I am testing a website before moving to production, so I added to the host file the binding of the website 172.29.28.1 lc-hatavot-test.co.il I added to google recaptcha domain lc-hatavot-test.co.il,but still getting the error of illegal website. why?
web.config on Captcha settings:
<add key="UseGoogleReCaptch" value="true" />
<add name="MSCaptchaImage" path="CaptchaImage.axd" verb="GET" type="MSCaptcha.CaptchaImageHandler, MSCaptcha" preCondition="integratedMode,runtimeVersionv4.0" />
<add assembly="MSCaptcha" namespace="MSCaptcha" tagPrefix="Captcha" />
Related
I try to redirect users that have no autorization for different pages from my app to a custom error page: CustomErr/Forbidden_403 - controller(that have a razorview). I've also configured <customErrors> in my Web.config but I need <httpErrors> too because for some reason, when I publish to the server, this 403 error is not overriden(more it shows 404 not found error instead of 403).
I need a relative path to the View: path="~/CustomErr/Forbidden_403" because my server have multiple apps and each app have it's own folder.
What I've seen so far:
If I add subStatusCode with or without relative path("~") : <error statusCode="403" subStatusCode="14" path="~/CustomErr/Forbidden_403" responseMode="ExecuteURL" /> then the browser return a HTTP 403 error page ("The website declined to show this webpage")
If I remove subStatusCode: <error statusCode="403" path="~/CustomErr/Forbidden_403" responseMode="ExecuteURL" /> then the browser shows a HTTP 404 error("The webpage cannot be found")
If I remove subStatusCode and relative path("~"): <error statusCode="403" path="/CustomErr/Forbidden_403" responseMode="ExecuteURL" />then the browser return a HTTP 403 error page ("The website declined to show this webpage")
I also have a PageNotFound_404 Controller and error defined in web.config which is working fine if I write down an incorrect URL in browser.
The custom error is not showing only for 403 Forbidden => I user return new HttpStatusCodeCresult(HttpStatusCOde.Forbidden) for throwing this 403 code to server.
Web.config
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="403" />
<remove statusCode="404" />
<error statusCode="403" path="~/CustomErr/Forbidden_403" responseMode="ExecuteURL" />
<error statusCode="404" path="~/CustomErr/NotFound_404" responseMode="ExecuteURL" />
</httpErrors>
Do I need to configure it from IIS?
What I eventually did was to override paths from Web.config in Web.Release.config
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="403" />
<remove statusCode="404" />
<error statusCode="403" path="/myAppFolder/CustomErr/Forbidden_403" responseMode="ExecuteURL" />
<error statusCode="404" path="/myAppFolder/CustomErr/NotFound_404" responseMode="ExecuteURL" />
</httpErrors>
Also all js files with ajax that have url to controllers, I've modified urls from url:"/Controller/Action" to url:"Controller/Action" - they will automatically figure relative path.
You should remove subStatusCode and relative path("~"), and shouldn't the end of the value of your path be html or htm? below code works on my side.
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="404"/>
<error statusCode="404" path="/Errors/404.html" responseMode="ExecuteURL"/>
</httpErrors>
I'm getting an error while using an i-frame in angular. It refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin'
Refused to display 'https://docs.google.com/gview?url=https://subtreebucket.s3.amazonaws.com/docsFile_1559124133664_dummy.pdf' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
You cannot overrule that: as you can see in the response to the GET request for the url you are showing, there is a response header x-frame-options: SAMEORIGIN.
It means that the origin server does not authorize you to show this content inside an iframe.
You cannot circumvent this, this is a security protection: otherwise it would make session hijacking too easy.
The only way to go is to have the same resource with an URL that allows you to be viewed (such as the PDF url directly, here https://subtreebucket.s3.amazonaws.com/docsFile_1559124133664_dummy.pdf, or adding embedded=true to the URL might work, which is google docs specific).
Please use santizer with safe pipe and then include the link as below
<iframe class="doc" src="https://docs.google.com/gview?url=https://subtreebucket.s3.amazonaws.com/docsFile_1559124133664_dummy.pdf&embedded=true"></iframe>
Make sure you are using embedded=true while adding source in the iframe. It'll definitely work
How about stripping away the https://docs.google.com/gview?url= part from the src url?
<iframe
src="https://subtreebucket.s3.amazonaws.com/docsFile_1559124133664_dummy.pdf"
frameborder="0">
</iframe>
It works.
Here's a Working Sample StackBlitz for your ref.
Added the following to the web.config customHeaders section:
<customHeaders>
<remove name="X-Powered-By" />
<remove name="X-Content-Type-Options" />
<add name="X-Frame-Options" value="ALLOW-FROM http://sharepointsitecollectionurl " />
<add name="Content-Security-Policy" value="frame-ancestors sharepointwebapplicationurl" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-UA-Compatible" value="IE=Edge" />
</customHeaders>
you can use the target="_blank" attribute.
