Classic ASP and SSL in a folder - ssl

We have a folder in a classic asp site that has ssl set up for that folder. It works but when you load the first page within the folder and then follow a hyperlink to another page in the folder you get kicked back to the page outside the folder which led into the https stuff.
Repeat the process (follow link on non https page > go to https folder > follow link to other page in https folder) and it all works fine, for a random number of hops between pages in the https folder, then bang, kicked out again.
I have noticed that the session ID changes all the time when hopping between pages in the https folder. Someone said it was due to IE compatabilty mode swapping but I have forced the thing with a header and using IE dev tools (miss you Firebug) I see the mode stays constant. any ideas please?

We had a similar issue with another project last year. #padas is correct. Sessions on http and https are different and the server will have a problem with it. The option we went for was to https the whole site. It makes sense anyway and helps the user gain confidence in what they are browsing.

It sounds like your traversing between http and https and that will change the session id. If your pages are using session id's to track people you will have issues. You are better off dropping a cookie or forcing https.

Related

IE silently switches from https to http

IE 11 suddenly started having problems with my website's SSL certificate. At least I assume that's what it is, because it just silently switches from https to http without giving any error messages. Other browsers don't have any problems with the certificate, and the certificate didn't change, so I assume this is some IE update that broke it. I've tried adding the site to the trusted sites list, clearing SSL cache, nothing helps. Windows logs don't show any errors. There might be some insecure content on the page but this comes from ads and I can't change it; anyway, the worst this can do should be not showing insecure content? What else could this be? You can see the example at https://www.windows2universe.org/php/registration/reg_login_und.php
I'm guessing it could be a permanent redirection issue. try to open your website using Private Mode and see what happens.
UPDATE
Actually I checked your website, when I try to open it with HTTPS it returns a 301 (Permanent Redirection) to the HTTP version. check ur server configurations.

Reaching website through IIS from an other computer

I think I'm almost done with this problem but there is something off. Perhaps you guys can help me out.
I've created a website which I can reach through C:\inetpub\wwwroot\KLABrowser\publish.htm.
I've created a website through IIS called KLABrowser. The http binding is listed on port 1111, with * as IP adress.
When going to http://xxx.xx.xx.xx:1111/KLABrowser/publish.htm, I get a Cannot find page error. When I go to http://xxx.xx.xx.xx/KLABrowser/publish.htm, I get a blank page but no error. When I hit the first link (the psychical path), I get to see the website.
What am I missing? What should I configure so that I can reach the website through my IP on an other computer in the local network?
This answer provided the solution.
You must specifically choose "Static Content" under Common HTTP Features in the same Add/Remove Windows Features list to show the page.

Apache attack on compromised server, iframe injected by string replace

My server has been compromised recently. This morning, I have discovered that the intruder is injecting an iframe into each of my HTML pages. After testing, I have found out that the way he does that is by getting Apache (?) to replace every instance of
<body>
by
<iframe link to malware></iframe></body>
For example if I browse a file residing on the server consisting of:
</body>
</body>
Then my browser sees a file consisting of:
<iframe link to malware></iframe></body>
<iframe link to malware></iframe></body>
I have immediately stopped Apache to protect my visitors, but so far I have not been able to find what the intruder has changed on the server to perform the attack. I presume he has modified an Apache config file, but I have no idea which one. In particular, I have looked for recently modified files by time-stamp, but did not find anything noteworthy.
Thanks for any help.
Tuan.
PS: I am in the process of rebuilding a new server from scratch, but in the while, I would like to keep the old one running, since this is a business site.
I don't know the details of your compromised server. While this is a fairly standard drive-by attack against Apache that you can, ideally, resolve by rolling back to a previous version of your web content and server configuration (if you have a colo, contact the technical team responsible for your backups), let's presume you're entirely on your own and need to fix the problem yourself.
Pulling from StopBadware.org's documentation on the most common drive-by scenarios and resolution cases:
Malicious scripts
Malicious scripts are often used to redirect site visitors to a
different website and/or load badware from another source. These
scripts will often be injected by an attacker into the content of your
web pages, or sometimes into other files on your server, such as
images and PDFs. Sometimes, instead of injecting the entire script
into your web pages, the attacker will only inject a pointer to a .js
or other file that the attacker saves in a directory on your web
server.
Many malicious scripts use obfuscation to make them more difficult for
anti-virus scanners to detect:
Some malicious scripts use names that look like they’re coming from
legitimate sites (note the misspelling of “analytics”):
.htaccess redirects
The Apache web server, which is used by many hosting providers, uses a
hidden server file called .htaccess to configure certain access
settings for directories on the website. Attackers will sometimes
modify an existing .htaccess file on your web server or upload new
.htaccess files to your web server containing instructions to redirect
users to other websites, often ones that lead to badware downloads or
fraudulent product sales.
Hidden iframes
An iframe is a section of a web page that loads content from another
page or site. Attackers will often inject malicious iframes into a web
page or other file on your server. Often, these iframes will be
configured so they don’t show up on the web page when someone visits
the page, but the malicious content they are loading will still load,
hidden from the visitor’s view.
How to look for it
If your site was reported as a badware site by Google, you can use
Google’s Webmaster Tools to get more information about what was
detected. This includes a sampling of pages on which the badware was
detected and, using a Labs feature, possibly even a sample of the bad
code that was found on your site. Certain information can also be
found on the Google Diagnostics page, which can be found by replacing
example.com in the following URL with your own site’s URL:
www.google.com/safebrowsing/diagnostic?site=example.com
There exist several free and paid website scanning services on the
Internet that can help you zero in on specific badware on your site.
There are also tools that you can use on your web server and/or on a
downloaded copy of the files from your website to search for specific
text. StopBadware does not list or recommend such services, but the
volunteers in our online community will be glad to point you to their
favorites.
In short, use the stock-standard tools and scanners provided by Google first. If the threat can't otherwise be identified, you'll need to backpath through the code of your CMS, Apache configuration, SQL setup, and remaining content of your website to determine where you were compromised and what the right remediation steps should be.
Best of luck handling your issue!

