy WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: twitter,WebLogic,WebLogic Community,Oracle,OPN,Jürgen Kress

    Read the article

  • HTTP-DAV on IIS 7.0

    - by Ismail
    I wan't to integrate .NET Application Updater Component in my application for auto update of client application. It says The .NET Application Updater component uses HTTP-DAV to download the application update and thus requires a Web server that supports HTTP-DAV. IIS 5.0 that comes with Windows 2000 and newer operating systems support HTTP-DAV. My server is a Windows 2008 Server and runs IIS 7.0. Does IIS 7.0 support "HTTP-DAV"? And if yes how can I enable it?

    Read the article

  • Incorrect gzipping of http requests, can't find who's doing it

    - by Ned Batchelder
    We're seeing some very strange mangling of HTTP responses, and we can't figure out what is doing it. We have an app server handling JSON requests. Occasionally, the response is returned gzipped, but with incorrect headers that prevent the browser from interpreting it correctly. The problem is intermittent, and changes behavior over time. Yesterday morning it seemed to fail 50% of the time, and in fact, seemed tied to one of our two load-balanced servers. Later in the afternoon, it was failing only 20 times out of 1000, and didn't correlate with an app server. The two app servers are running Apache 2.2 with mod_wsgi and a Django app stack. They have identical Apache configs and source trees, and even identical packages installed on Red Hat. There's a hardware load balancer in front, I don't know the make or model. Akamai is also part of the food chain, though we removed Akamai and still had the problem. Here's a good request and response: * Connected to example.com (97.7.79.129) port 80 (#0) > POST /claim/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > Referer: http://example.com/apps/ > Accept-Encoding: gzip,deflate > Content-Length: 29 > Content-Type: application/x-www-form-urlencoded > } [data not shown] < HTTP/1.1 200 OK < Server: Apache/2 < Content-Language: en-us < Content-Encoding: identity < Content-Length: 47 < Content-Type: application/x-javascript < Connection: keep-alive < Vary: Accept-Encoding < { [data not shown] * Connection #0 to host example.com left intact * Closing connection #0 {"msg": "", "status": "OK", "printer_name": ""} And here's a bad one: * Connected to example.com (97.7.79.129) port 80 (#0) > POST /claim/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > Referer: http://example.com/apps/ > Accept-Encoding: gzip,deflate > Content-Length: 29 > Content-Type: application/x-www-form-urlencoded > } [data not shown] < HTTP/1.1 200 OK < Server: Apache/2 < Content-Language: en-us < Content-Encoding: identity < Content-Type: application/x-javascript < Content-Encoding: gzip < Content-Length: 59 < Connection: keep-alive < Vary: Accept-Encoding < X-N: S < { [data not shown] * Connection #0 to host example.com left intact * Closing connection #0 ?V?-NW?RPR?QP*.I,)-???A??????????T??Z? ??/ There are two things to notice about the bad response: It has two Content-Encoding headers, and the browsers seem to use the first. So they see an identity encoding header, and gzipped content, so they can't interpret the response. The bad response has an extra "X-N: S" header. Perhaps if I could find out what intermediary adds "X-N: S" headers to responses, I could track down the culprit...

    Read the article

  • Strange request - http://66.196.81.202/error/vote

    - by mplungjan
    Hi a friend of mine is asking about the request which can for example be found here: http://www.geoidee.ch/geodata/geoserver-2.0.0/logs/2010_11_23.request.log His original message: On a couple of hundred web sites worldwide, one of the 50 most popular "File not found" error 404 is caused by the following request: "GET http://66.196.81.202/error/vote HTTP/1.0" It originates from a user agent that purports to be an iPhone. The two requests that hit my servers appeared to originate near Frankfort, Germany. The IP address in the request is part of Yahoo although I doubt that Yahoo had any intentional part. fe1.buzz.vip.re1.yahoo.com The HTTP request has a host header 66.196.81.202 and a X-Forwarded-For of 96.6.99.16 and my IP address I expected to be able to do a Google search and find some kind of security bulletin on it, but I found nothing. It could just be that my search skills are deficient. Thanks for any pointers to what this could be

    Read the article

  • http(/* argument here */) How is this Object (Http) being used without an explicit or implicit meth

