TL;DR: How to detect local website users?
I have a self-hosted website running in the student-building I live in. In this website I would like a page for and links to certain local applications, like the webremote of the RPi running Kodi, an FTP, a page of instructions etc.
I don't want those to be visible to random internet users, so is there any way for a website to detect whether the user is accessing the website from inside the local network? Preferably in JavaScript, but PHP would also be fine.
in PHP it can be done in several ways. The simplest way is to do a simple IP check.
if ($_SERVER['REMOTE_ADDR'] = "10.1.0.25") { // Internet IP or IP rangehere
// Show links for internal users
} else {
// Show stuff for all other users
}
or for range of IPs assuming 192.168.1.x addresses
if ($_SERVER['REMOTE_ADDR'] >= "192.168.1.1" && $_SERVER['REMOTE_ADDR'] <= "192.168.1.1") {
// Internal Info
} else {
// External Info
}
Related
I want to set up a direct download link using Microsoft IIS. We already have a web page using the IP address that points to a /web folder on our server, but I want to create a separate location on my server where I can put downloadable files such that the client can just type the link and get the download: http://IPADDR/download/filename.zip. Are there any resources on how to do this?
Right now, typing http://IPADDR brings up our simple web page which contains a link that launches an application, again this is bound to the /web folder on our server via IIS.
The FTP port is typically blocked on our client's networks so we have to stick with HTTP. This will be completely programmatic, so no need to have a button or link on a page. I will be using java with a GET command to pull files from the link. I just want to be able to have the web server make these files available to download.
FYI I'm newer to this server stuff so simpler is better! Thank you.
As far as I know, there are two ways to achieve your needs.
The first is using Asp.net application. You need to write code for the downloaded file. For example, when the user clicks a button, the logic method corresponding to the button is triggered, and the response to the client is the file specified in the code.
var fileNameToShow = "xxx.zip";
var fileNameAndPath = "The physical path of the file on the server"
FileInfo file = new FileInfo(fileNameAndPath);
file.Refresh();
if (file.Exists)
{
// Send the file to the browser
Response.Clear();
Response.AddHeader("Content-Disposition",
"attachment; filename= " + fileNameToShow + "; size=" + file.Length.ToString());
Response.TransmitFile(fileNameAndPath);
Response.Flush();
Response.End();
}
else
{
throw new Exception("File does not exist!");
}
The second is to use the FTP function of IIS. You need to create a site and add FTP publishing to the site. When you visit the site through ftp://domian, you can see all the files in the physical directory of the site on the server, and you can download any file by clicking on it.(It also can download through link,such as ftp://domain/filename.zip)
Logstash has an open port where everyone can send in data.
Anonymous data messes everything up
All data from all customers in one pool is messed up too.
So I read and tried https://www.elastic.co/guide/en/x-pack/5.6/logstash.html (also for Version 6 and 7) but this does not seem to be it. It rather authenticates against elasticsearch than in front of logstash. What I like to have is some sort of this:
input {
# One port to rule them all - possible?
tcp {
port => 5000
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
user => elastic
password => nope
document_id => "%{[#metadata][fingerprint]}"
# Here comes the user prefix again.
index => "%{[user]}-%{[host]}-%{+YYYY.MM.dd}"
}
if [user] == "foo" {
# Also put things in IRC
}
if [user] == "qux" {
# Forward somewhere else
}
}
In the end we like to have the data separated available when using Elastic or Kibana which may be no big deal when I read the documentation. But I also think that there should be some auth in front of logstash. Correct me if I am wrong.
If not:
How to prevent anonymous data?
How to distinguish them well?
Since you can't change the original message, you will need to filter based on the host that sent that message, you can use the host field for that, as it seems you are already doing on your output.
To prevent anonymous data you can use SSL, so each machine sending to your logstash will need to have the certificate files, or you can configure a firewall on the logstash machine and configure it to allow connections from your costumers only.
The x-pack security feature that you mentioned is a paid feature, but its focus is on putting a security layer on elasticsearch/kibana, there is no auth in front of logstash, to do that you need firewall rules and/or ssl certificates.
Im in the process of constructing a Webmail SPA, similar to Gmail, for end users. This app will be hosted on a cPanel shared hosting (LAMP stack). The end users have no cpanel email access otherwise. My app will be their access portal for these email accounts.
