i've created a rule using UrlRewriter to perform a redirect:
<rewriter>
<redirect url="~/ResetClock.ashx" to="~/ResetClock" />
</rewriter>
The problem is that it is issuing a 301 Moved Permanantly redirect:
POST /ResetClock.asp HTTP/1.1
HTTP/1.1 301 Moved Permanently
Location: /ResetClock
i can mark the redirect as "temporary" redirect:
<rewriter>
<redirect url="~/ResetClock.ashx" to="~/ResetClock" permanent="false" />
</rewriter>
In which case it incorrectly issues a 302 Found redirect:
POST /ResetClock.asp HTTP/1.1
HTTP/1.1 302 Found
Location: /ResetClock
The problem is that both of these redirects are the wrong redirect to issue. i need UrlRewriter to issue a:
307 Temporary Redirect
How can i do that?
Note: The reason i need it to issue a 307, is the reason 307 (and 303) were invented: all browsers handle 302 incorrectly; converting a POST into a GET. i need to tell the User-Agent that they need to post elsewhere:
POST /ResetClock.ashx HTTP/1.1
HTTP/1.1 307 Temporary Redirect
Location: /ResetClock
and the client will issue the redirect to the correct location.
Related
i've deploied my laravel site on my server.
but i got a problem.
First:
my files was in the public_html folder.
I got the 403 forbidden error.
Then:
i tried to move them outside the public_html folder and only put the laravel's public folder contents onto that.
it only show "Nginx is functioning normally".
I get the next message:
The requested URL was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
and the next log: [error] 8949#0: *2449542 access forbidden by rule, client: 13.90.224.16, server: marchethiaroye.com, request: "GET /.env HTTP/1.1", host: "www.marchethiaroye.com"
error log
Please help! It's my first deploiment.
NB: the site is working on local
file configs message i got
Let's assume your laravel project name is 'test'.
And you put 'test' on public_html.
Try open http://IP_ADDR/test/public
Magento 1.9.0.1
Hi,
I have since 10 days an increase in 404 errors on webmaster tools, and in the crawl error section i found 150 weird url that make no sense :
http://sitename.com/ (cms page)/index.php/(another cms page or product).
In my memory i haven't change anything, but this has to come from somewhere. I've checked robot.txt (i only deleted prior to that the line User-agent: Googlebot-Image Disallow: ), htaccess , local.xml and friendly url in system/config/web. Looks all good.
Here is a screenshot :
In my robot.txt i've got :
Disallow: /index.php/ <br>
Disallow: /*.css$ <br>
Disallow: /*.php$ <br>
Disallow: /*?p=*& <br>
Disallow: /*?SID= <br>
Disallow: /?___from_store= <br>
Disallow: /*___from_store= <br>
Thanks in advance for your help.
Regards,
Marc
I just found out in my access.log that i had an attack to my /downloader folder :
"GET /downloader/index.php?A= HTTP/1.1" 200 2518 "-" "-"65.98.60.146 - - [07/Mar/2016:12:37:45 +0100]
"POST /downloader/ HTTP/1.1" 302 - "-" "-".
And after every 100 attacks i get the URL error that appear :
"GET /bache-tendue/index.php/tendeur-elastique/tendeur-caoutchouc/tendeur-caoutchouc-25cm HTTP/1.1" 404 111180 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)"
Hope this helps.
Regards,
Marc
I have installed the template Blanco in Magento 1.7.02 and I receive a “200 OK” status from the server, despite the URL still being invalid and the 404 page still being presented.
[root#host.shopmami.com] ~ >> curl -I http://www.almohadaspremama.com/aa
HTTP/1.1 200 OK
I disable the template Blanco and obtain the correct status.
root#host.shopmami.com] ~ >> curl -I http://www.almohadaspremama.com/aa
HTTP/1.1 404 Not Found
Please, anybody could help me to find the issue in the template?
I'm new to CORS and have learnt that the OPTIONS preflight request sent by the browser excludes user credentials.
How do I get the filter (in httpd.conf) to respond to OPTIONS requests differently, i.e bypassing the authentication ?
