Search Results

Search found 29495 results on 1180 pages for 'cross site scripting'.

Page 833/1180 | < Previous Page | 829 830 831 832 833 834 835 836 837 838 839 840 | Next Page >

nginx rewrite rule for using domain host to redirect to specific internal directory

- by user85836

I'm new to Nginx rewrites and looking for help in getting a working and minimal rewrite code. We would like to use urls like 'somecity.domain.com' on campaign materials and have the result go to city-specific content within the 'www' site. So, here are use cases, if the customer enters: www.domain.com (stays) www.domain.com domain.com (goes to) www.domain.com www.domain.com/someuri (stays the same) somecity.domain.com (no uri, goes to) www.domain.com/somecity/prelaunch somecity.domain.com/landing (goes to) www.domain.com/somecity/prelaunch somecity.domain.com/anyotheruri (goes to) www.domain.com/anyotheruri Here's what I've come up with so far, and it partially works. What I can't understand is how to check if there is no path/uri after the host, and I'm guessing there is probably a way better way to do this. if ($host ~* ^(.*?)\.domain\.com) { set $city $1;} if ($city ~* www) { break; } if ($city !~* www) { rewrite ^/landing http://www.domain.com/$city/prelaunch/$args permanent; rewrite (.*) http://www.domain.com$uri$args permanent; }

Read the article
Outlook Anywhere remote https connection issue

- by holian

We have SBS 2003, and we use DYNDNS. We forward dyndns address 443 to local server ip 443 port. mycompany.dyndns.org:443 -- server.mycompany.local:443 In android phone i can check my mails with Outlook Active Snyc. From remote machine i can check my mails in owa (https://mycompany.dyndns.org/exchange) But i can't set up outlook 2013 to remote connect. I installed server.mycompany.local to remote machine trusted cert container, but i got error message: "There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site. Outlook is unable to connect to the proxy server. (Error Code 10)" Is it possible to connect exchange, via dnydns? Whats the problem? Thank you

Read the article
How to exclude a sub-folder from HTaccess RewriteRule

- by amb9800

I have WordPress installed in my root directory, for which a RewriteRule is in place. I need to password-protect a subfolder ("blue"), so I set the htaccess in that folder as such. Problem is that the root htaccess RewriteRule is applying to "blue" and thus I get a 404 in the main WordPress site (instead of opening the password dialog for the subfolder). Here's the root htaccess: RewriteEngine on <Files 403.shtml> order allow,deny allow from all </Files> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> I tried inserting this as the second line, to no avail: RewriteRule ^(blue)($|/) - [L] Also tried inserting this before the index.php RewriteRule: RewriteCond %{REQUEST_URI} !^/blue/ That didn't work either. Also inserted this into the subfolder's htaccess, which didn't work either: <IfModule mod_rewrite.c> RewriteEngine off </IfModule> Any ideas?

Read the article
Mobile Web Framework that will only control rendering and page transitions

- by rlemon

I have been using jQueryMobile for a bit now, and there are some things I like about it and others I do not. First I will give a bit of background. I have a light weight mobile application that has a few configurations and 6 pages. Ideally I Would like to load all pages into the DOM (they interact with each other quite often and pages will be switched in the same frequency). The application will post for some JSON every n seconds and refresh the values on the page (yes it is primarily a information display app). with the jQuery Mobile framework the only real thing I like is how easy it is to have a standardized UI a crossed all devices and browsers, I'm really not using too much else out of the framework other than the basic page navigation (if you are familiar with the framework; a bare-bone multi-page design is all i need). Why I want to step away from jQueryMobile is how weighty it is. Not only do you need to include the mobile library, but also the base jQuery libraries. This I do not like because I'm not using jQuery anywhere else on the site. Any suggestions on light-weight mobile frameworks that have a similar rendering as jQueryMobile?

Read the article
Is realtime validation of username good or bad?