    - by Randin
    In the example for coding with Json using Databinder Dispatch Nathan uses an Object (Http) without a method, shown here: import dispatch._ import Http._ Http("http://www.fox.com/dollhouse/" >>> System.out ) How is he doing this? Thank you for all of the answers unfortunatly I was not specific enough... It looks like it is simply passing an argument to a constructor of class or companion object Http. In another example, I've seen another form: http = new Http http(/* argument here */) Is this valid Scala? I guess it must be, because the author is a Scala expert. But it makes no sense to me. Actions are usually performed by invoking methods on objects, whether explicitly as object.doSomething() or implicitly as object = something (using the apply() method underneath the syntactic sugar). All I can think of is that a constructor is being used to do something in addition to constructing an object. In other words, it is having side effects, such as in this case going off and doing something on the web.

    Read the article

  • Eclipse 3.5.1 update error (HTTP 503)

    - by PiedPiper
    I'm trying to update Eclipse 5.3.1 (on Gentoo Linux) from the Galileo Discovery Site and I get this error message: Network connection problems encountered during search. Unable to access "http://download.eclipse.org/releases/galileo". Error accessing site stream. [Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd] Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd Error accessing site stream. [Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd] Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd It seems the 503 error code is intended to stop software from constantly downloading this file from w3.org. But how do I persuade Eclipse to stop requesting it?

    Read the article

  • Mercurial mirror: abort: No such file or directory: http://[...]/00manifest.i

    - by Sridhar Ratnakumar
    I am trying to setup a daily mirror of a mercurial repository - code.python.org in particular - within our local network, and serve that via Apache HTTPD. On the remote host that hosts apache, I did this: $ cd /var/www $ hg clone http://code.python.org/hg/trunk/ On my macbook, I ran: $ hg -v clone http://remote/trunk/ (falling back to static-http) abort: No such file or directory: http://remote/trunk/.hg/store/00manifest.i Google does not show any relevant result for this particular error. I remember back in those days being able to setup Bazaar mirrors by a simple clone. Doesn't Mercurial work like that? How do I setup a mirror that must further act like a clone URL?

    Read the article

  • ftp server offering http access ?

    - by MikeJ
    Is there an FTP server that can also provide access via HTTP? Or what do I need to do to set up the mirror of FTP through HTTP access ? Some of my clients cannot access our FTP because of corporate policy and cannot get updates from me. However, they can use HTTP. Currently I use filezilla because it was fast/easy to set up but would switch to something with more flexibility.

    Read the article

  • check file revision through http only

    - by romant
    if the svn repo is exposed through say : http://svn to the users, and there's a file called script.sh Is there a way one can get the latest revision number of script.sh by means of just http access? Something along the lines of http://svn/rev?script.sh ?! Thank you.

    Read the article

  • Limit HTTP VERBS on Apache2

    - by user72295
    I am trying to limit the use of certain HTTP verbs on my site. I entered the following into my VirtualHost config file within the Directory element: <Limit GET POST HEAD> Allow from all </Limit> <Limit PUT DELETE OPTIONS> Deny from all </Limit> This seemed to work but with unexpected results: I ran the following telnet/HTTP commands before and after this change, open server 80 OPTIONS server/abs_path HTTP/1.1 User-Agent: Telnet/1.0 Host: server before the change I received a successful response with the Allowed headers. After the change, however, I was expecting to receive a 405 'Method not allowed' response but rather I received a 403 'Access Forbidden' response. What do I need to change in apache to return the 405 HTTP response? Many thanks

    Read the article

  • Configure tomcat behind loadbalancer to respond on HTTP and HTTPS

    - by user253530
    I have 2 tomcat machines behind a load balancer on Amazon EC2. Until now The load balancer was configured to respond only on https. So in order to access our services you would go to https://url. Tomcat was configured to listen on 8080 but the connector had additional params that would tell tomcat that it is behind a proxy and that it should respond on HTTPS 443. The connector looks like this: <Connector scheme="https" secure="true" proxyPort="443" proxyHost="my.domain.name" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" /> What i would like to do is to open port 80 on the load balancer and basically allow traffic on HTTP and HTTPS. I've configured the load balancer to redirect all HTTP traffic to the tomcat machines on port 8088. I was thinking that i could define a new connector so that all HTTPS traffic goes to 8080 and HTTP to 8088. Unfortunately i did not succeed. Here is my connector <Connector port="8088" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" /> Am I missing something? Thanks

