I am trying to get a simple CGI website set up with Perl that creates an HTML page that links to a Java applet. I have managed to set this up, but for some reason, the Apache authentication for the site is doing some wonky things. Namely, if the password was entered incorrectly, instead of redirecting to a 403 page (as I assumed it should), it just refreshes the page - bringing up the password prompt again. My htaccess file looks as follows:
AuthUserFile PATH/TO/HTPASSWD
AuthGroupFile /dev/null
AuthName NAME
AuthType Basic
require user USER1
and it is located in the Java applets directory (different from the CGI directory). I have been looking around as to why this problem occurs, but I can't seem to find a reason the page would be refreshed. Does anyone know if this behaviour is typical if a Perl CGI program is trying to access an applet with .htaccess in the applet folder? Thanks beforehand.
It returns the more appropriate 401 Unauthorized error. The response includes the authentication method (Basic). Browsers respond to that by displaying a login prompt. (I believe the browsers give you a 401 error page after a few attempts.)
This is appropriate behaviour. You want to the user to be given another chance to enter his user/password. The real problem is that you can't customize the error to include other links (for example). The name "Basic" is merited.
Related
Very new to Coldfusion, but not to web development so hopefully this is an easy question.
We recently changed a link on our website that took us to /folder/index.cfm. I want to make sure that when someone types www.ourwebsite.com/folder that it doesn't take them to /folder/index.cfm and instead to redirect them to another website.
Any pointers?
There are at least three ways it to do this.
Don't even bother with ColdFusion. Have your web server do the redirect. You are going to need to know if it Apache or IIS or whatever. You can then search for how that web server does it.
This might help you with some of that: Custom 404 error page not working on IIS 8.5
You can make a file at /folder/index.cfm and have a file that has
OR with cfscript
<cfscript>
location("newpage.cfm", false, 301)
</cfscript>
Note the addtoken and statuscode are optional. Add token helps because almost no CF website uses this kind of token. The status code helps because tells the browser that this is a permanent move.
You could intercept the request in application.cfc . In fact, in some systems all requested are checked for validity in application.cfc. You might still need a blank page at the target, but at least some ColdFusion is processed
Of all the options, 1 is my favorite, because there really isn't a lot that can be done with requests to missing pages. And the list of potential missing pages is unlimited.
I have a web form which I have recently secured with an SSL Certificate.
Since installing the certificate, the form behaves differently - when it was unsecured http it would give an error message if any required field was not filled in eg "This field is required". However, as a secured https page it doesn't give this error message any more and it is possible to submit the form whether the fields are filled in or not.
I'm a little confused because nothing else has changed other than the form page is now secured https.
Any advice on why this might be and how I could fix it would be much appreciated. Many thanks!
If you are using JavaScript for validation, Open the web page with either Google Inspect or Firefox Firebug, Check whether any of the java script is blocking or not... Its looks like some of the .js file is not loading properly.
If the validation are using ASP.NET validator, then there shouldn't be any issues.
One of my pages in my domain is set up as a redirect from aweber, so when I confirm on the link on an email optin from aweber it redirects to this page MyPage.html and includes a welcome message with the name I signed up with.
Now granted I am not sure if this is something to do with aweber set up for redirect although it's very easy to do (basically paste the URL in settings you want to redirect to) and I have double/triple checked it. I also contacted aweber support who said it can be the javascript for personalisation embedded in the Head section of the redirect page that can cause this error. I have removed this code and can confirm it is not the javascript or redirect causing it hence my appearance here.
I also have another portion of the site using this redirect and personalisation and it works fine.
Now when I click on the link in my email from aweber it gives me this error:
Forbidden
You don't have permission to access /mypage.html on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an >ErrorDocument to handle the request.
And the redirect URL is below so I can see it is redirecting with my details ok but failing to give me access to the page.
mysite.com/mypage.html?email=myemail%40yahoo.co.uk&from=myemail%40yahoo.co.uk&meta_adtracking=my_web_site&meta_message=1001&name=MyName&unit=MyAweberListName&add_url=http%3A%2F%2Fwww.MySite.com%2FthankyouPage.html&add_notes=xx.xx.xx.xxx
All my pages have access permission 644 and the page is a copy of one of my other pages, which works fine, I've not added anything, changed anything, only removed text lines and graphics.
I just also tried remaking the landing page and it failed once more. Funnily enough though when I manually type the page into the URL bar up it comes; this worked before with the original page as well!
This works:
mysite.com/mypage.html
This [redirect] doesn't and gives the error described above
mysite.com/mypage.html?email=myemail%40yahoo.co.uk&from=myemail%40yahoo.co.uk&meta_adtracking=my_web_site&meta_message=1001&name=MyName&unit=MyAweberListName&add_url=http%3A%2F%2Fwww.MySite.com%2FthankyouPage.html&add_notes=xx.xx.xx.xxx
Any ideas on getting to the bottom of this would be greatly appreciated.
Host is hostgator
very often in Internet I see links like this:
www.abcde.com/~main/material/hello
and this part ~main/material/hello is grey, if I remove hello I receive access forbidden, can somebody explain, what is this system, and is it possible receive access?
Directory listing is disallowed on www.abcde.com/~main/material/, but you have access to it's content.
They've configured the web server to only allow access to certain areas. You won't be able to receive access to it.
Depends on the web server. On Apache this can be done with
Options -Indexes
what do you mean it is grey? the link text on a page? That can be any colour that the page owner wants, but I don't remember seeing a grey link.
What happens if you type www.abcde.com/~main/material/hello directly into the browser's address window?
If you remove "hello" and receive access forbidden it is because there is no public access to www.abcde.com/~main/materia - give up, you will never access that without a password.
The tilde (~) is *nix convention for a user's home directory. Using it in the URL tells an appropriately-configured web server to look in a directory in the user's home directory for the files to show via the web server.
A customer site that I cannot change has the line document.domain = "example.com" while the site is at www.example.com.
The effect is that FaceBook Connect window login gets stuck after submitting username+password.
Firebug shows its in infinite loop inside dispatchmessage function, which gives perpetual exception:
Error: Permission denied for <http://www.example.com> to get property Window.FB from <http://example.com>
Any idea how to work around this? I prefer not to ask the customer to remove the document.domain='example.com'
It seems like a really bad idea to tell the visitor's browser that the website is being served from a particular domain, when it in fact is not. The best solution would be to change that line. I take it you don't want to change it because they have some client-side code that depends on this?
One workaround would be to change the Facebook application's Connect URL to http://example.com, since Facebook's JavaScript will think that is where it is being executed.