I have been using jBoss 5.1 for deploying my applications. While testing clickjacking issue is raised. After searching many sites and blogs, I am not able to find the answer. In one of the sites I found that clickjacking is disabled if the site doesn't appear within the iframe :
<iframe src="http://localhost:port"/>
Jboss home page is now being displayed in the iframe. Please let me know how to disable this using X-frame-options to avoid click-jacking.
Thanks.
Please follow the steps below :
1 : Download the clickjackfilter file from the below link.
2 : Add the class folder present in clickjackfilter -> web-inf folder into your jboss -> deploy/root.war/web-inf folder.
3 : Add the filter code from the below link into the web.xml file of the root.war file
4 : restart the server.
Now you can overcome the clickjacking issue for your server.
Please find the link below :
https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_EE
Hope it helps you.
Another way of doing it is to modify the /deploy/jbossweb.deployer/web.xml file, and overwrite the org.jboss.web.tomcat.filters.ReplyHeaderFilter init-param X-Powered-By with the X-Frame-Options header, and the appropriate value that you want to set. Or you can create another entry of the filter (I haven't tested this)
Related
I am trying to run this code in my Eclipse JSP dynamic web page. But on running it in the Tomcat Server Version 9.0, I am getting an error 404 message. Error Message-The origin server did not find a current representation for the target resource or is not willing to disclose that one exists. I was trying to include a header page in my other jsp page in this code.
So far I have tried switching the location of the server via server properties. I have also checked the Use Tomcat installation checkbox in Server Locations. Still, I am getting this error.
<!DOCTYPE html>
<html>
<head>
<title>Insert title here</title>
</head>
<body>
<jsp:forward page="http://localhost:8080/HelloJSP/HeaderPage.jsp" />
</body>
</html>
If the page is under WEB-INF folder, an 404 error message might appear. I had the similar problem.
I put the pages under the WebContent folder instead. In Eclipse, the location of files may look confusing. Sometimes right click the file and look at their properties for paths. Just like below :
As you can see, even though pages look like they are under WEB-INF, they are under WebContent. Then, you won't see 404. And you can put the url to see your page in your browser.
If this doesn't help, then check your Web Project Settings.
Right-click your project, go to Properties, and find Web Project Settings.
Can you see my Context root "/" ? If I want to run my jquery.html page, I just type
localhost:8080/jquery.html
If you change your context root to "test", then you type :
localhost:8080/test/jquery.html
Don't forget to clean your Tomcat after changing your context root. Otherwise, it won't apply changes.
Thank You for your help :)
Actually, this problem was solved once I removed all the server from eclipse and switched it off. Then I readded the sever once again and it started working. Still not able to find the reason this error was caused but it was fixed by using the above method.
I installed a copy of a TYPO3 project. So, I'm using an existing TYPO3 database.
When running the home page of the site, I get the 'standard error':
Service Unavailable (503)
The page is not configured! [type=0][]. This means that there is no TypoScript object of type PAGE with typeNum=0 configured.
More information regarding this error might be available online.
which refers to following site: https://wiki.typo3.org/Exception/CMS/1294587217
But when I modify the setup of the template of the root as given in the link. I get an empty page with "HELLO WORLD" and the whole website is gone.
The old root setup code was:
config.contentObjectExceptionHandler = 0
page.meta.description.data = page:description
page.meta.keywords.data = page:keywords
How can I solve this problem without losing the rest of the website? Using TYPO3 8.7
Addition to the db install I also copied the extension folders to the typo3conf/ext folder and edited the PackageStates.php with the path to the extensions.
I see the extensions in the extensions tab the status is 'local'.
1st: make sure you have the correct configuration of all domains (as it is a copy it can not run with the same domain, otherwise you will switch between servers unpredictably.
2nd: enter list mode and look for multiple template records in your web root page. Multiple records will result in ignoring all but one record. maybe you just edit the wrong one. Normally the content is not lost but only inaccessible for the moment.
3rd: have you activated all the extensions which are active in the source installation? especially any site extension, which probably include the configuration for the TypoScript page object.
4th: you can use the TSOB (TypoScript Object Browser) and the template analyzer to view the active or resulting typoscript.
I have installed the latest version of BuddyPress on a WP.