If it matters, I'm preferably a node developer, with LAMP experience, so I'm open to any broad suggestions. Note, normally im just bouncing things out, using smtp. Would i just do this straight Imap? I just want to know on an architectural level what service i need to be accessing, or looking for and maybe a point in the direction of some example.
Maybe a wire-frame, a flowchart, or a sentence that can describe how I can implement it will suffice. I can find the technologies, I just need a road map.
This is a RHEL6
$ uname -a
Linux 2.6.32-604.30.3.lve1.3.63.el6.x86_64 #1 SMP Sun Sep 27 06:34:10 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
Some questions based on the only way im able to think about this problem:
What protocol normally accesses the email (user?) Would i be getting something, maybe an internal mail command access from system environment variables, or PATH maybe? Would i ping for a user list, i mean what information does the app need to connect to the mail server, and what protocol would i get that from? I think this is my hitch.
I guess the first thing, is during post, it auths, what happens after auth, what protocol, where/what will i be looking to make that decision based on, and how do i pull in the email list after? Im guessing this is just an IMAP requst. Is that all i need? e.g. php mail() or nodemailer?
Also I cant seem to come up with the proper terminology to get any meaningful google search results, I'm open to search query help as an alternative, not sure what techs I'im looking for yet.
Edit:
On some research i have found the following;
Some search terms that are finally yielding a few results
webmail interfacing php (or node)
webmail single page application node (or php)
Looks like this might be one example of a way a node app connects to an imap
https://github.com/cozy-labs/emails/blob/master/server/imap/pool.coffee
I believe that mail util is here https://www.npmjs.com/package/nodeutil
If someone can help me put this into perspective, that would be great.
Some answers on this:
To roll your own, webmail on a shared host, cPanel API's, curl, fopen, and 3rd party email application apis would be the starting point.
cPanel may not fully support this however they do have apis, UAPI being the most likely for some basic scenarios. https://documentation.cpanel.net/display/SDK/UAPI+Functions+-+Email%3A%3Alist_pops
However, Afterligic's WebMail Lite contains a promising looking solution, with a PHP,REST, and JavaScript API. http://www.afterlogic.org/docs/webmail-lite/integration-and-development
The PHP example to read messages looks like it might be this one here
<?php
include_once __DIR__.'/../libraries/afterlogic/api.php';
if (class_exists('CApi') && CApi::IsValid())
{
// data for logging into account
$sEmail = 'user#domain.com';
$sPassword = 'PassWord';
$sFolder = 'INBOX';
$iOffset = 0;
$iLimit = 5;
$oCollection = null;
try
{
$oApiIntegratorManager = CApi::Manager('integrator');
$oAccount = $oApiIntegratorManager->LoginToAccount($sEmail, $sPassword);
if ($oAccount)
{
$oApiMailManager = CApi::Manager('mail');
$oCollection = $oApiMailManager->getMessageList($oAccount, $sFolder, $iOffset, $iLimit);
if ($oCollection)
{
echo '<b>'.$oAccount->Email.':</b><br />';
echo '<pre>';
echo 'Folder: '.$sFolder."\n";
echo 'Count: '.$oCollection->MessageCount."\n"; // $oCollection->MessageResultCount
echo 'Unread: '.$oCollection->MessageUnseenCount."\n";
echo 'List: '."\n";
$oCollection->ForeachList(function ($oMessage) {
$oFrom = $oMessage->From();
echo "\t".htmlentities($oMessage->Uid().') '.$oMessage->Subject().($oFrom ? ' ('.$oFrom->ToString().')' : ''))."\n";
});
echo '</pre>';
}
else
{
echo $oApiMailManager->GetLastErrorMessage();
}
}
else
{
echo $oApiIntegratorManager->GetLastErrorMessage();
}
}
catch (Exception $oException)
{
echo $oException->getMessage();
}
}
else
{
echo 'AfterLogic API isn\'t available';
}
And a
Some other thoughts on rolling your own:
Heres an article shedding light on how to view accounts, using php
How to create an Email Account in Cpanel via PHP?
And one to list
How to access list of email accounts with cPanel API?
