We're testing our ClickOnce deployed application internally on IIS (Internet Information Services), but we're wondering if we can deploy it to the wider internet using Apache on Linux so we can make use of our existing external website host.
If so, is there anything else I need to consider other than as specifying the correct mime types such as .application and .deploy?
I found a number of people asking the same question starting around 2005, but here is the first google result - also discusses silverlight.
http://software.clempaul.me.uk/articles/clickonce/
As far as I can tell, however, the only thing you would need to worry about would be setting up the mime types and providing access to the files.
The Paul Clement article is the best description I've found. I also came across a topic in the Apache documentation that suggests putting the configuration in the httpd.conf file instead of .htaccess files. Here are the lines I added to my httpd.conf file:
AddType application/x-ms-application .application
AddType application/manifest .manifest
AddType application/octet-stream .deploy
Related
I'm using nginx/1.10-3 and apache2-2.4.25-3 on Debian.
For many reasons i won't go into, I'm looking to switch to NGINX from Apache2.
My CMS has many files that either have no extensions, or have the wrong extension in terms of lining up with mime.types.
With Apache2 we rely on mod_mime_magic to override the extension and use the magic bytes to correctly set the content-type. However, I can't seem to find a way to get this on NGINX.
For example, we have images that end in .img and some files with no extension at all.
The only solution I can come up with, is to integrate extension rewriting/adding into the platform and change the extensions on upload and go through the existing ones. This will take a lot more time, though.
Is there a "hack" or an alternative to mime magic with NGINX?
Thanks
I want to know if my Apache server uses .htaccess files or not. If it uses them, then why and how?
How can I know if my Apache server is using .htaccess or not?
Thank you.
As for why, it's a convenient way for shared-hosting providers to give some access to users who would like to set some configuration options. You obviously wouldn't want everyone to have access to the main configuration file for security purposes. It's also useful for development purposes since you can set different options for different directories.
As for how Apache uses the file, I recommend reading the documentation.
As for how to know if Apache is using .htaccess files, it most likely is. I've yet to meet a shared hosting provider that doesn't. And if you are running your own server, I assume you would know how you set it up. Worst case scenario, you could follow this advice from the docs:
A good test for this is to put garbage in your .htaccess file and reload the page. If a server error is not generated, then you almost certainly have AllowOverride None in effect.
I've made a cookbook in Chef to install a web application, Apache and PHP.
This web application has a PHP document that clients access in this URL:
http://localhost/www-app/ClientFE
With this I have a problem. By default PHP will only interpret documents that have a PHP extension, and as my URL doesn't have it, it gets interpreted as text. I can't change the file's extension because the client (which is also software) should not be modified.
What I want to accomplish is to make PHP interpret that document, and for what I've investigated it can be accomplished in three ways at least: configure appropriately PHP, create an alias, create a rewrite rule.
First: I could configure PHP to interpret the desired document:
<FilesMatch "/www-app/ClientFE">
SetHandler application/x-httpd-php
</FilesMatch>
Second: I could do it through mod_write (I would have to rename the fill in the web app, which is also acceptable for me):
RewriteCond ^/www-app/ClientFE /www-app/ClientFE.php
Third: I could do it with mod_alias in a similar fashion than mod_rewrite.
The 3 are good for me, but my problem is: how to do them with Chef ? I haven't been able to find useful docs about it, and I have already tried to put this in my recipe (I found them around the Internet but they haven't worked):
apache_rewrite do
source "/www-app/ClientFE"
target "/www-app/ClientFE.php"
end
and this
apache_module "alias" do
source "/www-app/ClientFE"
target "/www-app/ClientFE.php"
end
Some people in my company suggested 2 valid solutions:
Put the configuration in a .htaccess inside my web application. This works for me and allows to use the alternatives I mentioned above.
Do nothing! It happens that the Multiviews option in the Apache2 cookbook is enabled by default, and it allows Apache to resolve URL http://localhost/A as http://localhost/A.php .... I mean, if Apache is asked about file A, and it doesn't find it, then it will search for A.php instead.
From the two, I chose the later, and yes, it works. It wasn't working before because in my many attempts I created both A and A.php and in that case the Multiviews has no effect.
Some people say that to enable compression you modify htaccess file:
apache compression Deflate .js and .css files not compressed?
http://betterexplained.com/articles/how-to-optimize-your-site-with-gzip-compression/)
Others say you need to update httpd.conf file
http://kb.mediatemple.net/questions/1567/Compressing+web+pages+with+mod_deflate#dv
What is the right way? If either is correct then wouldn't htaccess be a better choice since it doesn't require web server restart?
The Apache HTTP Server can be configured in a number of ways: The main configuration file is (usually) called "httpd.conf", but this file can include other configuration files with the "Include" directive. Furthermore, the HTTP Server allows for configuration files to be placed in the context path of your website. These decentral configuration files are (usually) called ".htaccess".
Configuration directives, like the directives to enable compression, can be valid in different contexts. The valid configuration contexts of the "AddOutputFilter", the "SetOutputFilter", and the (deprecated) "AddOutputFilterByType" all specify "server config, virtual host, directory, .htaccess" as their valid configuration contexts. Therefore, all of these directives can be used in the "httpd.conf" as well as in the ".htaccess" configuration files.
So both ways of configuring output compression are valid, and it's just a matter of taste whether you want all your server configuration in one central file (which gets only read during server (re)start) or whether want to spread the configuration in multiple files and directories (but get the benefit of changes being applied instantly).
If your Web Host is through C Panel
Enable G ZIP Compression on Apache C Panel
Go to CPanel and check for software tab.
Previously Optimize website used to work but now a new option is available i.e "MultiPHP INI Editor".
Select the domain name you want to compress.
Scroll down to bottom until you find zip output compression and enable it.
Now check again for the G ZIP Compression.
You can follow the video tutorial also.
https://www.youtube.com/watch?v=o0UDmcpGlZI
More a web server security question.
Is it possible for someone to "probe" into a folder on a web server, even if an index file is in place?
I assume they can't, but if I wanted to store .pdf applications as random names (93fe3509edif094.pdf) I want to make sure there's no way to list all the pdfs in the folder.
Thank you.
Just disable the directory listing in your web server
Generally, no. Instead of creating an "index" file, you may also unset the apache "Options Indexes"
Generally speaking, no. Especially if you explicitly turn off the directory listing for that specific directory.
<Directory /path/to/directory>
Options -Indexes
</Directory>
Source: http://httpd.apache.org/docs/1.3/misc/FAQ.html
However, you should be securing files through some sort of authentication process rather than just file names. What you propose can be found by simply brute forcing the file name. Also, people can share URLs, folks can sniff and find the URL, etc. Use a better method.
Web servers have a setting that controls whether or not the directory listing can be browsed. Apache's is called Options Indexes:
Indexes
If a URL which maps to a directory is requested, and the there is no DirectoryIndex (e.g., index.html) in that directory, then the server will return a formatted listing of the directory.
However, if anyone knows the URL in advance, or can easily guess the filename, they can still load the pdf.
Depends on the server. The server always decides what the client may and may not see. In your case, Apache, see Mitro's answer.