My website uses SSI (server-side includes) to check a condition (using #if expr) and return different HTML code based on whether the condition is true or false. This used to work fine for years until recently, my website started showing the error [an error occurred while processing this directive]. I found out that the expr syntax changed in newer versions of Apache httpd, so I assume that my hosting provider upgraded the Apache httpd recently and that caused the old syntax to break. The Apache httpd is now at version 2.4.29.
I managed to fix the problem temporarily by adding SSILegacyExprParser on to my .htaccess file to go back to the old syntax (thanks to this question). But I would like to find a permanent solution using the new syntax.
Here is the old syntax SSI code that works with SSILegacyExprParser on:
<!--#if expr="${thisDoc} = /impressum\.shtml/" -->
<li id="current">
<!--#else -->
<li>
<!--#endif -->
(The variable thisDoc has been set earlier.)
Here is the SSI code using the new ap_expr syntax that doesn't work. It shows [an error occurred while processing this directive] again. I was following the documentation at http://httpd.apache.org/docs/current/expr.html when writing this code:
<!--#if expr="%{thisDoc} =~ /impressum\.shtml/" -->
<li id="current">
<!--#else -->
<li>
<!--#endif -->
I've tried modifying the syntax in various ways, for example to avoid using regex matching and use exact string comparison instead, but that didn't work either. I couldn't get a single expression to work in the new syntax.
Why is the new syntax not working?
Related
I use this code to show image
<button type="submit" class="buttonstyle"><img src="/images/Logout.png" alt="Logout"></button>
Working fine on development machine .
But when I deployed to the server (Windows Server 2019) the folder is on partition C
I got this error
Failed to load resource: the server responded with a status of 404
(Not Found)
I try with this
src="../wwwroot/images/Logout.png"
And I try to use a full path
<button type="submit" class="buttonstyle"><img src="#logoutImage" alt="Logout"></button>
#code{
string? logoutImage = $#"{Directory.GetCurrentDirectory()}{#"\wwwroot\images\Logout.png"}";
}
I got this error
Not allowed to load local resource: file:///C:/SmartHR/wwwroot/images/Logout.png
Update
Any Help .
After reading this article
Host and deploy ASP.NET Core Blazor
I found this
Do not prefix links throughout the app with a forward slash. Either avoid the use of a path segment separator or use dot-slash (./) relative path notation:
❌ Incorrect: <a href="/account">
✔️ Correct: <a href="account">
✔️ Correct: <a href="./account">
After removing the forward slash from <img src="images/Logout.png">
Everything works fine.
Had some pen testers test an ASP.NET MVC4 site, and they found I was showing a "raw" error with the URL: /%20/ e.g. https://example.com/%20/
Server Error in '/' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: The configSource file 'Web_ConnectionStrings.config' is also used in a parent, this is not allowed.
Source Error:
Line 17: <!-- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -->
Line 18: <!-- these settings can be found in external files - this prevents application restart when they are changed -->
Line 19: <connectionStrings configSource="Web_ConnectionStrings.config" />
Line 20: <appSettings configSource="Web_AppSettings.config" />
Line 21: <!-- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -->
Although it should be, this isn't a normal 404 error, I already catch those and display a custom page. I also catch 500's and display them nicely too. This error happens earlier than the Application_Error() in global.asax.cs so it's not caught there.
This seems to be caused by the slash-space-slash confusing IIS or the application, and it's trying to load the web.config's include files more than once or something.
If I include those sections the normal way (not external files - just normal XML sections in the web.config) then everything works as expected and the custom 404 page shows.
If you removed the %20 and just do two slashes, everything works fine. It seems like it has to be this specific URL.
I've seen other posts about IIS configuration with Default Site or virtual paths pointing to the same file location. But I don't think that applies, as I have the Default Site stopped, and I don't see any problems on any other URLs - the site seems to be working fine.
Does anyone know what IIS is trying to do with a /%20/ URL? Or how to handle this more gracefully?
I like having these config sections split out so changes don't recycle the app pool, but if this is a problem with doing this (why are external files allowed then?) then I guess I'll bring all the settings into the web.config itself.
After having finished and tested an Angular2 application on my local machine, I decided to move it to an AWS cloud server with Apache.
I cloned the sw from git but, as soon as I launched the app, I got an error on the browser console stating:
EXCEPTION: Template parse errors:
Only void and foreign elements can be self closed "head" ("[ERROR ->]<head/>
After some research I found that all of my external html templates are magically enriched with a starting <head/> tag which I do not see trace of in my code.
To fix this I had to turn off mod-pagespeed .Since I am not familiar with Apache configuration I do not know which side effects this may have and whether there is any better solution. Any help would be very much appreciated.
I believe mod-pagespeed has an option where it automatically adds a head tag to an html document if it cannot find it in the document (before the body). To turn off this feature add this to your pagespeed apache configuration (ie. in the .htaccess):
To prevent javascript alterations also forbid a couple more filters
ModPagespeedForbidFilters add_head,rewrite_javascript,rewrite_javascript_inline,combine_javascript,inline_javascript
This way you can still enjoy the rest of the mod-pagespeed features :)
Has anyone got some experience with MapServer as a CGI running on IIS7 (WinServer2008)?
I get the CGI running fine with a MSSQL2008 plugin. This however doesn't allow me to use a BBOX filter. I install QGIS in order to get the OGR tools and can no long access my PROJ_LIB thereafter.
I get thereafter the following error response from any WFS requests to the MapServer CGI module:
This page contains the following errors:
error on line 1 at column 1: Document is empty
Below is a rendering of the page up to the first error.
Removing my PROJ_LIB CONFIG reference causes following error excpetion:
msProcessProjection(): Projection library error. Permission denied
I got around this problem for now by using the default Apache setup for MS4W. However this requires me to a use a proxy in order to use the WFS in an IIS hosted OpenLayers site.
I hope someone else has a few ideas in this regard.
Cheers,
Dennis
Can anyone please tell me why the following URL returns a 406 error:
http://kolek.to/functions/remote-upload.php?url=http%3A%2F%2Fben-major.co.uk%2Fhosting%2Fbm-equipment%2Faxe-2.jpg&item_id=2
Removing the ?url= parameter seems to make everything fine:
http://kolek.to/functions/remote-upload.php?item_id=2
For your reference, the content of remote-upload.php is as follows:
<?php
require_once('../models/api.php');
$request_url = urldecode($_REQUEST['url']);
$item_id = $_REQUEST['item_id'];
echo $item_id;
?>
I think that this is due to the security filter from your server (I see in the response header that is Apache).
In your case is Apache mod_security that is turned on by default. While you can use the following to diagnose the problem (turning the filter off should resolve the issue) by running this command on the server:
SecFilterEngine off
BUT do this only for checking if the problem is the security filter, I discourage to leave the filter off (danger of injection and spam attacks).
If you see that is the filter that is the cause of the problem, try to put your request in the whitelist:
HERE you can find the guide and HERE is the main website.