Search Results

Search found 29495 results on 1180 pages for 'cross site scripting'.

Page 410/1180 | < Previous Page | 406 407 408 409 410 411 412 413 414 415 416 417  | Next Page >

• Maintaining CSS on a pre-built ASP.net website. How can I run this locally on a home linux server?

  - by DavidR

  I was in charge of the css for a website. I sent in my code to a guy who integrates the css with the dev site. Later they decided it would be better for me to have a more direct role in dealing with the css. I've downloaded everything on the ftp but have no idea how to get this set up. I am running an Apache server on a Fedora Linux install. Is there any way I can set up a local testing server so I can test my changes before ftp'ing them back on the site?

  Read the article

• HTTPS vs. VPN for communication between business partners?

  - by Andrew H

  A business partner has asked to set up a site-to-site VPN just so that a few servers can communicate with each other over HTTPS. I'm convinced this isn't necessary, or even desirable. To be fair it must be part of a wider policy, potentially even a legal requirement. However I'd like to convince them to simply offer an IP to us (and us only) and a port of their choosing for HTTPS. Has anyone had a similar experience, or had to come up with a cast-iron argument against a VPN? Allow me to expand a little - we have a web service that initiates a connection to the partner's corresponding service using an encrypted HTTP connection. The connection uses a client certificate to authenticate. The connection is firewalled so only our IPs can contact the service. So why is a VPN necessary?

  Read the article

• Sharepoint Document Library not receiving emails

  - by ria

  I have created a sharepoint document library which is email enabled. However when i send email to the designated email address from anywhere, i dont receive the email & attachment in the list. I have done some R&D and i hv found that in order to receive email from anywhere i have to expose my DNS of the sharepoint site to the outside world. Now i dont know whether it applies to the email address designated to me in the Active directory profile as well (my company domain email address). How to test that this email reception is working in the document library? I have tried sending an email from the sharepoint site and it works fine so the SMTP settings are correctly done.

  Read the article

• Can I use a micro ec2 instance as a load balancer for my other large ec2 instances?

  - by Ryan Detzel

  The issue I'm having is I want to upgrade that instance often(security patches, etc) but I'm affriad something will fail and the site will be down. So, I want to have another server setup and load balance between the two that way I can easily disable one, upgrade it and once it's working add it back in the mix and repeat. What kind of machine is needed for a load balancer? Would the micro instance work just fine? The site gets anywhere from 3-10k hits/day. I plan on using nginx as the load balancer.

  Read the article

• Multiple redirects / rewrites within one VirtualHost group

  - by Benjamin Dell

  Hi, I have a client that now wants to point a couple of dozen urls to their main site. I have added them as serveralias's in the sites apache config file... so now all of these urls point to the primary one... excellent. The problem i have is that if ANY of these alias's are accessed at the root (i.e. www.domain.com rather than www.domain.com/some-page/) then i need to redirect them to a specific page within the site (i.e. anyone accessing domain.com might need to be sent to domain.com/special-landing-page/). However, any visit to anything other than the landing page should just continue as normal without any re-directs. I've been battling with this for a few hours and can't seem to find the best solution. Does anyone have any suggestions?

  Read the article

• Nginx not working properly on subdomains [SOLVED]

  - by javipas

  I've been trying to setup a Sugar CRM instance. I've got a domain that has its main site on a server (www.domain.com) and I've created a subdomain (sugar.domain.com), but I wnat this subdomain to be hosted on another server. This second server has nginx installed, and there's a working WordPress blog there on a virtualhost, so I would need to setup a second site. To do this I've created the directory structure, and I've created a /etc/nginx/sites-enabled/sugar.domain.com configuration file that has the following: * server { listen 80; server_name sugar.domain.com *.domain.com; access_log /var/www/sugar/log/access.log; error_log /var/www/sugar/log/error.log info; location / { root /var/www/sugar; index index.php; } location ~ .php$ { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_pass backend; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/sugar/$fastcgi_script_name; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_read_timeout 180; } ## Disable viewing .htaccess & .htpassword location ~ /\.ht { deny all; } } upstream backend { server 127.0.0.1:9000; } As far as I know, I need the *.domain.com parameter on the "server_name" flag, but something is crashing here: I get either a 403 Forbidden error, or I get PHP code (I can read the PHP file code in the browser, like normal text) that somehow is not executed. I've tried setting permissions to 755 inside the /var/www/sugar/ directory, and I've also set up the owner:group with a chown -R www-data:www-data /var/www/sugar/ The thing is, I don't now if my mistake is in the nginx site configuration, in my folder permissions, or in other place :( Could it be because of the main domain (www.domain.com) is hosted on other server? Do they have to be together necessarily?

