My Apache registered a data URI in access log.
/data:image/png%3bbase64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAMAAACeL25MAAAABlBMVEUzlME6qNuT3ZmEAAAAE0lEQVQI12NgZGRkYABiMAQzGQEAjAANk73rMwAAAABJRU5ErkJggg==
Apparently some browser did not understand the data URI and performed a request.
How to solve it?
Use some feature detector on client side (for example, Modernizr). And then check whether this feature is supported on document load. If it is not - replace all such urls with, for example, a path to a blank image.
In addition you could just block data uris in you firewall or on your front-end server.
Related
I'm extremely new to Lua as well as nginx.we're trying to set up authentication.
I'm trying to write a script that could be injected in my NGINX which would actually listen to a an endpoint.
My api would give give me a token. I would receive this token and check if it exists in my YAML file or probably JSON file .
based on the privilege mentioned in the file, I would like to redirect it the respective url with necessary permissions.
Any help would be highly appreciated.
First of all, nginx on its own has no Lua integration whatsoever; so if you just have an nginx server, you can't script it in Lua at all.
What you probably mean is openresty, aka. the lua-nginx-module, which lets you run Lua code in nginx to handle requests programatically.
Assuming that you have a working nginx + lua-nginx-module installed and running, what you're looking for is the rewrite_by_lua directive, which lets you redirect the client to a different address based on their request.
(Realistically, you'd likely want to use rewrite_by_lua_block or rewrite_by_lua_file instead)
Within the Lua block, you can make API calls, execute some logic, etc. and then redirect to some URI internally with ngx.exec or send an actual redirect to the client with ngx.redirect.
If you want to read in a JSON or YAML file, you should do so in the init_by_lua so the file gets loaded only once and then stays in memory. The lua-cjson module comes with nginx, so you can just use that to parse your json data into a Lua table.
I have an already registered app in the site https://apps.dev.microsoft.com. I want to add another redirect URL but when I tried saving I get this error:
There's a temporary problem
There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.
I have also tried using a different browser and clearing my cache but I still get the error.
I also tried registering a new app and I still get the same error. I have been getting the error for several days now and I was wondering if anybody knows a solution.
Thanks!
There are several restrictions on the format of the redirect URI that is allowed
Currently, apps that are registered in the Application Registration Portal are restricted to a limited set of redirect URI values. The redirect URI for web apps and services must begin with the scheme https, and all redirect URI values must share a single DNS domain. For example, you cannot register a web app that has one of these redirect URIs:
https://login-east.contoso.com
https://login-west.contoso.com
The scenarios that are accepted are when the DNS name matches exactly. Examples:
https://login.contoso.com
https://login.contoso.com/new
https://new.login.contoso.com
See all the v2.0 limitations
Background
I have a Single STS server to manage my authentication but I have several websites all of these use the same source files, and web config file.
Each website uses the variation in the URL (PDMNA, CPDEU, FIND) to establish what database it needs to connect to. So it is essential that the reply URL is correct.
This is where the issue starts, I can handle the AudienceUrls as shown below but the realm and reply I can only have one. Which means I always get sent back to PDMNA regardless of the original URL.
So the questions are as follows.
Can I have multiple realm and reply URLS?
Can I have a separate web.config file for each URL but maintain the single set of webfiles?
Is there another options?
An application normally has a single realm;
you can dynamically change the reply adders by subscribing to the appropriate event of the subobjects of the static FederatedAuthentication class.
Finally, you can use web config transforms to specify a configuration per deployed application instance.
I have the following requirements for a (Rails) web application that uses S3/Cloudfront for image storage:
A user may only see an image if they are logged in. If the user sends an image URL to a friend, it will not work.
If a user has seen an image, it should be cached by their browser, so they don't have to download it again.
…
Requirement 1 can solved with S3's Query String Authentication (QSA)
(e.g. with 30 second expiry).
Requirement 2 can be solved using HTTP
caching.
Is it possible to use them both together?
The challenge I'm facing is that QSA effectively changes the URL of the image after expiry, even though a perfectly good copy may reside in the browser cache.
We have Apache on top of JBoss serving either web or mobile app.
We are currently using Apache mod-rewrite to decide where to forward the user to web or mobile (and mod-jk to mount to JBoss), based on regular expressions matching of user-agent, but that is imprecise and error prone.
We want to use a servlet or jsp on JBoss as part of deciding whether to serve the web or mobile app (the servlet checks the user-agent in WURFL to see if this is a mobile device or a web browser).
How can I make a rewrite-condition dependent on the result of a servlet/jsp ?
(I already thought about redirecting the jsp back to two possible URLs and continue the rewrite-rule logic from there, but this gets complicated with passing URL parameters back and forth)
One conceptually simple way is to use a program-type rewritemap to call your EE-based service to check a U-A, assuming the program couldn't just perform the check itself (if you've only got some canned java interface into that DB)