    Read the article

  • Mercurial mirror: abort: No such file or directory: http://[...]/00manifest.i

    - by Sridhar Ratnakumar
    I am trying to setup a daily mirror of a mercurial repository - code.python.org in particular - within our local network, and serve that via Apache HTTPD. On the remote host that hosts apache, I did this: $ cd /var/www $ hg clone http://code.python.org/hg/trunk/ On my macbook, I ran: $ hg -v clone http://remote/trunk/ (falling back to static-http) abort: No such file or directory: http://remote/trunk/.hg/store/00manifest.i Google does not show any relevant result for this particular error. I remember back in those days being able to setup Bazaar mirrors by a simple clone. Doesn't Mercurial work like that? How do I setup a mirror that must further act like a clone URL?

    Read the article

  • Understanding tcptraceroute versus http response

    - by kojiro
    I'm debugging a web server that has a very high wait time before responding. The server itself is quite fast and has no load, so I strongly suspect a network problem. Basically, I make a web request: wget -O/dev/null http://hostname/ --2013-10-18 11:03:08-- http://hostname/ Resolving hostname... 10.9.211.129 Connecting to hostname|10.9.211.129|:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘/dev/null’ 2013-10-18 11:04:11 (88.0 KB/s) - ‘/dev/null’ saved [13641] So you see it took about a minute to give me the page, but it does give it to me with a 200 response. So I try a tcptraceroute to see what's up: $ sudo tcptraceroute hostname 80 Password: Selected device en2, address 192.168.113.74, port 54699 for outgoing packets Tracing the path to hostname (10.9.211.129) on TCP port 80 (http), 30 hops max 1 192.168.113.1 0.842 ms 2.216 ms 2.130 ms 2 10.141.12.77 0.707 ms 0.767 ms 0.738 ms 3 10.141.12.33 1.227 ms 1.012 ms 1.120 ms 4 10.141.3.107 0.372 ms 0.305 ms 0.368 ms 5 12.112.4.41 6.688 ms 6.514 ms 6.467 ms 6 cr84.phlpa.ip.att.net (12.122.107.214) 19.892 ms 18.814 ms 15.804 ms 7 cr2.phlpa.ip.att.net (12.122.107.117) 17.554 ms 15.693 ms 16.122 ms 8 cr1.wswdc.ip.att.net (12.122.4.54) 15.838 ms 15.353 ms 15.511 ms 9 cr83.wswdc.ip.att.net (12.123.10.110) 17.451 ms 15.183 ms 16.198 ms 10 12.84.5.93 9.982 ms 9.817 ms 9.784 ms 11 12.84.5.94 14.587 ms 14.301 ms 14.238 ms 12 10.141.3.209 13.870 ms 13.845 ms 13.696 ms 13 * * * … 30 * * * I tried it again with 100 hops, just to be sure – the packets never get there. So how is it that the server does respond to requests via http, even after a minute? Shouldn't all requests just die? I'm not sure how to proceed debugging why this server is slow (as opposed to why it responds at all).

    Read the article

  • setup dns to redirect all http requests on a specific machine in LAN

    - by mox601
    Hello, i should set up the following configuration with 2 machines: machine A issues HTTP requests machine B serves the pages requested by A For testing purposes, i want that EVERY HTTP request issued by machine A gets served by machine B. For example, machine A browser tries to access www.website.com/article.php?1234 machine B has a folder in its http server that has the content and replies to A. How can I set up a dns on machine B to point ALL requests to itself? Thanks

    Read the article

  • Splitting an HTTP request into multiple byte-range requests

    - by redpola
    I have arrived at the unusual situation of having two completely independent Internet connections to my home. This has the advantage of redundancy etc but the drawback that both connections max out at about 6Mb/s. So one individual outbound http request is directed by my "intelligent gateway" (TP-LINK ER6120) out over one or the other connection for its lifetime. This works fine over complex web pages and utilises both external connects fine. However, single-http-request downloads are limited to the maximum rate of one of the two connections. So I'm thinking, surely I can setup some kind of proxy server to direct all my http requests to. For each incoming http request, the proxy server will issue multiple byte-range requests for the desired data and manage the reassembly and delivery of that data to the client's request. I can see this has some overhead, and also some edge cases where there will be blocking problems waiting for data. I also imagine webmasters of single-servers would rather I didn't hit them with 8 byte-range requests instead of one request. How can I achieve this http request deconstruct/reconstruction? Or am I just barking mad?

