I have an application deployed in weblogic, and am using apche server.Normally, when I enter the url for the application, it should display a jsp (1) kind of please wait then this one will redirect to another jsp (2).
the problem is when I enter the url of the application, it displays jsp (1) "please wait" and while redirecting it gives the error (Error 404--Not Found).
What do you think the problem is ?
A 404 simply means that the URL is invalid or that the resource actually isn't there where you think it is.
First test its availablility independently with an absolute URL. Such as http://example.com/context/page.jsp. If that doesn't work, then verify if the resource is actually there in your webapp where you expect it to be. If that does work, then you likely used a relative URL in the redirect such as:
<meta http-equiv="refresh" content="3;url=/page.jsp">
You need to be aware that any relative URL's in the page are relative to the absolute URL of the current request. Thus, if the page was requested with for example http://example.com/context/wait.jsp, then the above relative URL will resolve to http://example.com/page.jsp. This is thus not going to work if the page is actually located at http://example.com/context/page.jsp. You should then replace the URL by the right relative URL:
<meta http-equiv="refresh" content="3;url=page.jsp">
or just an absolute URL:
<meta http-equiv="refresh" content="3;url=http://example.com/context/page.jsp">
Related
I found a vulnerability for content-spoofing on my webpage.
This URL:
https://www.mygreatsite.com/www.mygreatsite.com%20has%20moved%20to%20www.evilsite.com.%20CHECK%200UT%20H0W%20COOL%20THE%20NEW%20SITE%20IS!%20Sadly,%20the%20file%00
Apache Output:
Not Found
The requested URL /www.mygreatsite.com has moved to www.evilsite.com. CHECK 0UT H0W COOL THE NEW SITE IS! Sadly, the file was not found on this server.
--
The URL Overrides the Apache-Error and outputs the text added to the URL in the Browser, along with a 404-Error.
Actually, all requests to the server should be redirected to the CMS (Typo3) which in turn handles the 404-error and shows a custom page.
When I enter an URL that doesn't exist, this works perfectly. Just the above mentioned URL screws everything up.
Interestingly, when I delete the «%00» from the end of the URL, the request is forwarded to the CMS and the correct error document is displayed.
I tried to add a separate ErrorDocument-Directive to the htaccess-file - with no success.
Any ideas what goes wrong and how I could solve this?
As Anubhava points out, when a NULL-Byte is detected, Apache doesn't load any modules and just throws the 404. That's why ErrorDocument and mod_rewrite in the htaccess don't work.
[Edit for clarification]
%00 or in Hex \x00 is a NULL byte. When web server finds a NULL byte at the end then web server thinks it is a spoofing request and considers it to be dangerous to be processed by any directives.
Due to security reasons web server doesn't load any modules for this request and returns a 404 / Not found status. Browser shows default 404 page with your decoded URL just below Not Found text.
I have a ecommerce site with hundreds of products. I recently changed permalinks and their base. Using Wordpress and Woocommerce plugin, I removed /shop/%product-category% from the URL. However, my old URLs are still active. Check out the following example:
greenenvysupply.com/shop/accessories/gro1-1-3mp-usb-led-digital-microscope-10x-300x/
greenenvysupply.com/gro1-1-3mp-usb-led-digital-microscope-10x-300x/
The first URL is old. Why does it still work? Shouldn't I get a 404 page?
Here is code from page source related to the canonical:
href="https://www.greenenvysupply.com/shop/feed/" />
<link rel='canonical' href='https://www.greenenvysupply.com/gro1-1-3mp-usb-led-digital-microscope-10x-300x/' />
<meta name="description" content="The 1.3 Mega-Pixel USB LED Digital Microscope is great for identifying pests and diseases on your plants so you can accurately resolve the problem."/>
<link rel="canonical" href="https://www.greenenvysupply.com/gro1-1-3mp-usb-led-digital-microscope-10x-300x/" />
Because the old URL is still active and not redirecting, my entire website is being seen as having duplicate content. Google crawlers are not being redirected. Why is the URL with /shop/ in it still active even though I have changed the permalink? There has got to be an easy fix for this.
