I am the owner of the website www.getslim.guide. There are two icons, which are linked. One to Tiktok, the other one to Youtube.
If click one of them, a new browser tab open with this link: https://getslim.guide/www.tiktok.com/#getslim.guide
But: www.tiktok.com/#getslim.guide is the right link.
In my Web Application Firewall I see this Error:
[client 84.115.230.189] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "476"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "getslim.guide"] [uri "/youtube.com"] [unique_id "YUJutQi5rjI6cof4-eL39QAAAIM"]
What does it mean?
Best regards,
Nino
This WAF error is triggered because you call your website using the path /www.tiktok.com. The WAF interprets www.tiktok.com as a file name and .com is not permitted as a file name.
But as far as I understand the problem, this call is not intended, the WAF error is not the cause but a consequence of this wrong call, and the WAF error will be gone once you fix your link.
Related
I have a GraphQL API that is governed by a permission system that I implemented.
I tried going with Graphql-shield but I didn't want to error out on the whole request if the client requests a forbidden field, so instead I implemented my own permission system.
Now, I need to solve a problem:
The way I implemented the permission system means that every field is checked if it is permitted and if it is not then null is returned. However, I would like to return some indication that the field was not actually null but that the field was "not permitted".
I thought about doing it in two ways:
During each check I append to some query-wide variable all fields that are not accessible and return it along with the query (probably in some middleware of some sort)
I extend all of the objects in my schema with a "permitted" field in which I return the value of the permission
Any suggestions ?
IMHO not worth the effort ... api faq or docs (available in graphiql/playground) can contain notice about 'unexpected null', ACL resons etc. It's enough for majority of use cases.
If you still want to include some [debug] info in response extensions are for that, f.e. https://github.com/apollographql/apollo-tracing , - in this case:
just attach a list of 'field access denied' [structured] notices;
collect them (in/from resolver) in some context object, attach in middleware (?), before overal response return;
Make it configurable (debug mode), too.
I'm trying to extract the language from the detection response:
response.full_text_annotation.pages[0].property.detected_languages[0].language_code
but it seems that sometimes the detections are missing the TextProperty (property) field - as specified here: Page
Is it not always guaranteed to be in the detection?
Also, is there a way to receive only the fullTextAnnotation without the singular textAnnotations fields?
I think is not possible to receive only the fullTextAnnotation without the singular textAnnotations, because the response structure is TextAnnotation -> Page -> Block -> Paragraph -> Word -> Symbol and if you look into the TextAnnotation response, there is no way to modify it.
Regarding the missing TextProperty (property) field, you can try to fix this by using “DOCUMENT_TEXT_DETECTION” instead of “TEXT_DETECTION” towards TYPE. According to the documentation, The TEXT_DETECTION endpoint will auto-detect only a subset of supported languages, while the DOCUMENT_TEXT_DETECTION endpoint will auto-detect the full set of supported languages.
I am sure I am not the first to encounter this, but I was unable to find a solution while Googling.
I am trying to add a drop-down list to my document. At the top of my model I am adding these namespaces:
use \DocuSign\eSign\Model\List;
use \DocuSign\eSign\Model\ListItem;
When doing so I get this error because "List" is a reserved word in PHP.
A PHP Error was encountered
Severity: Parsing Error
Message: syntax error, unexpected List (T_LIST), expecting identifier (T_STRING)
Filename: models/Docusign_model.php
Line Number: 19
I tried changing the name of the class from List to Elist but then I got errors from ObjectSerializer that it could not find Elist:swaggerType.
What am I missing on how to add a list to my document?
Thom
#thom I think this is really a "PHP" parsing question as is answered here for you Parse error: syntax error, unexpected (T_STRING), expecting variable (T_VARIABLE)
So I think the $ missing is your real issue as discussed in the referenced article above and below from PHP Manual.
http://www.php.net/manual/en/language.oop5.basic.php
Recommend you look at GIT example from SDK using CustomFieldList at https://github.com/docusign/docusign-php-client/blob/ccc86ac37334f34728361d73b2f8c4592225b8d2/src/Model/CustomFieldsEnvelope.php
excerpt
protected static $swaggerTypes = [
'list_custom_fields' => '\DocuSign\eSign\Model\ListCustomField[]',
'text_custom_fields' => '\DocuSign\eSign\Model\TextCustomField[]'
];
http://www.php.net/manual/en/language.oop5.basic.php
Also, maybe the first place to validate if you even need a specific "use" is by reviewing this PHP sample code from a good friend Ergin https://gist.github.com/Ergin008/d4a8b9210fbea41414b0
As I see it with most of the DocuSign SDK's, you have the client and specific services you want to use per excerpt below:
// Download PHP client: https://github.com/docusign/DocuSign-PHP-Client
require_once './DocuSign-PHP-Client/src/DocuSign_Client.php';
require_once './DocuSign-PHP-Client/src/service/DocuSign_RequestSignatureService.php';
require_once './DocuSign-PHP-Client/src/service/DocuSign_ViewsService.php';
Regardless if I am right or wrong, let us know if this helped you go in the right direction :-)
I've created a Site Workflow of SharePoint 2013 Workflow type in O365 subsite of a site collection.