    Read the article

  • What is correct HTTP status code when redirecting to a login page?

    - by PHP_Jedi
    When a user is not logged in and tries to access an page that requires login, what is the correct HTTP status code for a redirect to the login page? I don't feel that any of the 3xx fit that description. 10.3.1 300 Multiple Choices The requested resource corresponds to any one of a set of representations, each with its own specific location, and agent- driven negotiation information (section 12) is being provided so that the user (or user agent) can select a preferred representation and redirect its request to that location. Unless it was a HEAD request, the response SHOULD include an entity containing a list of resource characteristics and location(s) from which the user or user agent can choose the one most appropriate. The entity format is specified by the media type given in the Content- Type header field. Depending upon the format and the capabilities of the user agent, selection of the most appropriate choice MAY be performed automatically. However, this specification does not define any standard for such automatic selection. If the server has a preferred choice of representation, it SHOULD include the specific URI for that representation in the Location field; user agents MAY use the Location field value for automatic redirection. This response is cacheable unless indicated otherwise. 10.3.2 301 Moved Permanently The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise. The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request. 10.3.3 302 Found The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field. The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: RFC 1945 and RFC 2068 specify that the client is not allowed to change the method on the redirected request. However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client. 10.3.4 303 See Other The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable. The different URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). Note: Many pre-HTTP/1.1 user agents do not understand the 303 status. When interoperability with such clients is a concern, the 302 status code may be used instead, since most user agents react to a 302 response as described here for 303. 10.3.5 304 Not Modified If the client has performed a conditional GET request and access is allowed, but the document has not been modified, the server SHOULD respond with this status code. The 304 response MUST NOT contain a message-body, and thus is always terminated by the first empty line after the header fields. The response MUST include the following header fields: - Date, unless its omission is required by section 14.18.1 If a clockless origin server obeys these rules, and proxies and clients add their own Date to any response received without one (as already specified by [RFC 2068], section 14.19), caches will operate correctly. - ETag and/or Content-Location, if the header would have been sent in a 200 response to the same request - Expires, Cache-Control, and/or Vary, if the field-value might differ from that sent in any previous response for the same variant If the conditional GET used a strong cache validator (see section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers. If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional. If a cache uses a received 304 response to update a cache entry, the cache MUST update the entry to reflect any new field values given in the response. 10.3.6 305 Use Proxy The requested resource MUST be accessed through the proxy given by the Location field. The Location field gives the URI of the proxy. The recipient is expected to repeat this single request via the proxy. 305 responses MUST only be generated by origin servers. Note: RFC 2068 was not clear that 305 was intended to redirect a single request, and to be generated by origin servers only. Not observing these limitations has significant security consequences. 10.3.7 306 (Unused) The 306 status code was used in a previous version of the specification, is no longer used, and the code is reserved. 10.3.8 307 Temporary Redirect The requested resource resides temporarily under a different URI. Since the redirection MAY be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field. The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s) , since many pre-HTTP/1.1 user agents do not understand the 307 status. Therefore, the note SHOULD contain the information necessary for a user to repeat the original request on the new URI. If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. I'm using 302 for now, until I find THE correct answer.

