OS X Lion - Website sharing , display directory files - apache

I need some help to get Mac WebSite sharing to work as i want.
Basically i need to know how i can make it display the files of a directory.
Do i need to make a website to show my directory files or is there any other way ?
And if i do need to make a website to display my directory, what code should i use to do so ?
I am no expert on HTML at all.
Allso, i have been searching around for this and i couldn't find any answers related to my question.

You need to turn indexes on in your Apache config. This could be on by default. Check to see if you have folder named Sites in your home directory. If you do rename the index.html page (if there is one) and then navigate to http://localhost/~yourusernamehere.
The same applies if you are using the default apache directory (the system wide one) which is located in /Library/WebServer/Documents if I remember correctly. In this case you would navigate to http://localhost. I just checked on my system (OS X 10.7) and the indexes were enabled by default.

You will need to use a server-side language such as PHP, Java, ASP.NET if you want to display the 'servers' directory on a web page. I will say because you're a begineer use PHP as it's very easy to learn...
Download MAMP / XAMPP.
Research PHP and follow some tutorials first, and then implement directory searching and output it as HTML.
http://php.net/manual/en/ref.dir.php
Code:
http://css-tricks.com/snippets/php/display-styled-directory-contents/

Related

Railo, XAMPP: Where is the apache.ctl or apache2.ctl?

In a weeks long futile attempt to conjure up a basic. PHP application, I've decided that perhaps I'll try this CFML thing.
I already have XAMPP installed and figured I would only need to install Railo on my system. At one point, the GUI installer asks for /usr/sbin/apache.ctl to be confirmed for its use but no such file exists on my system, hidden or otherwise.
Does XAMPP not need/have that file by default? Can anyone point me in the right direction?
Railo and XAMPP...you can do this but Railo has a nice portable all encompassing download that uses Jetty.
Railo Express: https://github.com/getrailo/railo/wiki/Installation-ExpressJetty
Which is the best way to get up to speed on the CFML or cfscript version of coldfusion.
If you are on windows you can click the start.bat file. This will start the service where you can the navigate to localhost:8888 and you should.see you admin screen.
Railo and Coldfusion are a language and a server (service).
Behind the scenes there is a file structure you can follow and put your files that you are testing with. The link above should give you the basics to get started.
I would first test the wwwroot is picking up your files by making a simple index.html file and navigate to it through your browser.
The add a index.cfm with a simple Coldfusion hello world.
The you can dig in and get a database configured through the admin section and make some pages that do some database calls.
Oh...and welcome to the Coldfusion programming language where you can do a hell of a lot more in less time, make good pay and generally enjoy your projects more.

How to bypass red5 demo page on start up?

At present, I start up red5 in linux command line ./red5.sh and it runs the script. Then I go to http://localhost:5080 demos page to set up my camera and audio input and all works fine in testing the stream both on demo page and in swf of my webpage.
Question is, do I need to include some java and/or action script for the swf player to
bypass the red5 demo page so I can directly connect my input and stream in the code of the page? Also so only logged in webpage viewers can connect?
Overall wondering if there is a way of hiding the server stream from anyone not logged in to view it on my site? I understand in webapps folder somewhere there is the hosts list of IP but it would be impossible to know the IP of the viewers as opposed to unwanted viewers or bandwidth stealers.
I am trying to set up a site for poetry readings and make it so readers can record live to my server and then logged in viewers can view from my website. I am trying to figure out whether I must have that red5 page open and if that doesn't pose some kind of risk.
Found my own way of doing this just by removing and renaming files and folders.
If you go to usr/local/red5/webapps here lies all the directories for viewing when you go to default port 5080 so I simply installed the applications I needed and then took everything out of there except those applications I wanted and needed to run. I took out all and placed it in a folder in /var directory named it red5_movedstuff in case I want access to further applications later on.Then I renamed the applications I am using in webapps folder and kept admin folder to access them but I renamed my applications and had to importantly rename also in WEB-INF for each application name change.
Now if someone goes to myip:5080 they get a blank page and by changing names of applications I've hidden my directories beyond that including list of streams.

Path problems with running a sub application (umbraco) inside my MVC4 web application

I have this MVC4 web application, I run it locally at mySite.local/. I created an application in IIS 7, mapping to mySite.local/corporateSite/. I point that application to an Umbraco (CMS) installation I have locally.
This works pretty well.
I have these UI images and .css files that were in my corporate site and were linked-to by absolute urls (Examples: /css/myCss.css, /media/ui/myFunLogo.png, etc.).
Now this "/" root has changed, if I want my css and images to work, I have to use /corporateSite/cssmyCss.css... this is logical.
How can I change my configuration or sites setup or code so that I don't have to write that whenever I'm linking to a file like that. Should I use rewrite rules to prepend the application url?
How to people integrate these elements normally ? I know a lot go through subdomains, but this would not be ideal for us at the moment.
Thanks for the help!
(I think my question is related to this one how to integrate umbraco with mvc4 but in some different aspects. And the answers are not good for me.)
In umbracoSettings.config, there is a setting for "ResolveUrlsFromTextString".
Setting it to true should tell Umbraco to add the virtual directory name to links and images.

"Hack" in to localhost root directory from a VM web app

I have apache VM web app running locally. It's red hat.
It's PHP based but the main page is index.html. I am able to to into sub-directories for images and such, I wanted to know if it is possible for me to gain access to the directories that contain the php code, probably just one level above the images directory. Because of index.html, it forces the load, and I am unable to see server files.
Yes there used to be a trick called dot-dot-traversal that could do this. Basically you put two dots into a URL and climb above the web root. Something like http://www.example.com/../../../../etc/shadow . Occasionally a new way to exploit the vulnerability is discovered, but mostly it is rare. Unless you're running an old server, you should be pretty safe.

Preventing direct access to files in IIS 7

I have a PHP application running on a Micrisoft IIS 7 server. The application shows PDF files on an iFrame, which contains user's sensitive data that I wouldn't like to be directly accessed by anyone that knows the file address.
So basically, I'm looking for a way to protect files from direct browser access or download, but still be able to show it on the application's iFrame.
I made some research with Rewrite rules, but since the "HTTP_REFERER" of an iFrame is empty, I couldn't find a good solution
Any suggestions for this?
Thanks in advance
Without seeing any of your code, or how your application works, I can only give suggestions based on how I think your app works.
Rather than showing the files themselves, with links directly to those files, you should consider changing your application so that the PHP reads in the directory, displays the file names (however you want them to appear), with links that go to a download.php page. The download page (after checking whether the user has permission to download the file) then loads the file into memory and serves it out as a response (with appropriate Content-Disposition and Content-Type headers).
Since your PHP application can read files directly within the web directory, you can set up rewrite rules to prevent accessing those files from the web; that way, the files can only be accessed by the PHP application, which doesn't rely on rewrite rules to access the drive.
This is how places like Source Forge can display an advertisement with a countdown that your file download will begin in 5 seconds.