This is my current configuration :
<LocationMatch /api>
SetEnvIfNoCase Origin "https://(www\.)?(domain1\.com|domain2\.com)(:\d+)?$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Methods "GET,POST,DELETE,OPTIONS"
Header set Access-Control-Allow-Headers "Accept, Authorization, Origin, Content-Type"
AuthFormProvider ldap
AuthLDAPURL "ldap://localhost:10889/ou=Users,dc=work,dc=com?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
Require valid-user
ErrorDocument 401 /login.html
ErrorDocument 500 /error.html
AuthType form
AuthName realm
Session On
SessionMaxAge 1800
SessionDBDCookieName session path=/
ProxyPass http://localhost:8080 timeout=31536000
AuthFormFakeBasicAuth On
</LocationMatch>
And the javascript which makes the request :
$.ajax({
type : "DELETE",
url : "https://www.domain1.com/api",
xhrFields: {
withCredentials: true,
},
success : function(data){
},
});
I've tried the follwoing but with no luck :
(a)
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
(b)
<Limit OPTIONS>
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Credentials "false"
Header always set Access-Control-Allow-Headers "Accept, Authorization, Origin, Content-Type"
Header always set Access-Control-Allow-Methods "GET,POST,DELETE,OPTIONS,PUT"
</Limit>
(c)
<Limit OPTIONS>
Allow for all
</Limit>
(d)
SetEnvIfNoCase Request_Method OPTIONS allowed
Any idea ? Please help !
I had the same issue which I solved today with the help of this question. Basically your option c.
My conf structure is:
conf/httpd.conf <- normal stuff
conf.d/ssl.conf <- set up ssl stuff
conf.d/api.conf <- set specific stuff to api like Auth
/var/www/.htaccess <- set specific stuff to api again
This allows for limiting everything except for OPTIONS
/conf.d/api.conf file:
<Directory "/var/www/api">
AllowOverride All
Options FollowSymLinks
<LimitExcept OPTIONS>
Auth stuff here
Mainly your Require statements
</LimitExcept>
</Directory>
Then in my .htaccess file I set the headers.
The Apache manual in the require directive states "Access controls which are applied in this way are effective for all methods. This is what is normally desired. If you wish to apply access controls only to specific methods, while leaving other methods unprotected, then place the Require statement into a <Limit> [or <LimitExcept>] section."
I had to make sure my application could handle OPTIONS as this setup is not doing an automatic return. Here or here one can see how to redirect which may work instead of having something in the application handle it.
We have a desktop and a mobile version of our webapp.
The desktop url is more prominent and so we would like to redirect the user to the mobile version in case the request is for the desktop url from a mobile device.
In the apache config we have the mod_rewrite module
and my config at present looks like this
<IfModule mod_rewrite>
RewriteEngine On
RewriteCond %{x-wap-profile} ^https?://
RewriteRule ^/(.*) http://google.com [L,R]
</IfModule>
At this point this is the only rewrite rule that we have so I'm not sure if L is required because this is the first and last rule anyway.
I have just indicated redirection to google.com for testing purposes
I'm not sure if my condition check is right.I couldn't figure out how to check for existence of a header.Is that what is wrong?If yes,please let me know how to specify the RewriteCond
How I'm Testing?
I'm testing from a Firefox browser and using the Modify headers plugin to simulate the mobile request.I'm adding the x_wap_profile header.
However I don't see any redirect happening with this config.Can you please let me know where I'm going wrong?I would also appreciate if there is any logging that can be introduced here to verify if this rule is being trigerred.I don't see any errors though with the current modified config.
To check for an arbitrary header in mod_rewrite (i.e. a header not in this list), the syntax is:
RewriteCond %{HTTP:x-wap-profile}
This one seems to work:
RewriteEngine On
RewriteCond %{HTTP:x-wap-profile} ^.+
RewriteRule .* http://google.com [L,R]
piotrek#piotrek-Vostro-2520:~/vhosts/localhost$ curl http://localhost/
OKOK
piotrek#piotrek-Vostro-2520:~/vhosts/localhost$ curl -H 'x-wap-profile: abcd' http://localhost/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache/2.4.6 (Ubuntu) Server at localhost Port 80</address>
</body></html>
Change it to make it work for https inside header.
Docs here: http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond in section Other things you should be aware of:.