    Read the article

  • Parsing every part of an HTTP header field-value

    - by brickner
    Hi all. I'm parsing HTTP data directly from packets (either TCP reconstructed or not, you can assume it is). I'm looking for the best way to parse HTTP as accurately as possible. The main issue here is the HTTP header. Looking at the basic RFC of HTTP/1.1, it seems that HTTP header parsing would be complex. The RFC describes very complex regular expressions for different parts of the header. Should I write these regular expressions to parse the different parts of the HTTP header? The basic parsing I've written so far for HTTP header is for the generic HTTP header: message-header = field-name ":" [ field-value ] And I've included replacing inner LWS with SP and repeating headers with the same field-name with comma separated values as described in section 4.2. However, looking at section 14.9 for example would show that in order to parse the different parts of the field-value I need a much more complex parsing scheme. How do you suggest I should handle the complex parts of HTTP parsing (specifically the field-value) assuming I want to give the parser users the full capabilities of HTTP and to parse every part of HTTP? Design suggestions for this would also be appreciated. Thanks.

    Read the article

  • .htaccess blocking images on some internal pages

    - by jethomas
    I'm doing some web design for a friend and I noticed that everywhere else on her site images will load fine except for the subdirectory I'm working in. I looked in her .htaccess file and sure enough it is setup to deny people from stealing her images. Fair Enough, except the pages i'm working on are in her domain and yet I still get the 403 error. I'm pasting the .htaccess contents below but I replaced the domain names with xyz, 123 and abc. So specifically the page I'm on (xyz.com/DesignGallery.asp) pulls images from (xyz.com/machform/data/form_1/files) and it results in a forbidden error. RewriteEngine on <Files 403.shtml> order allow,deny allow from all </Files> RewriteCond %{HTTP_REFERER} !^http://xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/data/form_1/files/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/data/form_1/files/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] deny from 69.49.149.17 RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^ArtGraphics\.html$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^ArtGraphics\.asp$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Gear\.asp$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Gear\.html$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^NewsletterSign\-Up\.html$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^NewsletterSign\-Up\.asp$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^KidzStuff\.html$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^KidzStuff\.asp$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^Vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]

    Read the article

  • http://localhost does not work, http://127.0.0.1 works

    - by dskanth
    Iam running Zend with Apache and got to see a strange behaviour.... If i type http://127.0.0.1 in my browser url, it works fine, but after typing: http://localhost, i will get a file download window, saying file type as: application/x-httpd-php And in my httpd.conf file, i have the following under VirtualHost *:80 definition: ServerName localhost DocumentRoot E:\zend\Apache2\htdocs\my_project\public Directory E:\zend\Apache2\htdocs\my_project\public Perhaps some configuration problem... can anyone guide me..

    Read the article

  • HTTP: can GET and POST requests from a same machine come from different IPs?

    - by NoozNooz42
    I'm pretty sure I remember reading --but cannot find back the links anymore-- about this: on some ISP (including at least one big ISP in the U.S.) it is possible to have a user's GET and POST request appearing to come from different IPs. (note that this is totally programming related, and I'll give an example below) I'm not talking about having your IP adress dynamically change between two requests. I'm talking about this: IP 1: 123.45.67.89 IP 2: 101.22.33.44 The same user makes a GET, then a POST, then a GET again, then a POST again and the servers see this: - GET from IP 1 - POST from IP 2 - GET from IP 1 - POST from IP 2 So altough it's the same user, the webserver sees different IPs for the GET and the POSTs. Surely seen that HTTP is a stateless protocol this is perfectly legit right? I'd like to find back the explanation as to how/why certain ISP have their networks configured such that this may happen. I'm asking because someone asked me to implement the following IP filter and I'm pretty sure it is fundamentally broken code (breaking havoc for at least one major american ISP users). Here's a Java servlet filter that is supposed to protect against some attacks. The reasoning is that: "For any session filter checks that IP address in the request is the same that was used when session was created. So in this case session ID could not be stolen for forming fake sessions." http://www.servletsuite.com/servlets/protectsessionsflt.htm However I'm pretty sure this is inherently broken because there are ISPs where you may see GET and POST coming from different IPs. Any info on this subject is very welcome.

    Read the article

  • How do you send a HEAD HTTP request in Python?

    - by fuentesjr
    So what I'm trying to do here is get the headers of a given URL so I can determine the mime-type. I want to be able to see if http://somedomain/foo/ will return an html document or a jpg image for example. Thus, I need to figure out how to send a HEAD request so that I can read the mime-type without having to download the content. Does anyone know of an easy way of doing this?

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >