request headers - Page 228

How is this modsec rule getting triggered?

- by BipedalShark

I made a GET request to the URL, http://domain.tld/test/docs/index.php?create_table=1&step=2 and got a 403 response code. It turns out this modsec rule is getting triggered: Access denied with code 403 (phase 2). Pattern match "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" at ARGS:gltr_redir. [file "/opt/mod_security/10_asl_rules.conf"] [line "827"] [id "340153"] [rev "22"] [msg "Generic PHP code injection protection via ARGS 3"] [severity "CRITICAL"] I would assume ARGS refers to GET/POST data, but there's no gltr_redir in the query string. And, being a GET request, there's obviously no POST data. So how is this rule being triggered?

Read the article

Webserver not giving the correct response on CURL and other httprequest methods [migrated]

- by Maxim

I am trying to make a REST request to a external webserver by using this code <?php $user = 'USER'; $pass = 'PASS'; $data = "MYDATA" $ch = curl_init('URL'); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'Content-Length: ' . strlen($data)) ); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_VERBOSE, true); if(!($res = curl_exec($ch))) { echo('[cURL Failure] ' . curl_error($ch)); } curl_close($ch); echo($res); Now this is a CURL request, however i tried different methods to test my result and they all give me a 403 forbidden error response that i get from the webserver, however i do get a 200 response when i run it on any other webserver (localhost, webserver2, ...) Therefore i think there is something wrong with my webserver and it might be disallowing/caching the post parameters that i provide because sometimes it returns a 200 response but most of the times it returns the 403. This is the response i get : HTTP/1.1 403 Forbidden Accept-Ranges: bytes Content-Type: application/json; charset=UTF-8 Date: Sat, 26 Oct 2013 13:56:37 GMT Server: Restlet-Framework/2.1.3 Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept Content-Length: 77 Connection: keep-alive {"error":"ForbiddenOperationException","errorMessage":"Invalid credentials."} It says Invalid credentials however i provide the correct credentials and i can confirm them because it is working on other servers. Since this is a crucial part of my script that i use for clients to register i assume that there is something wrong with the post parameters. I am running cpanel and uninstalled the following already: - varnish - apachebooster i also recompiled php already and enabled curl and its dependencies but nothing seems to resolve my problem. If more information is required then don't hesitate to ask me in the comments i will respond very quickly as i really need this. any help is appreciated. Kind regards Maxim

Read the article

Suscribers locking during snapshot replication

- by remi_bourgarel

Hi all :) Here is my architecture : I have a main server and 4 replica (the servers are synchronized with snapshot replication). The replication is working fine, except for one thing : during the replication a lot of SELECT request on one of the replica fail with a time-out. Here are my questions : Can I avoid these time-out ? If I can't : how can I detect the start and the end of the replication to redirect all the request on one of the replica to the main ? Thanks Sorry if you already answered to that kind of question but I couldn't find anything.

Read the article

LIRC-ZILOG on ubuntu 12.04

- by aoman

I followed these guides to configure a Hauppauge PVR, and after compiling the hpvr modules, I have this problem: (that also includes the zilog one) # locate zilog /lib/modules/3.2.0-29-generic/kernel/drivers/staging/media/lirc/lirc_zilog.ko /lib/modules/3.2.0-34-generic/kernel/drivers/staging/media/lirc/lirc_zilog.ko /usr/src/linux-headers-3.2.0-29-generic/include/config/lirc/zilog.h sudo modprobe lirc_zilog FATAL: Error inserting lirc_zilog (/lib/modules/3.2.0-34-generic/kernel/drivers/staging/media/lirc/lirc_zilog.ko): Invalid argument The PVR works and I can get a test video with sound. The remote does not. I want the transmitter to work so it can automatically change the channel on the cable box and find the video I wanted to record. The LIRC sources are not on Ubuntu sources and so I can only guess at what commands I might have to use. How do I resolve the error and get the remote working?

Read the article

Nginx proxy to s3 bucket gets 400 Invalid Argument

- by elssar

I have a Django app in which I serve media files through an nginx proxy to s3. The relevant python code response = HttpResponse() response['X-Accel-Redirect'] = '/s3_redirect/%s' % filefield.url.replace('http://', '') response['Content-Disposition'] = 'attachment; filename=%s' % filefield.name return response The nginx block for the internal redirect is location ~* ^/s3_redirect/(.*) { internal; set $full_url http://$1; proxy_pass $full_url; And the request logged by s3 is. REST.GET.OBJECT <media file> "GET <media file>" 400 InvalidArgument 354 - 4 - "http://<referer>" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1" - I, for the life of me, can't figure out what's wrong. The url send to nginx by the app is valid, it works in the browser. And nginx is sending a request to s3.

Read the article

How to coach a developer with dyslexia to improve his spelling and grammar capabilities?

- by Uwe Keim

Just having read this question regarding developers with dyslexia, I still have some open questions on how to deal with it: I am working on a project sinc approx. 6 month with a new developer who just finished university. I see that the code quality is high, what he's missing is the ability to write texts (even short ones) in an error-free manner (both, syntax and grammar errors). He is working on some UI stuff (VS.NET 2010, ASP.NET 4) and, beside coding, has to write short text for labels, buttons, grid view headers, page titles, etc. Since even those texts have errors inside, no matter how much I try to discuss the need for a professional, text-error-free UI, he seems to not manage to get this right, although he really tries. So my questions are: Are there any hints how he (or I) should proceed to enhance the text quality? Do you know any tools (like inline spell checkers) for VS.NET to highlight syntax and grammar errors? (We are working on a German-only UI, if this is important to know)

Read the article

Apache Serving 403 Forbidden after OS X Snow Leopard Upgrade to Version 10.6.6

- by Ian Oxley

I've just upgraded my MacBook Pro to OS X Snow Leopard version 10.6.6 and now Apache is misbehaving: requests to http://localhost/ generate a 403 Forbidden response -- FIXED requests to any of my virtual hosts seem to generate a 200 Ok response, but contain zero bytes Some further info that might be useful: I'm using the Apache that comes bundled with OS X. I'm using PHP from http://www.entropy.ch/software/macosx/php/ (which is in /usr/local/bin) I've had look at the Apache error log and the only error seems to be the following: [notice] child pid 744 exit signal Segmentation fault (11) I'm completely stumped by this. Any help would be much appreciated. UPDATE Ok, I've managed to resolve the 403 Forbidden error thanks to http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/ I'm still having the second problem though for any request e.g. this now happens when I request http://localhost

Read the article

SSL Ajax type of certificate for the static domain (image + js)

- by Alexl

Hi, I have a page that is SSL and has a valid certificate extended. (mainpage.com) But this page request some static content to another domain(page-static.com), basicly images and js. Actually i have only a certificate for my mainpage.com. So now when i request this page i get invalid ssl page because it contains invalid encrypted data (the one provided by the www.page-static.com) What kind of certificate do i need for the www.page-static.com. Do i need the same one as the mainpage.com, because this certificate are expensive (it's a extended certificate). Or a cheap certificate from godaddy will do the trick. This is another question do both certificates have to be signed by the same root provider and/or the same encryption key length (or it can be only 128 bits)? Thanks for your help

Read the article

Why does mod_security require an ACCEPT HTTP header field?

- by ripper234

After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

Read the article

How do I figure out which version of OpenCL comes with my nvidia-current-dev package?

- by levesque

I am running Ubuntu 10.04 with an nvidia geforce GT 240 card. I installed nvidia-current-dev with apt-get, thus I got a bunch of headers and lib files for OpenCL. However, I am unable to figure out if I have OpenCL 1.0 or 1.1 (could be 1.2, though I doubt it). Does anyone know a way to figure out which version of OpenCL comes with the nvidia-current-dev package (version: 195.36.24-0ubuntu1~10.04.2)? If not, is there another place where I could get an answer?

Read the article

Apache SSL losing session over load balancer

- by SaltyNuts

I have two physical Apache servers behind a load balancer. The load balancer was supposed to be set up so that a user would always be sent to the same physical server after the first request, to preserve sessions. This worked fine for our web apps until we added SSL to the setup. Now the user can successfully login, see the home page, but clicking on any other internal links logs the user right out. I traced the issue to the fact that while initial authentication is performed by server 1, clicking on internal links leads to having the request sent to server 2. Server 2 does not share sessions with server 1, and the user is kicked out. How can I fix it? Do I need to share sessions between the two servers? If so, could you point me to a good guide for doing this? Thanks.

Read the article

Possibility of recovering files from a dd zero-filled hard disk

- by unknownthreat

I have "zero filled" (complete wiped) an external hard disk using dd, and from what I have heard: people said you should at least "zero fill" 3 times to be sure that the data are really wiped and no one can recover anything. So I decided to scan the disk once again after I've zero filled the disk. I was expecting the disk to still have some random binary left. It turned out that it has only a few sequential bytes in the very beginning. This is probably the file structure type and other headers stuff. Other than that, it's all zeros and nothing else. So if we have to recover any file from a zero filled disk, ...how? From what I've heard, even you zero fill the disk, you should still have some data left. ...or could dd really completely annihilate all data?

Read the article

First Experience with Web Services

When I first started programming with Microsoft .Net (1.0 Framework) I had a strong desire to learn how search engines indexed web sites. At that time I was a working as a search engine spammer creating web pages to generate traffic for specific themes for various clients. One way I attempted to better understand .Net was to build a web spider that analyzed web pages on demand. An example of the spider is hosted at AddLinkz.com. After my spider was built I had no real idea what I could/should do with it until I found the MSN Search API. I used this web service to compare its results with my spider. Additionally, I used the API to feed my .Net web spider new URLs from the API based on specific search terms. MSN’s search API was very easy to use, I just had to request information by calling a web URL with parameters via a Get request and the results were returned in XML. At that time all requests were limited to XML responses and a maximum of 1,000 results per query. Since then the entire API has gone through several reconstructions, rebranding and new search services. Microsoft’s new Bing API replaced the older MSN search API and added several new search capabilities. These new features allow search data to be returned for web searches, image searches, new searches, and related search terms to name a few. Bing API Version 2.0 SourceTypes Web Searches for web content Sushi Image Searches for images on the web Sushi News Searches news stories Sushi InstantAnswer Searches Encarta online what is sushi, convert 5 feet to meters, x*5=7, and 2 plus 2 Spell Searches Encarta dictionary for spelling suggestions Phonebook Searches phonebook entries sushi in Los Angeles RelatedSearch Returns the query strings most similar to yours Ad Returns advertisements to incorporate with results I currently plan to start using the web search feature from the new Bing 2.0 API in an open source project related to exception management. Currently, it is still in the conception phase.

Read the article

In TCP/IP terms, how does a download speed limiter in an office work?

- by TessellatingHeckler

Assume an office of people, they want to limit HTTP downloads to a max of 40% bandwidth of their internet connection speed so that it doesn't block other traffic. We say "it's not supported in your firewall", and they say the inevitable line "we used to be able to do it with our Netgear/DLink/DrayTek". Thinking about it, a download is like this: HTTP GET request Server sends file data as TCP packets Client acknowledges receipt of TCP packets Repeat until download finished. The speed is determined by how fast the server sends data to you, and how fast you acknowledge it. So, to limit download speed, you have two choices: 1) Instruct the server to send data to you more slowly - and I don't think there's any protocol feature to request that in TCP or HTTP. 2) Acknowledge packets more slowly by limiting your upload speed, and also ruin your upload speed. How do devices do this limiting? Is there a standard way?

Read the article

Vmware installation over ubuntu sever 12.04 lts

- by Sandeep

How to install vmware workstation 7.1.6-744570.i386 on Ubuntu Server 12.04 lts. i installed it but error is coming . Vmware kernel module updater Unable to build kernel module. See log file /tmp/vmware-root/setup-8887.log for details. make[2]: * [/tmp/vmware-root/modules/vmmon-only/linux/driver.o] Error 1 make[1]: * [module/tmp/vmware-root/modules/vmmon-only] Error 2 make[1]: Leaving directory /usr/src/linux-headers-3.2.0-27-generic-pae' make: *** [vmmon.ko] Error 2 make: Leaving directory/tmp/vmware-root/modules/vmmon-only' please provide the solution for this

Read the article

Is it needed to have your blog title and description in H1 and H2

- by Saif Bechan

I have read an article that states that it is not necessary to have your blog title and description on your website at all. Just have the titles of the posts in h1, on the index and the post page. And on the post page have your different sections started with h2. Widget headers start with h3. Title and description are most of the time in the logo image. I have looked at the source of my favorite blog, http://net.tutsplus.com, and I see they do the same. Is this recommended?

Read the article

How to REALLY start thinking in terms of objects?

- by Mr Grieves

I work with a team of developers who all have several years of experience with languages such as C# and Java. Most of them are young enough to have been shown OOP as a standard way to develop software in university and are very comfortable with concepts such as inheritance, abstraction, encapsulation and polymorphism. Yet, many of them, and I have to include myself, still tend to create classes which are meant to be used in a very functional fashion. The resulting software is often several smaller classes which correctly represent business objects which get passed through larger classes which only supply ways to modify and use those objects (functions). Large complex difficult-to-maintain classes named Manager are usually the result of such behaviour. I can see two theoretical reasons why people might write this type of code: It's easy to start thinking of everything in terms of the database Deep down, for me, a computer handling a web request feels more like a functional operation than an object oriented operation when you think about Request Handlers, Threads, Processes, CPU Cores and CPU operations... I want source code which is easy to read and easy to modify. I have seen excellent examples of OO code which meet these objectives. How can I start writing code like this? How I can I really start thinking in an object oriented fashion? How can I share such a mentality with my colleagues?

Read the article

AJAX driven "page complete" function? Am I doing it right?

- by Julian H. Lam

This one might get me slaughtered, since I'm pretty sure it's bad coding practice, so here goes: I have an AJAX driven site which loads both content and javascript in one go using Mootools' Request.HTML. Since I have initialization scripts that need to be run to finish "setting up" the template, I include those in a function called pageComplete(), on every page Visiting one page to another causes the previous pageComplete() function to no longer apply, since a new one is defined. The javascript function that loads pages dynamically calls pageComplete() blindly when the AJAX call is completed and is loaded onto the page: function loadPage(page, params) { // page is a string, params is a javascript object if (pageRequest && pageRequest.isRunning) pageRequest.cancel(); pageRequest = new Request.HTML({ url: '<?=APPLICATION_LINK?>' + page, evalScripts: true, onSuccess: function(tree, elements, html) { // Empty previous content and insert new content $('content').empty(); $('content').innerHTML = html; pageComplete(); pageRequest = null; } }).send('params='+JSON.encode(params)); } So yes, if pageComplete() is not defined in one the pages, the old pageComplete() is called, which could potentially be disastrous, but as of now, every single page has pageComplete() defined, even if it is empty. Good idea, bad idea?

Read the article

Need help configurating my Tomcat server

- by gablin

I just reinstalled my entire server, and now I can't seem to get my JSP-based website to work on Tomcat anymore. I use the same server.xml file, which worked perfectly before the reinstallation, but no longer. Here's the content of the server.xml file which worked before:  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />  <Listener className="org.apache.catalina.core.JasperListener" />  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />  <GlobalNamingResources>  <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources>  <Service name="Catalina">    <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />   <Engine name="Catalina" defaultHost="localhost">      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>        <Host name="www.rebootradio.nu"> <Alias>rebootradio.nu</Alias> <Context path="" docBase="D:/services/http/rebootradio.nu" debug="1" reloadable="true"/> </Host> </Engine> </Service> </Server> The JSP site doesn't use any WAR files or anything like that; there's just a default.jsp in the specified folder D:/services/http/rebootradio.nu which loads the site. As I said, this configuration worked before, but now with the latest verion of XAMPP and Tomcat it doesn't work anymore. All I get is a 404 message saying The requested resource () is not available.

Read the article

How do you manage a complexity jump?

- by glenatron

It seems an infrequent but common experience that sometimes you're working on a project and suddenly something turns up unexpectedly, throws a massive spanner in the works and ramps up the complexity a whole lot. For example, I was working on an application that talked to SOAP services on various other machines. I whipped up a prototype that worked fine, then went on to develop a regular front end and generally get everything up and running in a nice, fairly simple and easy to follow fashion. It worked great until we started testing across a wider network and suddenly pages started timing out as the latency of the connections and the time required to perform calculations on remote machines resulted in timed out requests to the soap services. It turned out that we needed to change the architecture to spin requests out onto their own threads and cache the returned data so it could be updated progressively in the background rather than performing calculations on a request by request basis. The details of that scenario are not too important - indeed it's not a great example as it was quite forseeable and people who have written a lot of apps of this type for this type of environment might have anticipated it - except that it illustrates a way that one can start with a simple premise and model and suddenly have an escalation of complexity well into the development of the project. What strategies do you have for dealing with these types of functional changes whose need arises - often as a result of environmental factors rather than specification change - later on in the development process or as a result of testing? How do you balance between avoiding the premature optimisation/ YAGNI/ overengineering risks of designing a solution that mitigates against possible but not necessarily probable issues as opposed to developing a simpler and easier solution that is likely to be as effective but doesn't incorporate preparedness for every possible eventuality?

Read the article

How do I use apt-get to update to the latest kernel?

