Netlify pretty query - web

I want to host a Netlify website where you can search for specific users. Currently its like this https://example.com/users?q=exampleuser . (its https://example.com/users.html but pretty url'ed)
But what I want is to make the URL query pretty. So the endresult should be https://example.com/users/exampleuser but it should still be a url query so the JavaScript can make calls based on the query.
e.g.:
https://example.com/users?q=test123 to
https://example.com/users/test123
https://example.com/users?q=example456 to
https://example.com/users/example456

The rewrite rule will work with:
/users q=:q /users/:q 200
When you navigate to https://example.com/users?q=exampleuser, you must have an existing endpoint at https://example.com/users/exampleuser/ or it will give a 404 status code, but will still rewrite the original path.
Note: If you have an existing endpoint at /users/ this method will not fallback if the rewrite path has an invalid endpoint. Meaning you can't fallback to /users/ endpoint if the query path is an invalid endpoint.

Related

Redirection to incorrect page

I am trying to redirect using a button on a custom control (code below). the following is written to the debug toolbar which is where I want to go:
destBack=https://www.example.com/MyAttachments . But I instead get a Error 404 page and the following line appears on the server console:
HTTP Web Server: Item Not Found Exception [/site/home.nsf/https:/www.example.com/MyAttachments.xsp] Anonymous
I do have a reditection rule as follows:
Description: MyAttachmentsView
Type of rule: Redirection
Incoming URL pattern: */MyAttachments
Redirect to this URL: /site/home.nsf/MyProfileAttachmentsView.xsp
Send 301 Redirect:
If I copy and paste the destBack URL I get where I want to go.
My SSJS code behind the button is as follows
importPackage(com.example);
var destination = configBean.getValue("HostURL")+"MyAttachments";
dBar.info("destBack="+destination)
context.redirectToPage(destination)
Try this code to redirect
externalCtx = facesContext.getExternalContext();
externalCtx.redirect("http://www.tlcc.com");
See http://linqed.eu/2011/07/27/xpages-server-vs-client-side-redirects/
context.redirectToPage is designed to redirect the XPages runtime to an XPage within the current database. That's why the URL in the error message contains "/site/home.nsf/" (the current database path) and "https:/www.example.com/MyAttachments.xsp" (the URL you're defining).
If you want to change the whole URL, you need to change the URL client-side, not server-side, e.g. with location.href="...."

Redirect http to https via IIS

I have this application that I just installed a SSL certificate for. Yest I tried to redirect the users to use only the HTTPS://url.com. and prevent them from using the http://url.com site. However because I lack understanding the regular expressions to define the Pattern and the condition and unfortunately, I could not find a guide with some example of how to define those rules. I would like a concrete example of how to set this up https://{HTTP_HOST}{REQUEST_URI}.
Ensure you have the URL Rewrite feature added. In IIS manager configure the following in the URL rewrite section.
Create inbound rule (Blank Rule)
Requested URL : Matches the pattern
Using: Wildcards
Pattern: *
Conditions
Input: {HTTPS}
Type: Matches the pattern
Pattern: off
Action
Action Type: Redirect
Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
Append Query String Checked
Redirect type: Found (302)
Once you have done this. Create a condition...
Right click your new rule
Conditions -> Add+
Condition Input : {QUERY_STRING}
Matches the Pattern
Pattern: off
Essentially it should look like this:
All traffic using a http request will be automatically redirected to the https port.
I think I've found a solution without url rewrite. In IIS, right click on the website, choose "Manage web site - Advanced settings", expand "Behaviour", expand "HSTS" and set to "True" the properties "Enabled" and "RedirectHttpToHttps".
Update:
As #jonasfh pointed out, you need anyway to have bindings both to http and https, because only the successful requests to http are redirected to https. So, if the request to http isn't successful (because http binding is not present) the redirect to https doesn't happen. Thank you.
Update2: just wanted to add that after the settings a site restart from IIS is needed.
My method from Global.asax
protected void Application_BeginRequest()
{
#if !DEBUG
if (!Context.Request.IsSecureConnection)
{
if (Context.Request.Url.ToString().Contains(".well-known")) return;
Response.StatusCode = 301;
Response.RedirectPermanent(Context.Request.Url.ToString().Replace("http:", "https:"));
}
#endif
}

Rails 4 path traversal possible?

