In cloudflare, I know how to write pagerules for filtering URLs. Does anyone know how to block the URLs using the pagerule.It would help me to stop some DOS attack request. for example, I want to block URLs with the following pattern "www.example.com/?". Thank you.
Untested but you could try creating a new page rule:
URL pattern: www.example.com/?
Security Level: I'm under attack
Browser Ingetrity Check: On
Good luck!
You can also create a redirection page rule:
URL pattern: www.example.com/?"
Forwarding URLs: https://notfound.404
Related
I just have created primitive html page. Here it is: example
And here is its markup:
www.google.com
<br/>
http://www.google.com
As you can see it contains two links. The first one's href doesn't have 'http'-prefix and when I click this link browser redirects me to non-existing page https://fiddle.jshell.net/_display/www.google.com. The second one's href has this prefix and browser produces correct url http://www.google.com/. Is it possible to use hrefs such as www.something.com, without http(s) prefixes?
It's possible, and indeed you're doing it right now. It just doesn't do what you think it does.
Consider what the browser does when you link to this:
href="index.html"
What then would it do when you link to this?:
href="index.com"
Or this?:
href="www.html"
Or?:
href="www.index.com.html"
The browser doesn't know what you meant, it only knows what you told it. Without the prefix, it's going to follow the standard for the current HTTP address. The prefix is what tells it that it needs to start at a new root address entirely.
Note that you don't need the http: part, you can do this:
href="//www.google.com"
The browser will use whatever the current protocol is (http, https, etc.) but the // tells it that this is a new root address.
You can omit the protocol by using // in front of the path. Here is an example:
Google
By using //, you can tell the browser that this is actually a new (full) link, and not a relative one (relative to your current link).
I've created a little function in React project that could help you:
const getClickableLink = link => {
return link.startsWith("http://") || link.startsWith("https://") ?
link
: `http://${link}`;
};
And you can implement it like this:
const link = "google.com";
<a href={getClickableLink(link)}>{link}</a>
Omitting the the protocol by just using // in front of the path is a very bad idea in term of SEO.
Ok, most of the modern browsers will work fine. On the other hand, most of the robots will get in trouble scanning your site. Masjestic will not count the flow from those links. Audit tools, like SEMrush, will not be able to perform their jobs
Can i add the content part of this link into my webpage
http://rid3201.org/site/club_members2.php?id=MTk3Ng==
I want to avoid the header part.Can i use iframe or object for this.
Use Html Agility Pack
With it you can get the whole page and select only the html element you need (I assume it would be table).
Then you can pass it to your page.
If you own the domain rid3201.org, you can do it with jQuery:
$('#result').load('ajax/test.html #container');
heads up!
If are not the owner of the domain, you CAN'T do it via jQuery.
The documentation of .load() says:
Due to browser security restrictions, most "Ajax" requests are subject
to the same origin policy; the request can not successfully retrieve
data from a different domain, subdomain, or protocol.
An alternative to jQuery is using XMLHttpRequest, coding with a backend language, like .Net
After you catch the url source, you have to clean the code to get only the div you want.
It is possible to monitor If iframe have loaded (Iframe is not in my domain)? I don't own the page.
Cross-domain will prevent it from detecting?:
Any solutions,
Thanks
It's not possible. Sorry. (Actually, that's probably a good thing)
This kind of voodoo only works for <img onerror="" onload="">
I don't know if it's possible, but it doesn't seem that it is..
every time I try I get an error message similar to this:
Unsafe JavaScript attempt to access frame with URL C:\test.html from frame with URL http://www.google.ca/. Domains, protocols and ports must match.
If the <iframe> is dynamically created, with jQuery, you can try this -
$("#iframeId").load(function(){
//your code here
});
if i use:
<meta http-equiv="REFRESH" content="0;url=https://www.the-domain-you-want-to-redirect-to.com/index.html">
in the html code then it will endlessly loop and refresh the https page.
How can i redirect the users to https? [regarding one index.html file]
What do i need to put in the html code of that "index.html" to redirect them, if they use only "http"?
Thanks
var loc = window.location.href+'';
if (loc.indexOf('http://')==0){
window.location.href = loc.replace('http://','https://');
}
maybe? as long as you don't mind a small javascript dependency.
This could be more elegant
if(/https/.test(window.location.protocol)){
window.location.href = window.location.href.replace('http:', 'https:');
}
However, this is an answer in a code level. To answer the question a bit more broadly, it is even possible to not even touch the code for that, like in the network level or in the application level.
In the network level, you can use an edge router like Traefik. In the application level, you can use a reverse proxy for the redirection. Reverse proxies like Ngnix or services like Cloudflare or AWS Cloudfront.
Also note that in case you host your website on platforms like Firebase Hosting, you will have the automatic redirection to https by default.
Can I display the result which is processed in the CGI(using C) on the same html page, from where the CGI is invoked?
Regards,
MalarN
No, HTTP does not work that way.
You would have to make a asyncronious request (using JavaScript, this is commonly known as AJAX) instead.
In a nutshell, you can spawn a background HTTP request to your CGI process, instead of posting the browser to it in the main HTTP request.
See this: http://en.wikipedia.org/wiki/XMLHttpRequest