- by Bucic

My current kernel is 3.2.0-26 (my main computer) while on another of my Ubuntu computers, with which I didn't fiddle with unofficial updates, it's 3.2.0-30. Yet the Update manager on my main computer doesn't show available kernel updates. It shows other updates though. I suspect is due to the fact that in the past I installed multiple mainline kernel versions (not recommended versions), up to 3.5* series. What I'm after: Either: Fix automatic kernel updates. Or: Learn about a way to check for the latest official ubuntu kernel version and get it manually (I know how to install kernels from debs) What I have already tried: Uninstalled unused kernels including "the generic one without a number" as per http://askubuntu.com/a/103875/29347 and then also https://ubuntugenius.wordpress.com/2011/01/08/ubuntu-cleanup-how-to-remove-all-unused-linux-kernel-headers-images-and-modules/

Read the article

Where can I find logs for SFTP?

- by Jake

I'm trying to set up sftp-server but the client is getting an error, Connection closed by server with exitcode 1 /var/log/auth.log (below) doesn't help much, how can I find out what the error is? I'm running Ubuntu 10.04.1 LTS sshd[27236]: Accepted password for theuser from (my ip) port 13547 ssh2 sshd[27236]: pam_unix(sshd:session): session opened for user theuser by (uid=0) sshd[27300]: subsystem request for sftp sshd[27236]: pam_unix(sshd:session): session closed for user theuser Update: I've been prodding this for a while now, I've got the sftp command on another server giving me a more useful error. Request for subsystem 'sftp' failed on channel 0 Couldn't read packet: Connection reset by peer Everything I've found on the net suggests this id a problem with sftp-server but when I remove the chroot from sshd config I can access the system. I assume this means sftp-server is accessible and set up correctly.

Read the article

LIVE Video Streaming with Nginx + PHP-FPM / Process Timeout

- by user3393046

I have a live video streaming in my server using nginx + php. the php file reas a live streaming and it directly sends it to the client. I have only one problem. The problem is that i want each request to be in a new process of php-fpm. In a few words i don't want to have idle timeout for a process but instead i want them to close instant when a request is being closed. With idle timeout i have huge problems which are hard to explain at the moment but i'm really sure that if i disable the idle timeout everything will be perfect. Is there any way to do this? I'm using on demand php-fpm

Read the article

Extending an ABCS

- by jamie.phelps

All AIA Application Business Connector Services (ABCS) are extension enabled out of the box. The number and location of extension points in each ABCS is dependent upon whether the ABCS is a request-response or fire-and-forget service. Below is an example of a request-reply ABCS with 4 extension call-out points: Pre-transformationPost-transformation, Pre-invokePost-invoke, Pre-transformationPost-transformation, Pre-reply You can also see in the diagram that each XSL Transformation has it's own extension call-out. However for now we are only discussing the ABCS extension call-outs. To extend an ABCS, you'll first need to identify the specific extension points that are available in your ABCS and choose the one or more that you want to implement. You can an get an idea of the extension points available in your ABCS by looking into the AIAConfigurationProperties.xml file found under the AIA_HOME/config directory. Find the for your ABCS and look for properties similar to the following: false false false false Each extension point in the ABCS will have a corresponding configuration property to control whether or not the extension call-out is active at runtime. So these properties can give you some idea of what extension points are available in your ABCS. However, you'll probably also want to look into the ABCS BPEL code itself to confirm the exact location of the call-out.

Read the article

How can I inform search engines that the usefulness of some content on my site has a limited shelf life?

- by Tim Post

Let's say that I run a forum dedicated to computer hardware. Naturally, people are going to ask questions like: What is the best laptop for running [os] Or What is the best video card for under [amount] These may be perfectly fine discussions, but the content loses usefulness over time. An answer to either question asked in 2007 might still be relevant in 2008, but definitely not in 2012. Is there a way that I can tell search engines that certain pages might not give visitors what they're looking for after a certain date, and perhaps hint to a page on my site that would provide good information? Perhaps something I could set in HTTP response headers, meta tags or even a site map?

Search Results

Search found 17538 results on 702 pages for 'request headers'.

Page 228/702 | < Previous Page | 224 225 226 227 228 229 230 231 232 233 234 235 | Next Page >

- by BipedalShark

- by Maxim

- by remi_bourgarel

- by aoman

- by elssar

- by Uwe Keim

- by Ian Oxley

- by Alexl

- by ripper234

- by levesque

- by SaltyNuts

- by unknownthreat

- by TessellatingHeckler

- by Sandeep

- by Saif Bechan

- by Mr Grieves

- by Julian H. Lam

- by gablin

- by glenatron

- by Bucic

- by Jake

- by user3393046

- by jamie.phelps

- by Tim Post

< Previous Page | 224 225 226 227 228 229 230 231 232 233 234 235 | Next Page >