- by iamserious

I have a simple form for the user to sign up to my site; with email, username and password fields. We are now trying to implement an ajax validation so the user doesn't have to post the form to find out if the username is already taken. I can do this either on keyup event or on text blur event. My question is, which of these is really the best way to do? Keyup From the user POV, it would be good if the validation is done as and when they are typing, (on key up event) - of course, I am waiting for half a second to see if the user stops typing before firing off the request, and user can make any adjustments immediately. But this means I am sending way more requests than if I validated the username on Blur event. Blur The number of requests will be much lower when the validation is done on blur event, But this means the user has to actually go away from the textbox, look at the validation result, and if necessary go back to it to make any changes and repeat the whole process until he gets it right. I had a quick look at google, tumblr, twitter and no one actually does username validations on keyup events, (heck, tubmlr waits for the form to be posted) but I can swear I have seen keyup validations in a lot of places too. So, coming back to the question, will keyup validations be too many for server, is it an unnecessary overhead? or is it worth taking these hits to give user a better experience? ps: all my regex validations etc are already done on javascript and only when it passes all these other criteria does it send a request to server to check if a username already exists. (And the server is doing a select count(1) from user where username = '' - nothing substantial, but still enough to occupy some resource) pps: I'm on asp.net, MS SQL stack., if that matters.

Read the article
ASP.NET MVC 3 (C#) Software Architecture

- by ryanzec

I am starting on a relatively large and ambitious ASP.NET MVC 3 project and just thinking about the best way to organize my code. The project is basically going to be a general management system that will be capable of supporting any type management system whether it be a blogging system, cms, reservation system, wikis, forums, project management system, etc…, each of them being just a separate 'module'. You can read more about it on my blog posted here : http://www.ryanzec.com/index.php/blog/details/8 (forgive me, the style of the site kinda sucks). For those who don't want to read the long blog post the basic idea is that the core system itself is nothing more than a users system with an admin interface to manage the users system. Then you just add on module as you need them and the module I will be creating is a simple blog post to test it out before I move on to the big module which is a project management system. Now I am just trying to think of the best way to structure this so that it is easy for users to add in there own modules but easy for me to update to core system without worrying about the user modifying the core code. I think the ideal way would be to have a number of core projects that user is specifically told not to modify otherwise the system may become unstable and future updates would not work. When the user wants to add in there own modules, they would just add in a new project (or multiple projects). The thing is I am not sure that it is even possible to use multiple projects all with their own controllers, razor view template, css, javascript, etc... in one web application. Ideally each module would have some of it own razor view templates, css, javascript, image files and also need access to some of the core razor view templates, css, javascript, image files which would is in a separate project. It is possible to have 1 web application run off of controllers, razor view templates, css, javascript, image files that are store in multiple projects? Is there a better was to structure this to allow the user to easily add in module with having to modify the core code?

Read the article
Sharepoint 2007 Event ID 6482

- by Dave M

Our two server SharePoint 2007 SP2 farm has an issue. Event ID 6482 appears in the Application log of the Web front end many times a day. Often many time a minute. The full error is from Office SharePoint Server Event Type: Error Event Source: Office SharePoint Server Event Category: Office Server Shared Services Event ID: 6482 Date: 11/12/2009 Time: 3:05:22 PM User: N/A Computer: XXXXXX Description: Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (36a9b7ef-59aa-4f94-8887-8bf7b56f2f91). Reason: Error during encryption or decryption. System error code 0. Techinal Support Details: System.ArgumentException: Error during encryption or decryption. System error code 0. at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications) at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize() at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The SharePoint site appears to be functioning normally and Search returns expected results. Any suggestions would be appreciated

Read the article
How do I know if I'm getting the most out of my video card?

