I have a folder where in there is a .htaccess file with some settings .. so when i try to load the page .its asks for authentication . so when i dont give the user name and passwd . it redirects to a page. i need to know where this redirection settings are there . how to get to the core.
This question is not terribly clear.
It sounds like you have authentication set up in your .htaccess file. If authentication fails, Apache returns a 401 Unauthorized (or 403 Forbidden) response. You might try redefining the error pages for those two errors using the ErrorDocument directive.
Related
I found a vulnerability for content-spoofing on my webpage.
This URL:
https://www.mygreatsite.com/www.mygreatsite.com%20has%20moved%20to%20www.evilsite.com.%20CHECK%200UT%20H0W%20COOL%20THE%20NEW%20SITE%20IS!%20Sadly,%20the%20file%00
Apache Output:
Not Found
The requested URL /www.mygreatsite.com has moved to www.evilsite.com. CHECK 0UT H0W COOL THE NEW SITE IS! Sadly, the file was not found on this server.
--
The URL Overrides the Apache-Error and outputs the text added to the URL in the Browser, along with a 404-Error.
Actually, all requests to the server should be redirected to the CMS (Typo3) which in turn handles the 404-error and shows a custom page.
When I enter an URL that doesn't exist, this works perfectly. Just the above mentioned URL screws everything up.
Interestingly, when I delete the «%00» from the end of the URL, the request is forwarded to the CMS and the correct error document is displayed.
I tried to add a separate ErrorDocument-Directive to the htaccess-file - with no success.
Any ideas what goes wrong and how I could solve this?
As Anubhava points out, when a NULL-Byte is detected, Apache doesn't load any modules and just throws the 404. That's why ErrorDocument and mod_rewrite in the htaccess don't work.
[Edit for clarification]
%00 or in Hex \x00 is a NULL byte. When web server finds a NULL byte at the end then web server thinks it is a spoofing request and considers it to be dangerous to be processed by any directives.
Due to security reasons web server doesn't load any modules for this request and returns a 404 / Not found status. Browser shows default 404 page with your decoded URL just below Not Found text.
I want to know how to remove 403 issue for particular URL .
For example ,whatever comes after http://www.example.com/webapp/* , I need to remove 403 issue. How to set this?
you must configure your web server to allow pages from that file directory to be served to the public.
http://httpd.apache.org/docs/2.2/urlmapping.html#user
I am trying to access rest API for Guest User through
http://localhost/b_marketing/api/rest/products, but the page redirects to 404 page. I have checked retrive catalog products in ACL attributes RULES, REST - attributes and REST - ROLES, correctly. It also works correctly on my other project by using these all configurations.
There is one thing I need to mention here that my project works only when I use http://localhost/b_marketing/index.php , despite of setting up the htaccess rewrites and setting rewrite from admin panel. My apache rewrites are also set.
When I use http://localhost/b_marketing/api/?wsdl it works and some xml returns.
But I cannot use http://localhost/b_marketing/api/rest/products
The Response Header is always 404.
I also cannot access REST API using http://localhost/b_marketing/index.php/api/rest/products as well.
Make sure you have rewrite rule in .htaccess.
Go to magento root folder, in your case it is b_marketing
Open .htaccess file in any editor
Locate rewrite rule for api
If you don't have .htaccess file in place, you may consider to copy fron original
Magento packagem
If you run nginx:
.htaccess is not supported. Edit the nginx configuration and add the line:
location /api {
rewrite ^/api/rest /api.php?type=rest last;
}
I read that that line sometimes is already there however with the the word break instead of last. Thats wrong, change it to last.
Make sure to use -MultiViews. As the api.php and /api path have the same name (without extension), Apache might resolve api automatically to api.php and cause trouble.
I have a Joomla site running on Apache and Ubuntu 12.04. I wanted to show a custom 404 pages to be shown when a 404 error occure. I have made necessary changes to error.php file in my template directory to redirect it to '/404' directory where I have an index.html file with many images,css and java script.
Now when accessing a non-existent page, Joomla is redirecting me to root/404 but there I get a 403 Forbidden error from appache. The 404 directory is located inside 'htdocs' directory of Joomla installation.
Additional info:
1. I don't want to convert my 404 page into a Joomla template or article.
2. I am using a Joomla AMI from Bitnami on Amazon web service
If you redirect to a 404 page, you corrupt the error mechanism. The client will never get that 404 status, but a 200 on successful redirect to your error page.
Instead, you should modify your template's error.php to
send the 404 Not Found header
directly send the error page using readfile()
You might have to adjust the asset paths within your error page.
That's totally wrong, working with static pages does not mean that you have to overcome Joomla's routing.
You should either override the error Page view or use custom error pages.
Take a look at Joomla's documentation.http://docs.joomla.org/Custom_error_pages
Nibra was totally right about breaking the mechanism but still using a readfile() seems as an overkill.
The wrinkle is that the pages being requested are aspx pages and they are no longer present. I want any request coming to the root domain (and any subdomain like www) to redirect to a single page in the root directory (namely index.html) I went into the IIS admin tool, selected the domain and tried to direct to a url (http://mydomain.com/index.html) but that caused index.html to be appended multiple times and resulted in an error.
What is the best way to do this, so that any http request ot hsi domain goes to the index.html page?
Thanks in advance.
Warren
You can achieve this using the ASP.Net App_Offline feature; if you place a file in the root of your website called App_Offline.htm, the contents of that file will be returned in response to all incoming requests.
Or find your default 404.html file and put some redirection code into it