A canonical URL or other metadata in your response is not the same as a redirect. To accomplish a redirect, your server needs to return a 3xx status code (typically a 301 or 308 for a permanent move as you have here or a 302 or 307 for a temporary move) and return a "Location" header that indicates the URL to which to redirect. How exactly you make your server do this is dependent on the type of server or server framework that you happen to be using for your website.
How to accomplish a redirect is somewhat independent of your implicit SEO question about whether to prefer a redirect over a canonical URL, which I'm afraid I cannot answer. Regardless of the approach you use, though, you should be aware that search engines -- Google or otherwise -- may not reflect the changes from your website immediately, so don't panic if you don't see the desired search engine change you were looking for immediately following a change to your website.
For some reason when you go to the url https://www.improvementskills.org/index.cfm google translate does not show up, but when you go to http://www.improvementskills.org/index.cfm it works fine. So I know the issue is with SSL and having https. Does anyone know what the problem is and how to fix it. Thanks!
You are loading Google's JavaScript with an http URL, even when your page is served with https. The browser rejects that, because it's insecure to include non-https content in an https page.
You need to do this:
<script type="text/javascript" src="//translate.google.com/...
rather than specifying the URL as http://translate.google.com/... By starting the URL at the double-slash, the browser will use whichever of http or https the page itself is using.
I'm having an issue with a friends iWeb website - http://www.africanhopecrafts.org. Rather than pages viewing they want to download instead but they're all html files. I've tried messing with my htaccess file to see if that was affecting it but nothings working.
Thanks so much
Most likely your friend's web site is dishing up the wrong MIME type. The web server might be malconfigured, but the page can override the content-type responde header by adding a <meta> tag to the page's <head> like this:
<meta http-equiv="content-type" content="text/html" charset="ISO-8859-1" />
(where the charset in use reflects that of the actual web page.)
If the page is being served up with the correct content-type, the browser might be malconfigured to not handle that content type. Does the problem occur for everybody, or just you? IS the problem dependent on the browser in use?
You can sniff the content-type by installing Firefox's Tamper Data plug in. Fire up Firefox, start TamperData and fetch the errant web page via Firefox. Examining the response headers for the request should tell you what content-type the page is being served up with.
I am getting the security alert: "You are about to be directed to a connection that is not secure. the information you are sending to the current site might be transmitted to a non-secure site. Do you wish to continue?" when I try to login as a customer on my clients oscommerce website. I noticed the link in the status bar goes from a https prefix to a nonsecure http prefix. The site has a SSL certificate, so how do I ensure the entire store portion of the site directs to the secured site?
It is likely that some parts of the page, most often images or scripts, are loaded non-secure. You'll need to go through them in the browser's "view page source" view one by one and eliminate the reason (most often, a configuration setting pointing to http://).
Some external tools like Google Analytics that you may be embedding on your site can be included through https://, some don't. In that case, you may have to remove those tools from your secure site.
If you can't switch all the settings, try using relative paths
<img src="/images/shop/xyz.gif">
but the first thing is to identify the non-secure elements using the source code view of your browser.
An immediate redirection from a https:// page to a http:/ one would not result in a warning as you describe. Can you specify what's up with that?
Use Fiddler and browse your site, in the listing it should become evident what is using HTTP and HTTPS.
Ensure that the following are included over https:
css files
js files
embedded media (images, videos)
If you're confident none of your own stuff is included over http, check things like tracking pixels and other third-party gadgets.
Edit: Now that you've linked your page, I see that your <base> tag is the problem:
<base href="http://balancedecosolutions.com/products//catalog/">
Change to:
<base href="https://balancedecosolutions.com/products//catalog/">
If the suggestion from Pekka doesn't suit your needs you can try using relative links based on the schema (http or https):
e.g.,
I am a 100% valid link!
The only problem with this technique is that it doesn't work with CSS files in all browsers; though it does work within Javascript and inline CSS. (I could be wrong here; anyone want to check?).
e.g., the following :
<link rel="stylesheet" href="/css/mycss.css" />
<!-- mycss.css contents: -->
...
body{
background-image:url(//static.example.com/background.png);
}
...
...might fail.
A simple Find/Replace on your source code could be easy.
It sounds to me like the HTML form you are submitting is hardcoded to post to a non-secure page.