The app I'm working on has a controller that issues templates to the front end (single page app). It's very basic, and simply consists of
#path = params[:path]
render template: "templates/#{#path}", layout: nil
Here my concern however is the direct use of the users input. Everything about this to me feels like it can be attacked with something as simple as path traversal. The route for this is
get "/templates/:path.html" => "templates#file", constraints: { path: /.+/ }, defaults: { format: 'html' }
I've tried multiple things to attempt a path traversal attack, such as
request /templates/path/to/../somewhere/else.html
request /templates?path=/path/to/../../something.rb
request /templates/index.html?path=/path/to/../../config/something.html
request /templates/path/../../../file.html
Fortunately, I haven't had any success with this. The requests that just start with /templates and don't specify anything after it, don't match the route thanks to the constraint so that is good.
It seems as though when that route is matched, rails doesn't allow you to override the path parameter through a url parameter, so I don't seem to be able to inject it there.
The ones that interest are the first and last examples above, where rails seems to internally be changing the requested URL before invoking the routes file. When I request /templates/path/to/../somewhere/else.html, my console output shows a request for /templates/path/somewhere/else.html. When I make a request for /templates/path/../../../file.html, the log shows a request for /file.html.
Am I missing something somewhere that will leave the app open to security issues, or is this just rails being sensible and protecting itself for me?
UPDATE
I've done some more digging, and if I try doing some URL encoding then I can cause the server to simply not respond at all. If I request /templates/%2e%2e%2f%2e%2e%2f%2e%2e%2ffresult.html then I just get an empty response with a connection: close header.
I assume that the parameter parser higher up in the rack is checking all urls for this type of attack? Regardless, my original question still stands. Am I missing something here?

Routes in Codeigniter

I want to have a clean URL in CodeIgniter based application for User's Profile Information.
Please Take a look at URL formats below.
Actual URL : http://www.mydomain.com/index.php/users/profile/user1
I'm expecting users to have Personal URL's like
http://www.mydomain.com/user1
http://www.mydomain.com/user2
http://www.mydomain.com/user3
URL http://www.mydomain.com/user1 should process http://www.mydomain.com/index.php/users/profile/user1 in background execution.
I will be removing index.php from URL using Route library.
Thanks in advance for any sort of help.
Have a look at https://www.codeigniter.com/user_guide/general/routing.html.
$route['user(:num)'] = "users/profile/user/$1";
If you mean you want /anyusername to route to the users controller, you would have to put:
$route['(:any)'] = "users/profile/$1";
At the bottom of routes.php and every non user-URL above it. Otherwise every URL would be routed there, obviously. You will need to implement some mechanism in the users-controller to throw 404-errors, since you are routing all requests not catched in the routing rules above.
IN config/routes.php
add this line
$route['user(:num)'] = "users/profile/$1";

Is it possible to rewrite url (with extra parameters) with a Chrome extension

I am trying to append few extra parameters to the url that user typed (before the page gets loaded). Is it possible to do?
For example, if user types www.google.com, I would like to append ?q=query to url (final: www.google.com?q=query.
Thanks
The webRequest API might be what you need. This code goes in your background page:
chrome.webRequest.onBeforeRequest.addListener(
function(details) {
if( details.url == "http://www.google.com/" )
return {redirectUrl: "http://www.google.com/?q=defaultquery" };
},
{urls: ["http://www.google.com/*"]},
["blocking"]);
This is an extremely specific rule that redirects visits to http://www.google.com/ with http://www.google.com/?q=defaultquery, but I think you can see how to expand it to include more functionality.
Note that this will reroute all attempts to reach http://www.google.com/, including Ajax requests and iframes.
Per the documentation, you will need to add the webRequest and webRequestBlocking permissions, along with host permissions for every host you plan to intercept:
"permissions": [
"webRequest",
"webRequestBlocking",
"*://*.google.com/",
...
],
This is an old question still I am answering it for future readers.
Modification of query parameters is a little tricky because you can endup in an infinite loop and Chrome/Firefox may detect it and process whatever is the current state of the request URL.
I have faced this situation in my chrome extension Requestly where Users used Replace Rule and replaced www.google.com with www.google.com?q=query or did something similar.
The problem with this approach is browsers intercept the request URL after adding query parameter so the parameter will be added multiple times and corrupt the URL. So you have to ensure either of the following:-
Do not intercept a request once it has been redirected.
Check if the parameter already exists, then do not redirect it.
As correctly pointed out by #apsillers in his answer, you have to use webRequest API to perform any modifications to the URL. Please have a look at his answer
and write your code accordingly.
Just in case, you are looking for an already available solution, consider trying Requestly's Query Parameter Rule. Here is a screenshot of how it looks like:-
For Firefox, you can download Requestly from its home page.

Resources