A cpanel class was built to provide a way to create and forward, and probably serves as the best example, on a start to the solution. http://sajjadhossain.com/tag/cpanel-class/ resourced from here where lots of testing was done on this topic http://www.zubrag.com/scripts/cpanel-create-email-account.php
To forward emails, in case that's of some use to get them possibly to another temp account
https://www.a2hosting.com/kb/cpanel/cpanel-mail-features/forwarding-incoming-e-mail-messages-to-a-script-file
Then there is the option for squirrel mail or the other two mail apps supported by cpanel: possibly turn one of those into a portal. Here is a way to auth to squirrel mail for e.g. http://squirrelmail.org/plugins_category.php?category_id=6
I am trying to develop a chrome extension that would set the "host" header on certain requests. But the documentation is contradicting as to if the "host" header can be modified or not.
Both of these issues indicate that a) it should not be possible and b) it is impossible
https://code.google.com/p/chromium/issues/detail?id=154900
https://code.google.com/p/chromium/issues/detail?id=158073
Yet multiple extensions in the gallery state they do modify the "host" header.
e.g.
https://chrome.google.com/webstore/detail/header-hacker/phnffahgegfkcobeaapbenpmdnkifigc?hl=en
https://chrome.google.com/webstore/detail/change-http-request-heade/ppmibgfeefcglejjlpeihfdimbkfbbnm
Is it possible to modify the "host" header in the windows version of chrome, and if so how?
Background: I want to be able to test load balanced web instances hitting each host directly via ip address. The "hosts" file is to cumbersome for a large number of hosts. At the moment I use curl to pass the modified "host" header, but I really need the solution in the browser and available for others.
#kzahel was right, and the note about redirection was spot on, here is my basic working code.
chrome.webRequest.onBeforeSendHeaders.addListener(function (details) {
if (details.url.indexOf('toast.txt') <= -1)
return;
details.requestHeaders.push({
name: 'Host',
value: 'testhost:80'
});
return { requestHeaders: details.requestHeaders };
}, {
urls: ['http://*/*']
}, ['requestHeaders', 'blocking']);
chrome.webRequest.onBeforeRequest.addListener(function (details) {
if (details.url.indexOf('sauce') <= -1)
return;
var url = 'http://127.0.0.1/toast.txt';
return { redirectUrl: url };
}, {
urls: ['http://*/*']
}, ['blocking']);
Admittedly a slightly odd example but it goes like this.
My local IIS has a site created that points to a folder that has a file "toast.txt", which is bound to "testhost".
Windows can no way of knowing about "testhost" e.g. cannot ping it.
With the extension running.
Enter the address http://testhost/sauce
The extension notes the "sauce" in the "onBeforeRequest" method and redirects to "http://127.0.0.1/toast.txt" which in turn is picked up on by the "onBeforeSendHeaders" method where the "Host" header is added containing "testhost:80". All this occurs before the request leaves Chrome.
Now IIS receives the request "/toast.txt" that by itself would result in a 404, but because the "Host" header is set it pushes the request to the new website that is bound to "testhost" which then returns the "toast.txt" file.
Phew!
It looks like you shouldn't have difficulty doing this. Use onBeforeRequest
onBeforeRequest: Fires when a request is about to occur. This event is sent before any TCP connection is made and can be used to cancel or redirect requests.
Since this is triggered before any connection to the server is made, you should be able to modify the host header then [edit: if host header is not available, then use a redirect]. Make sure you have the "requestHeaders" permission in the manifest or else you won't see the request headers at all.
My problem is that I have a user that is having a problem displaying a portion of website I am creating, but I am unable to reproduce it on any of my browsers, even with the same version of the browser.
What I'm looking for is probably a website that I can send the user to which will tell me what version of the browser they are running along with the plugs installed and any other information that might affect the display of a page.
Any one know of anything like this?
Edit: The problem is related to CSS. They want some special image around all the text inputs, but on the users computer the text input displays partially outside of the image which is setup as a background.
I need more user specific information than Google Analytics as you can't separate out a specific user. I also suspect that it's more complicated than just the user agent.
I also can put the website out there publicly because they want to keep their idea private until it's released...grr.
I find that sending users to the Support Details site (http://supportdetails.com/) is a great way to get systems and browser specifics. At that site all they have to do is enter your email address and the site will send details such as:
Operating System
Screen Resolution
Browser Name and version
Browser size (view port)
IP Address
Color Depth
Javascript enabled (Y/N)
Flash version installed
Cookies enabled (Y/N).
Those pieces of info can also be exported as csv or PDF. Pretty sweet.
The site is made by an agency called Imulus.
Unfortunately, I don't know of any site that will log every detail about the users browser, as you request.
But perhaps browsershots.org could help with your debugging? It allows you to test you design in a lot of different browsers very easily.