  Read the article

• Tuning MySQL to consume less memory

  - by Alex

  I have a VM which has 2GB Ram, (full specs) And I am setting up a site which has one table in particular with over a million records. There's little or no usage of this particular database (perhaps once or twice a day) but simply running mysql grinds the whole server to a halt. I've looked through the top results but nothing is really denting the CPU however the memory seems to be the issue. The site isnt even live of taking requests yet. the memory situation looks like this: # free -m total used free shared buffers cached Mem: 2006 1880 126 0 3 53 -/+ buffers/cache: 1823 183 Swap: 2047 345 1702 Are there any good pointers to tune mysql to stop hogging the system memory? Thanks very much EDIT: (requested by 8bit): http://tny.cz/b41a0b12

  Read the article

• 404s on password protected content

  - by tjb1982

  I'm new to WordPress and SEO, generally, but we've been running into problems with our site that don't seem to make sense to me. The problem is that our editor likes to schedule posts and/or mark them private until she is ready to make them public, but somehow Google is crawling these posts and getting 404s (because they are password protected). How does Google know they exist in the first place? I checked the sitemap.xml file and don't see a record of the post. One of the offending posts was marked public, but is scheduled for a future date. Could that have something to do with it? I've tried to Google the answer, and I came up with a good amount of reassurance that this won't hurt the site, but I'm still wondering how it's happening in the first place. It's hard because I don't know exactly what the editor's workflow is. Is it possible she's posting publicly first and then revising it to be private only after it's too late? Does anyone know how Google finds WordPress URLs it shouldn't have access to?

  Read the article

• HTTPS and HTTP issue on server with SSL

  - by Asghar

  I have a site www.example.com for which i purchased SSL cert and installed. And it was working fine, I also have a subdomain with app.example.com which was not on SSL. Both www.example.com and app.example.com are on same IP address. At later we decided to put SSL only on app.frostbox.com and then i configured SSL with app.frostbox.com and it worked fine, Now the issue is that Google is indexing my site as https://www.example.com/ and when users hits the web , Invalid security warning is issued and when user allow security issue they are shown my app.example.com contents. Note: I have my SSL configuration files in /etc/httpd/conf.d/ssl.conf The contents of the ssl.conf are below. NOTE: I tried solutions in .httaccess but none of those worked. Like redirecting 301 redirects etc http://pastebin.com/GCWhpQJq

  Read the article

• Accessing server by dedicated IP address

  - by Sherwin Flight

  I'm having an issue with my hosting provider after migrating to a new account. It's taking some time to get the problem sorted out, so I am hoping someone here can shed some light on the situation. The server is running WHM/cPanel, and the site I am trying to access has a dedicated IP address. When I connect to the server like this http://IP.HERE instead of showing my the website the way I would expect, it is showing the contents of a subfolder. So, while I would expect it to load public_html/ it is loading public_html/somefolder/ instead. Any idea why this is happening instead of showing the sites homepage the way I would expect? EDIT It is not redirecting, so the url is just http://IP.ADDRESS/, but the files listed are from a subfolder. So, it LOOKS at though I went to http://IP.ADDRESS/subfolder, when the URL says it should be showing the main folder contents. When I access the site using the domain name, it works properly, so I assume the document root is set correctly.

  Read the article

• Nginx not working properly on subdomains

  - by javipas

  I've been trying to setup a Sugar CRM instance. I've got a domain that has its main site on a server (www.domain.com) and I've created a subdomain (sugar.domain.com), but I wnat this subdomain to be hosted on another server. This second server has nginx installed, and there's a working WordPress blog there on a virtualhost, so I would need to setup a second site. To do this I've created the directory structure, and I've created a /etc/nginx/sites-enabled/sugar.domain.com configuration file that has the following: * server { listen 80; server_name sugar.domain.com *.domain.com; access_log /var/www/sugar/log/access.log; error_log /var/www/sugar/log/error.log info; location / { root /var/www/sugar; index index.php; } location ~ .php$ { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_pass backend; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/sugar/$fastcgi_script_name; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_read_timeout 180; } ## Disable viewing .htaccess & .htpassword location ~ /\.ht { deny all; } } upstream backend { server 127.0.0.1:9000; } As far as I know, I need the *.domain.com parameter on the "server_name" flag, but something is crashing here: I get either a 403 Forbidden error, or I get PHP code (I can read the PHP file code in the browser, like normal text) that somehow is not executed. I've tried setting permissions to 755 inside the /var/www/sugar/ directory, and I've also set up the owner:group with a chown -R www-data:www-data /var/www/sugar/ The thing is, I don't now if my mistake is in the nginx site configuration, in my folder permissions, or in other place :( Could it be because of the main domain (www.domain.com) is hosted on other server? Do they have to be together necessarily?