- by b.long

My computer at home is a bit lacking, so I want to make sure I'm getting the most out of it while I can. Generally speaking, here are the specs: 4GB Memory AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ × 2 64-bit Ubuntu The terminal shows me the following: me@home:~$ uname -a Linux home 3.0.0-17-generic #30-Ubuntu SMP Thu Mar 8 20:45:39 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux me@home:~$ lspci | grep VGA 01:00.0 VGA compatible controller: ATI Technologies Inc RV380 [Radeon X600 (PCIE)] me@home:~$ sudo lshw -C video *-display:0 description: VGA compatible controller product: RV380 [Radeon X600 (PCIE)] vendor: ATI Technologies Inc physical id: 0 bus info: pci@0000:01:00.0 version: 00 width: 32 bits clock: 33MHz capabilities: pm pciexpress msi vga_controller bus_master cap_list rom configuration: driver=radeon latency=0 resources: irq:44 memory:e0000000-efffffff ioport:ac00(size=256) memory:fdef0000-fdefffff memory:fdec0000-fdedffff *-display:1 UNCLAIMED description: Display controller product: RV380 [Radeon X600] vendor: ATI Technologies Inc physical id: 0.1 bus info: pci@0000:01:00.1 version: 00 width: 32 bits clock: 33MHz capabilities: pm pciexpress bus_master cap_list configuration: latency=0 resources: memory:fdee0000-fdeeffff me@home:~$ lspci -nn | grep VGA 01:00.0 VGA compatible controller [0300]: ATI Technologies Inc RV380 [Radeon X600 (PCIE)] [1002:5b62] The additional drivers menu in System Settings shows me nothing useful and my attempt at installing ATI's Catalyst Control center (drivers that came with the video card) failed. I believe the latest version of Ubuntu at the time was 9.x. What should I do? Install an old version of Ubuntu 9? Use some alternative driver? UPDATE: I might try my hand at a bit from this answer next: "Installing Catalyst Manually (from AMD/ATI's site)" . From a terminal, fgl_glxgears returns *"fgl_glxgears: command not found"*. Any thoughts?

Read the article
Forms Authentication across Sub-Domains on local IIS

- by Parminder

I asked this question at SO http://stackoverflow.com/questions/8278015/forms-nauthentication-across-sub-domains-on-local-iis Now asking it here. I know a cookie can be shared across multiple subdomains using the setting <forms name=".ASPXAUTH" loginUrl="Login/" protection="Validation" timeout="120" path="/" domain=".mydomain.com"/> in Web.config. But how to replicate same thing on local machine. I am using windows 7 and IIS 7 on my laptop. So I have sites localhost.users/ for my actual site users.mysite.com localhost.host/ for host.mysite.com and similar.

Read the article
How to have Windows 7 remember a password for a Domain

- by Kelly Jones

About eighteen months ago, I wrote a post covering how to clear saved passwords in Windows XP. This week at work I was reminded how useful it is to not only deleted saved passwords, but to also setup wildcard credentials using this same interface. The scenario that I run into as consultant working at a client site, is that my laptop is not a member of the Windows Domain that my client uses to secure their network. So, when I need to access file shares, shared printers, or even the clients internal websites, I’m prompted for a name and password. By creating a wildcard entry on my laptop (for the user account that the client issued to me), I avoid this prompt and can seamlessly access these resources. (This also works when you’ve configured Outlook to access Exchange via RPC over HTTP.) How to create a credential wild card entry in Windows 7: Go to your Start Menu --> Type "user" into the Search box Click on the “Manage your credentials” in the column on the left Click on the “Add a Windows credential” link Enter the Domain (in my case my client’s domain), something like this: *.contoso.com Enter the username and password That’s it. You should now be able to access resources in that Domain without being prompted for your name and password. Please note: if you are required to change your password periodically for that domain, you’ll need to update your saved password as well.

Read the article
iPlanet Authentication provider

- by Travis

Good day. I have stepped into project that requires a server migration that would change the means of authentication for our CAC/PKI SSL enabled website. We are using iPlanet 7 and Oracle Directory Server Enterprise 7 as our LDAP server. The situation is that the site is still CAC/PKI enabled, but at the firewall. The information we want to authenticate against is now in the http header. How do I configure iPlanet and LDAP to authenticate against the header instead of SSL? Thanks. Edit, Can this be done with IIS keeping the Directory Server EE LDAP in tact or is the ACL iPlanet only?

Read the article
Nginx rewrite rules, some work, some don't

- by Lawrence Goldstien

Here are the two rewrite rules: This one works rewrite ^/knowledgebase/([0-9]+)/[a-z0-9_-]+.html$ /./knowledgebase.php?action=displayarticle&id=$1 last; This one doesn't rewrite ^/announcements/([0-9]+)/[a-z0-9_-]+.html$ /./announcements.php?id=$1 last; There is no difference between the two as far as I can see. The url to be rewritten for announcements is: /announcements/2/New-Site-Design.html And should be rewritten to: /announcements.php?id=2 I really can't see how the announcements one doesn't work compared to the knowledgebase one. Any tips would be greatly appreciated.

Read the article
Firefox 3.6 performance increase tricks.......