However, the Activity, Members, Groups, and Blogs tabs all show "Page not found" errors. or show me just a title.
Thanks for any help you can provide.
screenshot: http://oi43.tinypic.com/14cw45v.jpg
link here
I had a similar issue just now. All of my buddypress pages (register, activate, members, etc.) were giving me a 404 error. I now have all the pages displaying correctly.
EXPERIENCE
I'm using an amazon EC2 instance, with apache2. My buddypress was version 2.2.1 on wordpress 4.1.1.
My first guess was that the URL wasn't rewriting correctly, so I tried all of the options in settings > permalinks.
Each time I reloaded the page I was trying to access and confirmed that my .htaccess file was being rewritten accordingly.
(.htaccess is in the base directory of your wordpress installation. If it isn't being rewritten by saving wordpress' permalinks options, try chmod-ing the permissions: http://codex.wordpress.org/Changing_File_Permissions).
SOLUTION
I found a solution through the permalinks page of the wordpress codex:
http://codex.wordpress.org/Using_Permalinks
There is an option is a file called httpd.conf on my system that disabled the rewrite module in my .htaccess file. (On a linux system this should be in /etc/httpd/conf. On OSX it should be in /etc/apache2.)
By changing my webserver directory AllowOverride option from None to All, the .htaccess file was able to function properly. Again, I found a line in the section of my httpd.conf file that read:
AllowOverride None
and changed it to:
AllowOverride All
Hope this helps.
Try going to settings/permalinks, and just save them again. Often this resolved 'page not found' errors.
While there are many questions here about a favicon not showing, I have one that is showing out of nowhere...
If I type in my browser http://localhost, I see the root of the web directory and no favicon.ico is there. Yet an icon shows up on the browser tab. If I type http://localhost/favicon.ico, the browser does show me the icon!
How can http://localhost/favicon.ico return something that does not exist?
I am using an iPlanet server linked to weblogic app container.
I searched for a favicon.ico in my entire web directory and weblogic domain, didn't find any (or rather: some others lying around but not the one I see).
I even searched for the string 'favicon.ico' in domain, web directory and iPlanet directory, in case it is in some configuration file, didn't find anything.
Any hint?
Edit: As pointed out by Sacha below, this is a default icon of the server. I would like to know where in the config it is located, and how to deactivate it. I found how to do that in documentation of iPlanet 7.0, but I am using iPlanet 6.0 and I can't find anything in the doc.
If there is no favicon.ico server displays a default one.It might be a xampp or wamp logo.If you want to customize put yours in your project root directory. Eg:- If your project name is saas put it in saas folder.
If going to localhost/favicon.ico shows you the icon, then it is there. I am not sure why it is not in the directory.
I was also facing the same problem in jBoss server of my jsp project in which the browser was showing by default server icon and there was no favicon.ico in my whole project directory
then i searched for the favicon on the server and it was there so i have remove that file from the server to remove any default favicon from my project.
I copied & pasted this text here. It seems the editor seems to format some parts randomly. ;)
I downloaded ZendGdata 1.9.6, extracted it & uploaded it to my site's
root folder ..., which I need for use with Youtube API to get videos onto my site.
I must say I’m new to all this, and so I would appreciate taking this into account.
The library folder is at /ZendGdata/library.
The problem I'm having is Step. 3 when I follow instructions
(http://code.google.com/intl/de-DE/apis/gdata/articles/php_client_lib.html#gdata-installation)
for setting it up for that purpose.
Download the Google Data Client Library files.
Decompress the downloaded files. Four sub-directories should be
created:
demos — Sample applications
documentation — Documentation for the client library files
library — The actual client library source files.
tests — Unit-test files for automated testing.
Add the location of the library folder to your PHP path (see the next section)
One of the suggested locations to add the path, apart from the .htaccess file is in php.ini.
My site is on shared hosting. I have no access to the main php.ini file, but I’m allow to create one if I need one. For Drupal CMS, for some functions, it suffices placing one in the root folder.