EDIT: ... unfortunately restricted to the initial design on page load, since it simply takes a screenshot for you.
The classic approach is to use the useragent to determine the browser and OS
Looks like this site will display it for you.
As for plugins there are various ways to test in javascript for the plugins you are looking for.
You have to test for these on the client side as there is (to my knowledge) no way of detecting these on the server side.
The following crude example shows how to test for acrobat reader in IE and Mozilla browsers and returns if it was installed and if so what version in an object.
function TestAcro()
{
var acrobat=new Object();
acrobat.installed=false;
acrobat.version='0.0';
if (navigator.plugins && navigator.plugins.length)
{
for ( var x = 0, l = navigator.plugins.length; x < l; ++x )
{
//Note: Adobe changed the name of Acrobat to Adobe Reader
if ((navigator.plugins[x].name.indexOf('Acrobat') != -1) | (navigator.plugins[x].description.indexOf('Acrobat') != -1) | (navigator.plugins[x].name.indexOf('Adobe Reader') != -1) |(navigator.plugins[x].description.indexOf('Adobe Reader') != -1))
{
acrobat.version=parseFloat(navigator.plugins[x].description.split('Version ')[1]);
if (acrobat.version.toString().length == 1) acrobat.version+='.0';
acrobat.installed=true;
break;
}
}
}
else if (window.ActiveXObject)
{
for (x=2; x<10; x++)
{
try
{
oAcro=eval("new ActiveXObject('PDF.pdfCtrl."+x+"');");
if (oAcro)
{
acrobat.installed=true;
acrobat.version=x+'.0';
}
}
catch(e) {}
}
try
{
oAcro4=new ActiveXObject('PDF.pdfCtrl.1');
if (oAcro4)
{
acrobat.installed=true;
acrobat.version='4.0';
}
}
catch(e) {}
try
{
oAcro7=new ActiveXObject('AcroPDF.PDF.1');
if (oAcro7)
{
acrobat.installed=true;
acrobat.version='7.0';
}
}
catch(e){}
}
return acrobat;
}
Google analytics? If you have any sort of web analytics program installed on your web server, generally they also give info such as the operating system, web browser, etc. You could use the user's IP address to find his info in your logs.
Also, what issue are they having? We might be able to help..
I did find this program, but unfortunately it's not a free service, nor is there really anyway for me to get the information on that page (unless I pay for it): http://www.cyscape.com/showbrow.aspx
The useragent and related HTTP headers that are sent in all requests can give you some information (Browser and version), but for detail about the client-side installation, you may be out of luck for an automated capture mechanism that obtain a list of arbitrary plugins installed on the client browser. This would be a security violation, so unless a browser intentionally exposes them, you wouldn't get access to this without installing a client-side binary.
Depending on the relationship with the user, you could try something like Go2Meeting or CoPilot so that you can see the bug in action yourself. This would also allow you to peruse the browser settings and plugins.
If it is a CSS issue and the issue is with IE (most often) you may want to consider using the IE 7 library.
When it comes to CSS... I get it working properly in Mozilla browsers then I see what I need to conditionally hack to make it work in IE. This library comes in handy.
Also if possible I would try to limit support to the major modern browsers out there.
And if possible try to include the mobile browsers (iPhone, etc).
Hope this helps.
I've been using Ocean's Browser Capabilities in my ASP.NET web sites. It is really easy to get many properties. Specifically I'm using the Ocean2.Web.HttpCapabilities library.
To get the browser type and capabilities:
string browserSettings = Ocean2.Web.HttpCapabilities.BrowserCaps.Build.ProcessDefault(HttpContext.Current.Request);
Here is a sample of the results:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; InfoPath.2)
os - Windows Vista
platform - WinNT
win16 - false
win32 - true
win64 - true
type - IE7
browser - IE
version - 7.0
BrowserBuild - aol - false
cookies - true
javascript - true
ecmascriptversion - 1.2
vbscript - true
activexcontrols - true
javaapplets - true
screenBitDepth - 1
mobileDeviceManufacturer - Unknown
mobileDeviceModel - Unknown
You could also try this:
BROWSER PROBE finds details about your browser, plugins, system, screen and much more.
A great tool for support staff and casual users alike.
Browser Probe
Most of these answers are outdated with dead links.
I found http://www.mybrowserinfo.com that suits my needs. Hope it helps someone else.
More user friendly service: https://aboutmybrowser.com/?nr