  Read the article

• Tracking form abandonment

  - by Alec Sanger

  I'm looking for a decent way to track form abandonment. Ideally, I would like to see how many people start filling out a form but do not complete it, as well as the last field that was filled out. The website is a fairly large Wordpress site with quite a few forms. Some of these forms are to register for events, some are for donations, some are for information requests. My first attempt at this was adding a generic jquery that bound functions to all forms on the site. When a form element was blurred, I would trigger a Google Analytics event with the name of the form, the name of the field, and whether or not it was filled. I expected to be able to go to the Event Flow section in Google Analytics and see the flow of these form events, however since there are so many forms and other events occurring on the website, Google wouldn't let me break them out very well. The other issue was the Quform doesn't name their fields anything relevant, and it doesn't look like we can name them ourselves. This results in a lot of ugly form names that don't mean anything without cross-referencing the actual form. Does anybody have any suggestions on how I can achieve more usable form abandonment metrics in a scenario like this?

  Read the article

• How to enable a Web portal-based rich enterprise platform on different domains and hosts using JS without customization/ server configuration

  - by S.Jalali

  Our company Coscend has built a Web portal-based communications and cloud collaboration platform by using JavaScript (JS), which is embedded in HTML5 and formatted with CSS3. Other technologies used in the core code include Flash, Flex, PostgreSQL and MySQL. Our team would like to host this platform on five different Windows and Linux environments that run different types of Web servers such as IIS and Apache. Technical challenge: Each of these Windows and Linux servers have a different host name and domain name (and IP address), but we would like to keep our enterprise platform independent of host server configuration. Possible approach to solution: We think an API (interface module with a GUI) is needed to accomplish this level of modularity and flexibility while deploying at our enterprise customers. Seeking your insights: In this context, our team would appreciate your guidance on: Is there an algorithmic method to implement this Web portal-based platform in these Windows and Linux environments while separating it from server configuration, i.e., customizing the host name, domain name and IP address for each individual instance? For example, would it be suitable to create some JS variables / objects for host name and domain name and call them in the different implementations? If a reference to the host/domain names occurs on hundreds of portal modules, these variables or JS objects would replace that. If so, what is the best way to make these object modules written in JS portable and re-usable across different environments and instances for enterprise customers? Here is an example of the implemented code for the said platform. The following Web site (www.CoscendCommunications.com) was built using this enterprise collaboration platform and has the base code examples of the platform. This Web site is domain-specific. We like to make the underlying platform such that it is domain and host-independent. This will allow the underlying platform to be deployed in multiple instances of our enterprise customers.

  Read the article

• Analytics on Mobile Phones

  - by Samuh

  Tracking events and setting up Analytics for Websites seems easy. You create an account with one of the Analytics service providers like Google. They give you javascript code that you embed in your pages (whichever event you wish to track) and voila..you're done. I have written a native application for Android phones, which is actually an adaptation of the actual web site. Now, I am required to setup Analytics and tracking for this native application. Question: How to do this on Mobile phones from within a native application? We have Java Script code that works for the original web site. Is there a way to incorporate that in the native application? I know Android supports Java Script via WebViews(Webkit);my application does not have webviews and it is native. Also, I have not worked on JavaScript since school so excuse me if I sound naive. Thanks.

  Read the article

• Improving Windows Authentication performance on IIS

  - by flalar

  We're struggling with performance issues with a ASP.NET MVC site that is using Windows Authentication. Response time is very slow on the first request to the site when the user is being authenticated. Further, every time the Authorization header is sent from the browser the response time increases with many seconds. The same issue occurs for both executed files and static content like CSS and JS. Access to the application is restricted to users within a certain role and we are now planning to allow access to static files for all authenticated users to see if that helps. The authentication method in use is NTLM. How should we go forward in pinpointing why authentication decreases performance drastically?