I added this line:
include_path=".:/usr/lib/php:/usr/local/lib/php:/home/habaris6/
public_html/site.root.folder/ZendGdata/library";
When I however go to mysite.com/ZendGdata/demos/Zend/Gdata/InstallationChecker.php to test the set up, like is mentioned in the
documentation on Youtube, I get the error:
PHP Extension ErrorsTested No errors found
Zend Framework Installation Errors: Tested 0
Exception thrown trying to access Zend/Loader.php using 'use_include_path' = true.
Make sure you include Zend Framework in your include_path which currently
contains: .:/usr/lib/php:/usr/local/lib/php
SSL Capabilities Errors: Not tested
YouTube API Connectivity Errors: Not tested
So my question is: Is that the correct way to “Add the location of the library folder to your PHP path” ?
I’m a bit mixed up.
Someone was saying the php.ini file is only active in the folder where it is located. If that is the case, which of the ZendGdata folders should have it?
As I said, my purpose is to have a the Zend framework properly set up to allow using Youtube API, something I also yet have to learn to do.
In Youtube API Google group, I was referred here. The documentation coming with the downloaded file & at zend.com pre-supposes, one knows much more than some beginners like me.
Another person said I try placing this
$clientLibraryPath = '/home/habaris6/public_html/site.root.folder/ZendGdata/library';
$oldPath = set_include_path(get_include_path() . PATH_SEPARATOR . $clientLibraryPath);
in mysite.com/ZendGdata/demos/Zend/Gdata/InstallationChecker.php
Whereas everything I had tried before failed, except fot the first test, when I placed the above snippet in the installation checker, I got positive tests for everything:
Ran PHP Installation Checker on 2009-12-09T21:16:08+00:00
PHP Extension ErrorsTested: No errors found
Zend Framework Installation Errors Tested No errors found
SSL Capabilities ErrorsTested No errors found
YouTube API Connectivity ErrorsTested No errors found
Does it mean if I place that snippet in install checker, all scripts needing the library can access it?
If not, please let me know what exactly to place in the self-made php.ini & in which folder(s) it should be.
Should that not work, and I were to use .htaccess files, what exactly, based on the folders mentioned above should be the content & exactly which folders should they be in? I read that the .htaccess files should be placed in each folder. Does it really mean I should place one in each of the ZendGdata folders?
I would be grateful for any guidance enabling me to finally start, after failing to sufficient get responses elsewhere.
Thanks in advance.
It's not necessary to put all the ZendGdata code under your website document root. In fact, as a rule I don't put PHP class libraries in a location that can be accessed directly by web requests, because if there's any way to do mischief by invoking the class files directly, then anyone can do it.
Instead, put libraries outside your document root and then reference them from scripts that are run directly. For example, you could create a directory phplib as a sister to your public_html directory. Then upload the ZendGdata bundle under that phplib directory.
You can set your PHP include path in a .htaccess file. You don't need to create a .htaccess file in every directory, because the directives in any .htaccess file apply to all files and directories under the directory where the .htaccess resides. See http://httpd.apache.org/docs/2.2/howto/htaccess.html for more information.
So I would recommend creating a .htaccess file at /home/habaris6/public_html/site.root.folder containing the following directives:
<IfModule mod_php5.c>
php_value include_path ".:/usr/local/lib/php:/home/habaris6/phplib/ZendGdata/library"
</IfModule>
See http://php.net/manual/en/configuration.changes.php for more info on this.
Note that this assumes your webhosting company allows you to use .htaccess files, and that they allow you to use the php_value directive in .htaccess files. Enabling these options is an Apache configuration and they could have their own policies against that for reasons of performance or security. You should contact them for this answer; no one on the internet can answer questions about your hosting provider's policies.
If you choose to use the set_include_path() PHP function to append a directory to your runtime include path, you need to do this in each file that serves as a landing point for a web request. That is, if you permit a request to be made directly to foo.php then you need to add the code to foo.php. Any files or classes subsequently included by foo.php use the include path you defined.
Note also that whatever method you use to define the include path, it has to take effect before your script tries to load any PHP class files via the include path. The .htaccess method should accomplish this, and if you use the code method you just have to put the code high enough in your PHP script.
I don't use the method of creating a custom php.ini file under each directory within your site document tree. That's a new feature of PHP 5.3.0, not supported by earlier versions of PHP. If you're using Apache you should just use .htaccess for the same effect.