same cgi proxy script behaves differently in 2 different servers - proxy

i have one dedicated server and one shared hosting server.
i download and put both cgi proxy script in /cgi-bin/
these two files are identical.
on both servers, i checked that there is no cookies recorded by cgiproxy. virgin.
URL flags are all same.
i navigate to myspace.com
Behavior Difference:
dedicated server's cgi proxy
redirects to google.com
shared server's cgi proxy
successfully loads myspace.com
I suspect something wrong with the dedicated server's settings? But what could be wrong or different from the shared hosting ?

Since you've now posted multiple questions about your server being blocked by other web sites, I would guess there's a good chance your server is in a netblock with a bad reputation for abuse.

Related

create php web service and access to the internet

I have recently installed PHP, MySQL Server, and Apache web server. I played around with some PHP scripts locally on the PC to insert some entries to MySQL Database.
Noob question so please be patient with me:
How do I get my web service out to the internet, by self hosting? Say I already have a domain for example mydomain.com How do I make it so that when someone not within my network can access mydomain.com/something and can send some data so my server gets it and do anything with that data?
Webhosting
You have to have some form of webhosting. You pay for hosting and you can upload your PHP files to their servers. They will usually also have database servers you can use.
Your domain name has to point to those servers via DNS so the internet can reach your application. I'd suggest you search the internet for popular hosts that provide the tools your need for this.
Self hosting
Another possibility is to open your network up to the world, but this is not recommended unless you have network administration experience due the security trouble that comes with it.
In short: forward a port through your router to the machine running your application. The website portforward.com has instructions on how to do this but keep in mind that misconfiguration could lead to vulnerabilities in your network.
In order to make you site public
1. you need host
2. you need domain
there are bunch of hosting sites you should get one first.
This link explains very well about self hosting
https://www.boutell.com/newfaq/creating/hostmyown.html

Bypassing akamai

I am completely new to Akamai. I have a .vbs file, which get served by Akamai. Recently operation team put restriction in .vbs, so now it is getting blocked. Is there a way to get this file served directly from web server and bypass Akamai?
I am not sure if that's possible. Even if you add few rules in akamai configuration and bypass akamai for .vbs extension, request will still have to go through akamai servers. Best option is to give it a try in Akamai staging env or contact akamai support.
If this file is updated frequently and should not be cached at all, then the best option would be to setup Akamai configuration to have this file as no-store, or if you need only specific requestors to be able to reach your own infra, behind Akamai, then bypass the Akamai cache. Still it will go through Akamai.
If the issue is going through Akamai, your only solution is to have another hostname not on Akamai to reach this file OR to know what is the server on your infra, which hosts this file and modify your host file to request this server directly. Issue is that the whole site will be served from your infra and not benefit of Akamai.

Does memory protection protect servers from the heartbleed exploit?

I understand that the heartbleed-bug allows a remote attacker to read memory from your machine. Is this mitigated by memory protection?
For example, if I have a public-facing https webserver, any webserver traffic and data is obviously compromised, as well as any information accessible using credentials sent over the webserver. But what about other processes on the same box? If I was running bash locally from the console, far from ssl?
According to the site Heartbleed only affects openssl and related software (like something linked to libssl). Any other program in your box should be safe from this particular bug.

Ensuring folder name doesn't show up in the domain name

our hosting account is set up with the domain www.nashman.ca, and our application is at www.nashman.ca/hub. We have another domain that forwards to www.nashman.ca/hub and that's hub.mhn.co. The problem i'm having with this is that the forwarded domain adds on the /hub whenever you navigate to another page from hub.mhn.co, so the domain shows as hub.mhn.co/hub/admin when you're in the admin area, for example. I need the domain to stay consistent, and never show that folder name, because its breaking some of the javascript I use. What is the best way to set this up?
edit
I've been doing some reading about URL Rewriting, and looking into it - my hosting provider supports the IIS7 URL Rewrite module. All the tutorials I've found so far detail how to set up rules using the IIS config tools, but I don't have access to them. Is there a way to do it by editing my web.config in my apps root directory? And will this solve my issue?
Is the default page for hub.mhn.co using a redirect to www.nashman.ca? If so, what is happening is that the forwarding software basically returns a new URI that the browser requests, and the new URI will replace the old one in the browser window and thus in all future requests. You're probably redirecting to ~/hub/ (the hub subdirectory of the site root) which will result in the browser requesting a new URI that keeps the domain name but tacks on the subdirectory.
If you have direct control over the DNS and your webservers, you can use the DNS configuration to direct a request for the hub.mhn.co domain directly to the /hub subdirectory of your webserver. That way, the browser never knows that hub.mhn.co is actually www.nashman.ca/hub/. You might have to direct to an alternate port on the webserver and map that port to the subdirectory, depending on your DNS software (IIRC, most can deal with ipaddress/subdir routes, but some can only handle routing to ipaddress:port).
If your IT department does not have direct control/ownership over your DNS routing, or your exact hosting environment, you are more or less at the mercy of your hosting provider. They may be able to set up their environment to do the same thing, or not; all you can do is ask.
EDIT: Basically you have two options left if you're hosting remotely and can't use their DNS to reroute silently.
First option: clone (copy all files from) the web layer of nashman.ca/hub as hub.mhn.co under a different root space in your hosting environment (try to keep any hooks to service-layer code over at nashman so you don't have to copy the whole vertical slice). If you must also keep the UI under the /hub/ subdirectory, you're repeating code, but you may be able to mitigate this with deploy scripts that will allow you to deploy one local copy of your codebase to various locations. This may also cost more as your hosting environment is now hosting two non-trivial sites.
Second option: host the site and/or resolve the calls on your own hardware. As long as you have a public, static IP address through your ISP, you can provide a DNS server that will be the "authoritative" server for nashman.ca and hub.mhn.co domains. Your ISP or a third party domain name registry can provide a "pass-down" route to get requests from the TLD servers down to you. Then, you can route requests to whatever IP address, port and/or subfolder you like; that can be a remote webhosting provider (as long as they don't mind JUST hosting your site) or your own webservers. This will require the hardware, and a static IP from your ISP. If you lose power to this server, your site will be unreachable until power's restored. If the IP address of your DNS server changes, your site will be unaccessible by DNS until the server that routes requests to you updates its routing table with the new IP (which can be up to 24 hours).

Get blog.domain.com to appear as www.domain.com/blog

I want to create a blog for an e-commerce website, but due to data security reasons I don't want to host the blog on the same machine as the website is hosted on. Is there a way to
host it on a separate machine using the sub-domain of blog.domain.com but have it be accessible via the url www.domain.com/blog.
My reasoning is that the content will help with seo better if it uses the same domain.
I was thinking about using mod_rewrite but I'm not sure if it would allow page retrieval from a different website.
It is possible to use the Apache module mod_proxy to make the contents of a server appear to be hosted on another server, and therefore appear to be hosted under a different domain. You might like to take a read of this page which details the Apache configuration directives needed to get it up and running. If that doesn't offer enough options for setting it up how you want it, then you could investigate the "force proxy" option in mod_rewrite, which allows you to send certain rewritten requests through mod_proxy to do the proxying.

Resources