  Read the article

• Cannot start IIS on XP64 Professional

  - by headsling

  I have enabled the iis components for the first time on this machine, from control panel-add software-windows components, and rebooted. When I attempt to start the "Default Web Site" (which shows as 'Default Web Site (Stopped)' ) from inetmgr nothing happens.. no errors, nothing in the event log. Regmon and Filemon show no obvious errors. I've confirmed that nothing is running on port 80 and have tried changing the local port (8080, 8081 etc.,) with no effect. Further info -- I have removed the install, rebooted, added it back in, rebooted ... still not working. I have visual studio 2008, SQLServer 2008 installed.

  Read the article

• Web Hosting Checklist

  - by Chris

  I am a web developer that is starting to look into hosting his own website. I would like to showcase my programming skills (PHP, MySQl, C#, Wordpress). My knowledge of languages I am OK with but the actually hosting site is where my knowledge starts to get a little shaky. I know the basics (bandwidth, sub-domains, re-write rules) but I would love your input, to help me formulate a check list of certain web-hosting services that I should be on the look-out for. Also I was wondering if there were any reliable hosting providers who give you the option to host both c# code-behinds and PHP code. As I would like to have two versions of my site, one in C# and one in PHP the hope is that if I need to look for another job this website will help me show possible employers my server side knowledge. I hope this is enough info, I did some researching online but found a bunch of unless articles and I've always have had luck on the StackExchange sites. So hopefully you, can help me. Thanks alot.

  Read the article

• SEO, IIS 7 and web.config in subfolder issue

  - by tesicg

  We have ASP.NET application that has sub-folder with .aspx pages and separate web.config file in it. The .aspx pages in that sub-folder behave as separate site. In the web.config file at application level, I set the rule that removing trailing slashes: <rewrite> <rules> <rule name="RemoveTrailingSlashRule1" stopProcessing="true"> <match url="(.*)/$" /> <conditions> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> </conditions> <action type="Redirect" redirectType="Permanent" url="{R:1}" /> </rule> </rules> </rewrite> I expect this rule will propagate downward to sub-folder as well. To access the site in sub-folder we should type: http://concert.local/elki/ and get it without trailing slash as: http://concert.local/elki But, the trailing slash remains. The web.config file in sub-folder looks as following: <configuration> <system.webServer> <defaultDocument> <files> <add value="Sections.aspx" /> </files> </defaultDocument> </system.webServer> </configuration>

  Read the article

• Facebook - Isn't this a big vulnerability risk for users? (After Password Change)

  - by Trufa

  I would like to know you opinions as programmers / developers. When I changed my Facebook password yesterday, by mistake I entered the old one and got this: Am I missing something here or this is a big potencial risk for users. In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!! All kidding aside: Isn't this useful information for an attacker? It reveals private information about the user! It could help the attacker gain access to another site in which the user used the same password Granted, you should't use use the same password twice (but remember: 76.3%!!!) Doesn't this simply increase the surface area for attackers? It increases the chances of getting useful information at least. In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed? Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post? Thanks in advance!! BTW if you want to try it out, a dummy account: user: [email protected] (old) password: hunter2

  Read the article

• Privoxy rule to block Facebook spying

  - by bignose

  Recently, my server's Privoxy rules to block Facebook's spying have failed. How can I block current Facebook spying links? Since soon after [the inception of Facebook's so-called “Open Graph” cross-site tracking widgets][1] (those “Like” bugs on numerous websites), I blocked them by using this rule (in user.action) on our site's Privoxy server: { +block-as-image{People-tracking button.} } .facebook.com/(plugins|widgets)/(like|fan).* That worked fine; the spying bugs no longer appeared on any web page. Today I noticed that they're all making it past that filter [edit: no, they're not]. SOLUTION: The proxy was being silently ignored, though this was not obvious in the client. The above rule continues to work fine.

  Read the article

• 301 redirect from HTTP to HTTPS - how to be sure Google is fetching the correct information?