I use Call HTTP web service in workflow: screenshot of my workflow
http://www.image-share.com/ijpg-2992-17.html
To parse JSON results I need to use Variable:Index (Integer).
I've tried d/results/([%Variable: Index%])/Title as it is recommended in numerous blog posts (example).
But Workflow gets Suspened with the following error:
RequestorId: 8c3e172b-5da7-75d9-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.FormatException: The DynamicValue property 'd/results/([%Variable: Index%])/Title' was incorrectly formatted. at Microsoft.Activities.Dynamic.DynamicValueBuilder.PathSegmentFactory.Parse(String segmentText, String fullPathName) at Microsoft.Activities.Dynamic.DynamicValueBuilder.PathSegmentFactory.Create(String segment, PathSegment next, String path) at Microsoft.Activities.Dynamic.DynamicValueBuilder.PathSegmentFactory.Create(String path) at Microsoft.Activities.GetDynamicValueProperty1.Execute(CodeActivityContext context) at System.Activities.CodeActivity1.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation) Exception from activity GetDynamicValueProperty Stage 2 Sequence Flowchart Sequence Email30Days.WorkflowXaml_3f207548_d246_4058_82b3_34acf1933b6f
If I use the same but with number (not variable) d/results/(0)/Title it works.
Please, let me know What I'm missing.
It seems there was a glitch in SharePoint Designer. When I opened SPD the next time, it started to resolve [%Variable: Index%] just fine.
I've also tried to add slash in the end of string "d/results/(<index>)/" (like in the following article) before I noticed the first time Index began to resolve, however I never added slash at the ending furthemore.
Just FYI to whoever has similar issue, I noticed that in SPD - likely due to some quirk in copying text into string builder window from the web - if I type text manually or paste it, it doesn't seem to recognize it (same error occurs during workflow execution). But if you type into the window:
d/results(
then click Add or Change Lookups button and reference your variable, then finish typing the text:
)/YourPropertyName
then it all works well.
Lists.GetListItems form the Lists Web Service returns a ows_PermMask
attribute (16 character hexadecimal) for each list item.
Anyone know how this attribute maps to the user's permissions or where the
meaning of this attribute is documented?
This site should offer you a little more detail:
http://mdasblog.wordpress.com/2009/02/03/permmask-in-sharepoint-dvwps/
It is just a built in field containing the permissions required:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spbuiltinfieldid.permmask.aspx
This link also provides some good detail on PermMask:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/c16aa8e4-672b-4241-a88c-6a421000e00f/setting-itemlevel-permissions-through-sharepoints-builtin-webservices?forum=sharepointdevelopmentlegacy
From the comments in that post:
"Using the PermissionMask is only for the current user... which is likely an admin user anyway which will have the permission PermMask="0x7fffffffffffffff"... this is useless for most use cases of finding what users and groups have access to the item / document."
The PermMask is very interesting stuff in SharePoint. The value of PermMask is hexadecimal. It is 16 digit (e.g 0x0000XXXXXXXX0000).
The minimum value is 0x0000000000000000 for no permission and maximum value is 0x7FFFFFFFFFFFFFFF for full permission (Basically site collection administrator).
[Bit Level Reservation of PermMask][1]
The list and document permissions (0x000000000000XXXX) are specified as follows.
ViewListItems 0x0000000000000001
AddListItems 0x0000000000000002
EditListItems 0x0000000000000004
DeleteListItems 0x0000000000000008
ApproveItems 0x0000000000000010
OpenItems 0x0000000000000020
ViewVersions 0x0000000000000040
DeleteVersions 0x0000000000000080
CancelCheckout 0x0000000000000100
ManagePersonalViews 0x0000000000000200
ManageLists 0x0000000000000800
ViewFormPages 0x0000000000001000
The list item permissions (0x000000000000000X) are specified as follows.
[PermMask ListItemPermissions for edit item][2]