- by metal gear solid

I use many Add-ons which helps me in Web development so i can't uninstall those addons. and usually I keep open lots of tabs in Firefox. And almost always keep Firefox on on my system. I use default profile only I always keep every addons and firefox itself updated. I found some addons to reduce memory use on Firefox addons site , but user reviews were not good for them still Is there any tested tricks to increase performance and reduce memory use of Firefox 3.6, which really works?

Read the article
With Google Analytics, is it possible to check a specific page in Multi-Channel conversion attribution?

- by Emmett R.

I'm somewhat new to Google Analytics, and I'm trying to track all conversions that are assisted by a particular landing page, because I don't expect an instant purchase. I have e-commerce tracking set up. Due to the constraints of the associated ad campaign, I can't include the source/medium code in the url when people go to the landing page, and all of my traffic to the landing page is likely to be direct, so I'm not sure how to tell Multi-Channel marketing that it's a significant page. I know how to add events to a page, but I'm still figuring out what they can and cannot do. Would creating a redirect from the landing url to an identical url+source/medium code work? Any advice on how to accomplish this would be greatly appreciated. Tracking the final sale conversion is not the issue. Ecommerce reporting is functioning just fine on the site. I just want to report the landing page as an assist, whenever it shows up in the funnel, and I need to be able to do that across multiple visits.

Read the article
What is the effect on LVM snapshot size when a file block is rewritten with it's original contents?

- by NevilleDNZ

I'm exploring using LVM snapshot's to off site incremental archives from a snapshot "master" file system. In essence: simply copy across only the files on the "master" that have changed since the last incremental copy to the "archive". Then snapshot the "archive" to retain the incremental. I am a bit puzzled as to the block usage behaviour of the archive's own incremental snapshot. I'm expecting that LVM is not smart enough to know that the "file block" is actually unchanged, and the a new copy will be allocated and written for the fresh "archive" file system. Can anyone confirm this, or point me to a document/page that gives some hints? BTW: the OS hard disk cache, hard disk physical cache and hard disk itself also doesn't need to do any actual "disk writes" as the "disk block" likewise is unnecessary. Any pointers to discussion of this style of optimisation would also be ineresting.

Read the article
How can I create an AMI from an existing EC2 instance?

- by Arkaaito

(I suspect that this may already be answered somewhere, since it seems like it would be a common operation. But I can't find it, so...) I am a relative AWS newbie. I have inherited a running Amazon EC2 instance, with various items (Apache, MySQL, Sphinx, ...) installed on it and a bunch of configuration. I'd like to turn it into an AMI that I can spin up other instances from. I can't find any information on creating a custom AMI on Amazon's site - only the fact that you can, repeatedly referenced, as if to taunt me... I believe this is not an EBS-backed instance, just an "ordinary" one. I do not know what AMI it was originally created from. How would I create an AMI that I could use for spinning up other instances which will be identical except for the hostname?

Read the article
XP Install Driver Notification for AirCard

- by Brian

Hello, A co-worker of mine is using an air-card; it prompted him to install software in the notification tray; he clicked on the wrong thing and the icon went away without him installing that software. How can I get that icon back? He can't install the software then... I know that you can download the software from the site, but we did that and were having issues from that too, was hoping to be able to install the sofware on the air card... Restarting and trying again doesn't pop up the notification too. Thanks.

Read the article
Access to self created torrent on public tracker

- by Nick

Not sure if this is the right site to ask this, but here it goes: Let's say I'd like to share a couple of private files with a few friends. The size of these are quite large, so I've figured the best route to distribute these is via torrent. So, on my home PC I create a torrent and start seeding and announce to a public tracker like openbittorrent and publicbt. Now, both of those are public trackers, but they don't seem to have anyway of searching through what is actually being tracked. If I'm only passing around the torrent file to a few friends, whats the chances that someone else will 'randomly' come across the torrent via the public tracker and start leeching?