  - by user33692

  I'm hoping somebody might be able to provide a bit of advice on an issue I am having. I have one site where we implemented a 301 redirect on the homepage from HTTP to HTTPS. We have links on the homepage to other parts of the site that are not under SSL (in fact there is only one other page under SSL). When I go to our Webmaster Tools account I notice that we are not being provided with any webmaster information (e.g., search queries, backlinks, etc...) related to our homepage under SSL. I performed a Fetch as Google on the homepage and the information it returned is: HTTP/1.1 301 Moved Permanently Date: Fri, 08 Nov 2013 17:26:24 GMT Server: Apache/2.2.16 (Debian) Location: https://mysite.com/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 242 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://mysite.com/">here</a>.</p> <hr> <address>Apache/2.2.16 (Debian) Server at mysite.com</address> </body></html> I am worried by the fact that Google fetch is not getting the correct Title tags and Meta information from our homepage and that this is hurting our search results. Additionally, I am worried that we need to do something specific with the sitemap to ensure that Google is correctly indexing all our pages and being able to flow from the HTTPS to the HTTP without issues. Does anybody have any advice on how we can correctly set this up or be sure that Google is fetching the correct information?

  Read the article

• Hopping a VPN Tunnel

  - by lellouch

  My central office and remote offices are connected to each other over site to site ipsec vpn. We use Fortigate firewalls and everything is working fine. On the other hand, only central office is also connected to another company's network over ipsec vpn as well. In this situation, everything is also fine and employees at the central office is able to reach the other company's resources without problem. Now i want the employees working on our remote office can reach the other company's network over central office without creating new vpn tunnels. http://imgur.com/ozrXfGv How can i do that? Thanks for your answers in advance.

  Read the article

• Should I be looking for developers with specific skill sets or generalists that need to learn?

  - by Lostsoul

  Thanks to the great help of this site and SO, I've been able to make a prototype of a software I want to sell but unfortunately although the prototype works I think my code quality is very low. I didn't use much OOP or design patterns so although my code is understandable to me, I think a normal developer would faint if they had to read it. So I wanted to hire a developer to make it a bit more better quality and improve some of my implementations of API's that I may have not done correctly. I'm having problems hiring a developer though. I have met 2 developers and had them read my software specs.The problem is, they lacked my business's domain knowledge(which is completely understandable and no biggie) but they also lacked knowledge of the underlying tech systems I used such as Hadoop, Hbase, Cuda, etc..I spent alot of time explaining map/reduce, bigtables and other technologies I used. I thought it was common knowledge because of my interactions with people on this site but the people I met with mentioned they never had to deal with these things so they didn't know it. My question is, for software projects that are hiring contractor developers is it a danger if the developer does not have experience with the underlying technologies? or can a general developer who is accomplished in another area realistically pick up new technologies? I did a very very quick back of envelope calculation and I think the upfront costs would be similar if I hire a student or developer with no experience in my technologies who will work many hours versus hiring a highly experienced developer who charges double but finishes in half the time but what other risks should I be considering or worried about? Also, should if I do hire a generalist, should I be paying for the time it takes them to learn hadoop or cuda if they are contractors(seems to make business sense but not sure how fair it is to them if they do not use the skill again). I'm a bit confused so any suggestions would be great.

  Read the article

• redirect to rootdomain after the first slash in url

  - by user142397

  I want to redirect this: http://www.site.com/xyz To http://www.site.com/ Basically i want to redirect to the root domain if a user types anything else after the first slash of my domain name like /xyz or anything else should be redirected or rewritten as the root URL in the browser. Can anybody help? Thanks for your help! (* This should be only for the first time like when a new user comes to visit my page, because once the page loads for the first time i do not want any re directions as i have different directories, and related webpages. Otherwise my visitor will only see landing page. )

  Read the article

• Long 'Wait' Time for three php/CSS files. Is something blocking them?

  - by William Pitcher

  I have been speed optimizing a Wordpress site to little effect. There are three files CSS-related php files from the Wordpress theme that are delaying page loads on the site. One of the three files is basically one line of custom CSS from the custom CSS feature in the theme. You can see what I am talking about with this Pingdom speed test: The yellow is 'Wait'. There are no slow items in the cut-off portion of the image. The full results are here: Pingdom Results Page 1. Any thoughts on what might be causing this? I understand that I have blocking CSS or JS files, but I don't see anything that would be causing that long of a wait. When I ran the P3 Plugin Profiler, Wordpress and all plugins appeared fine -- it is the theme that is taking all the time. GTmetrix recommends avoiding dynamic queries. I assume all the ver=3.61 references are to the version of Wordpress (which I am using). I noticed that my Wordpress sites using other themes don't make this query (at least not over and over). 2. Is this typical coding practice? 3. How much negative impact do these query-strings have -- a little or a lot? I tried searching for similar questions here, please excuse me if I missed something. Sometimes, I know just enough to be dangerous.

  Read the article

< Previous Page | 406 407 408 409 410 411 412 413 414 415 416 417  | Next Page >