Connection partially Encrypted - Part not transmitted over SSL

I'm wondering how I can find out where the culprit is, as to what is NOT being transmitted over SSL on my website. It's blowing my mind, because I use relative URLs or explicitly choose HTTPS:// for all links, images, etc...
Any ideas/tools to find out what the issue is?
Thanks.
If you mean that some resources are transferred over HTTP without encryption, you can check for this in Chrome's Developer tools in the tab Resources - that should tell you which parts come from where - look for those with address starting with http:// .
Alternately, use Fiddler: by default, it won't decrypt HTTPS connections, so you'll be seeing CONNECT requests for HTTPS, and GET/POST for HTTP - those are your culprits.
For those, like myself, who run into this issue i suggest a few tips while designing your website.
Always use relative paths when ever possible "images/someimage.png" instead of using domain paths like http://someDomainName/images/someimage.png so on. Any one of these and it will cause the browser to throw that warning at you.
When linking to external content, Google/other Ads, javascript sources(such as jquery, so on), or any other media... make sure you use a https:// link if they have one available. Myself, i had one tiny image for a link to an external site but they did not offer a https link to the image, so i simply downloaded it and put it in my images folder. Problem solved.
The Chrome resources list is a very helpful tool, not sure if Firefox has something similar in its tool box. Another method, if you have shell/command line access, is to use grep to search the files for "http:". This, most often, will show anything that is linking to non secure content.

My server intermittently won't serve pages to Safari 4... Need help!

I just upgraded my browser to Safari 4 and find that our website is having some major issues specific to that browser version. As I click through pages on our site it takes one or two clicks before the browser window simply goes blank. When the window goes blank, there is no source to view and no matter how many times I try to reload or if I try to load other pages of the site, I still get the blank window. It's as if the server takes the request and simply returns a blank page.
If I wait over 15 seconds and then hit refresh again, the page loads fine. Not sure why it starts working again... Maybe a cache issue???
It's a PHP site and I've tried turning on error_reporting(E_ALL);, but that doesn't give any information. I also tried putting an echo statement at the very beginning of the index.php file and verified that the page still goes blank without echoing that statement, so I'm thinking the problem is not php code specific. The Apache error log does not show any issues. I have the same site on my local development server and it doesn't have the problem.
Safari 4 is the only browser that shows this problem. Does anyone have any ideas how to debug/fix this?
My webserver is ubuntu Hardy running Apache 2 an Mysql 5.
We have an nginx load balancer in front of the apache server and I just figured out that Safari 4 requires the nginx keepalive_timeout setting to be 0. Took all day to figure that one out...
I've been having the same issue with Safari 4 on my site but found that when reloading pages that return blanks, the request never even makes it to the server. No entry shows up in Apache's logs.
The keepalive setting for your LB sounds like a direction I could sniff in. Not sure what leeway I will have though, being on shared hosting.
Mike
This looks to be a safari bug. We experience it too, and I have read other reports.
http://discussions.apple.com/thread.jspa?threadID=2064488&start=0&tstart=0