Read the article
What causes an MSI package to launch following application install

- by Damo

We have an application we have developed, it gets deployed via an MSI I built. The MSI has been used in many locations, on many different builds. On one customers site, on occasion we are seeing some odd occurrences of data from the registry going missing. The 'data' from some select registry keys disappears and we have little idea why. One interesting point is that the MSI installer for our application has been seen in passive mode during OS load / load of our application on stat-up. The MSI loads a progress bar then disappears, following this our application loads up. It has been noted that following this the data disappears from our registry. However I can't say these two events are absolutely linked, it could have been missing before this event. What causes the MSI for an application to launch way after initial installation. How can it be prevented (correctly)

Read the article
High quality/performance shared hosting (in northern Europe)

- by Bente

I work as a web developer on almost all levels. However, my typical customer is a 1-5 guys running some sort of consulting business. They have (or want) a web page with some kind of CMS so the can perform most (or all) editing themselves. I normally opt for Concrete5 as my default CMS because it's the most user friendly (and free) CMS I have found. My good recurring customers I host on my own server as a service, but I need a good host for the customers where I want to deliver a product and not be responsible for whatever may happen in the future. However, I still struggle with hosting! Experience shows that the typical ~1$ shared hosting is waaay to slow to run concrete5 smoothly, and a VPS is out of the question because I don't want to maintain it. So, where can I find as fast (from northern Europe), reliable, shared host where I can put a site and don't have to worry about the server going down or being unmaintained. I expect this should cost around $10-$20 but I'm open to all kinds of suggestions because different customers have different budgets.

Read the article
Self-serv advertising service

- by Mystere Man

I am seeking a self-serv advertising service for my websites, but I have a few restrictions that seem to make what i'm looking for hard to find. Specifically, I want to place "advertise here" links on my pages and allow end-users to purchase advertising on that site, page, and location. These ads will not be part of a national network. Supports multi-tenancy - That is, I have a number of domains using the same "web application" but with customized content per domain. When a customer wants to advertise on a given domain, then the ads will only appear on that domain and on that page of the domain (even though the page name may be the same across multiple domains). Supports fixed ad prices, not just CPC. I need monthly and quarterly pricing regardless of performance. Integrates with OpenX and other ad networks, so that if there is no self-serv on a given zone, it will use national advertising or direct advertising. Shiny Ads has much of this, but i'm looking for alternatives, as their prices are a bit crazy (20%) and can only do PayPal.

Read the article
Retrieve malicious IP addresses from Apache logs and block them with iptables

- by Gabriel Talavera

Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

Read the article
Unable to set NTFS permissions for ApplicationPoolIdentity on Windows 2008 SP2

- by Kev

On Windows 2008 R2 I am able to set NTFS permissions for an application pool's synthesised ApplicationPoolIdentity account thus: ICACLS d:\websites\site1\www /grant "IIS AppPool\site1":(CI)(OI)(M) The website's application pool is named site1 and is configured to run as ApplicationPoolIdentity. The site's authentication is also configured to authenticate as ApplicationPoolIdentity. I've done this a thousand times on Windows 2008 Standard Edition R2 with never a hitch. However if I try to do the same in Windows 2008 Standard Edition SP2 I get the error: IIS AppPool\site1: No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files I also notice that this fails if I try to set permissions for the application pool identity via the security GUI as well. I've seen this before and a reboot has cleared this issue but I'd like to know why this happens periodically. Googling around suggests other folks have hit this problem but there's never a satisfactory explanation. Why would this be?

Read the article
Why do some web servers not respond to icmp requests?

- by John Himmelman

What is the purpose of blocking/dropping inbound ICMP traffic on a public web server? Is it common for it be blocked? I had to test if a server was accessible from various locations (tested on various servers located in different states/countries). I'd rely on ping as a quick & reliable method of determining if a server was online/network-accessible. After not receiving a response on a couple boxes, I tried using lynx to load the site, and it worked.

Read the article
How to configure auto-logon in Active Directory

- by Jonas Stensved

I need to improve our account management (using Active Directory) for a customer support site with 50+ computers. The default "AD"-way is to give each user their own account. This adds up with a lot of administration with adding/disabling/enabling user accounts. To avoid this supervisors have started to use shared "general" accounts like domain\callcenter2 etc and I don't like the idea of everyone knowing and sharing accounts and passwords. Our ideal solution would be to create a group with computers which requires no login by the user. I.e. the users just have to start the computer. Should I configure auto-logon with a single user account like domain\agentAccount? Is there anything else to consider if I use the same account for all users? How do I configure the actual auto-logon with a GPO on the group? Is there a "Microsoft way" without 3rd party plugins? Or is there a better solution?

Read the article

< Previous Page | 829 830 831 832 833 834 835 836 837 838 839 840 | Next Page >