UPDATE
After enabling direcorty listing it seems to have worked but now im running into another error.
Resource interpreted as Stylesheet but transferred with MIME type text/html
I'm trying to rewrite a URL to take content from the absolute directory.
Let's assume my URL was https://somesite.com/a <-- absolute path
This directory consist of files like index.html, contact.html and folders like css,js,img
But i want to access this directory with a URL like https://somesite.com/a/somename/index which should take me to https://somesite.com/a/index but it should also keep the parameter somename in the URL therefore redirecting is not an option, this is because i need to use the Referrer Url later onwards from backend code.
My Rule
<rule name="StoreRewrite" stopProcessing="true">
<match url="^a/([^/]+)/([^/]+)" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="a/{R:2}" />
</rule>
The above redirect works but it doesn't load the additional content inside the html files, like js,css files which are all relative to the html file.
The below error is show when i enter the url https://somesite.com/a/someprofile/contact
The page from a\contact is displayed but not its relative content.
The console is filled with this error
Failed to load resource: the server responded with a status of 403 (Forbidden)
I have created a web application using Microsoft Azure and uploaded static html pages to the web application.
It works fine, however, I would like to set a custom 404 page. Where or how can I do this using the Azure portal ?
Just to be clear, this is not a visual studio project, it's just some static html files. I just want to tell azure to use my 404 page instead of the default text it displays when a page cannot be found.
EDIT
Please note, this has nothing to do with IIS. I dont even have a web.config file. I am simply hosting some static html files in Azure and want a custom 404 page. I have already made the 404.html page.
Seems like you have to add a web.config file in your root directory. This seems like a workaround, but doing that and adding the following code works:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="/404.asp" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
Follow these steps to configure a custom 404 page for a Azure Static Web App:
Create a file named staticwebapp.config.json in root page (same folder as starting page i.e. index.html)
put these lines inside it:
{
"responseOverrides": {
"404": {
"rewrite": "/404.html"
}
}
}
Put your custom 404 page in root or subfolder (in this example 404.html is in root folder)
After a lot of testing and research, it was found that using responseMode="ExecuteURL" would result in a correct redirect, but the browser would report 200 Status rather than a 404. To fix this we removed the "/" and changed to responseMode="File" based on insight from this post: web.config errors fail with responseMode="File"
We are just hosting a simple static HTML site, not a web app, and this code worked:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors defaultRedirect="404.html" mode="RemoteOnly">
<error statusCode="404" redirect="404.html" />
<error statusCode="500" redirect="500.html" />
</customErrors>
</system.web>
<system.webServer>
<httpErrors existingResponse="Replace" defaultResponseMode="File" errorMode="Custom">
<remove statusCode="404" />
<error statusCode="404" path="404.html" responseMode="File" />
<remove statusCode="500" />
<error statusCode="500" path="500.html" responseMode="File" />
</httpErrors>
</system.webServer>
</configuration>
So I have a .NET MVC app published in an Azure Website which should serve static html pages stored in a blob container when clicking on a corresponding hyperlink.
My questions are:
The way to access a blob in Azure is
https://blobtest.blob.core.windows.net/container/htmlpage1.html,
however the peculiar part is when I login into my Azure Site and the url is
something like:
http://azuretestwebapp.azurewebsites.net/user123 and if I click
on a hyperlink to my html blob it can't help but normally take me to
blob azure site (well of course). Therefore I am wondering if there
is a way to have a url similar to this:
http://azuretestwebapp.azurewebsites.net/user123/container/htmlpage1.html
considering that the html pages are stored elsewhere in Azure.
If this is not feasible using an Azure Website or by storing
static html pages in Blob, what would be a better approach?
Thank you in advance for your time.
You can modify your web.config for your site to forward requests for static pages to blob storage using a redirect rule. Then the static content will be stored in and served from blob storage.
Place the following in a file named web.config (or modify your existing web.config) and put the web.config in the folder site/wwwroot on your website, next to the site content.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="static" stopProcessing="true">
<match url="static/(.*)" />
<action type="Rewrite" url="https://blobtest.blob.core.windows.net/static/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Better late than never. Azure Blob requires the host header to be set correctly also otherwise it'll 404.
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="static" stopProcessing="true">
<match url="static/(.*)" />
<action type="Rewrite" url="https://blobtest.blob.core.windows.net/static/{R:1}" />
<serverVariables>
<set name="HTTP_HOST" value="blobtest.blob.core.windows.net" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Please remember to Allow Server Variable {HTTP_HOST} in URL rewrite.
https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/setting-http-request-headers-and-iis-server-variables
You could also set this in applicationhost.config section.
<location path="Default Web Site">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_HOST" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>