A web page hosted on Node.js server in Azure cloud displays the page correctly (confirmed with browser console), but Azure webserver console stil creates/logs detailed error pages for various "missing" files (js, ico, css, ttf...).
Example error page in server console (from azure site log tail <site>):
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS Detailed Error - 404.0 - Not Found</title>
...
<table border="0" cellpadding="0" cellspacing="0">
<tr class="alt"><th>Requested URL</th><td> http://servername:80/js/ripples.min.js</td></tr>
<tr><th>Physical Path</th><td> D:\home\site\wwwroot\js\ripples.min.js</td></tr>
<tr class="alt"><th>Logon Method</th><td> Anonymous</td></tr>
<tr><th>Logon User</th><td> Anonymous</td></tr>
</table>
...
How can I "fix" IIS not to raise/log these false positives?
I was able to solve this by disabling 'Detailed Error Messages' in the Azure website configuration:
Related
We are using Post Mark API for sending mails to recipient for every action performing in our app.We are using VM file as the template for sending mails.Our clients are repeatedly saying that mail was received in spam folder instead of inbox so we surfed online for some reasons related to spam mail.
As per suggestions, we have removed below header from the mail template(vm file)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
So a sample mail would be like following
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title></title>
<style type="text/css">
/* Style goes here*/
</style>
</head>
<body>
<table>
<tbody>
<tr>
<td>
<table>
<div>
Hi $UserName,
Thanks for registering.
Thanks,
Selvam.M
</div>
</table>
</td>
</tr>
</tbody>
</table>
After removing the header we could receive mails directly to inbox other than gmail. But in gmail alone first mail was coming as spam after i have read that all the other mails started to arrive at inbox
May i know what we are doing wrong here?
Have you added DKIM records to your DNS? That's the first thing to do to ensure good delivery. You can also reach out to us at support#postmarkapp.com and we'll be happy to help you further there.
I have two applications:
X.Web - Asp.net core 1.1 web application
X.Api - ASP.NET WebApi2 application in .NET 4.6.1
Now they are both available as www.example.com/X.Web and www.example.com/X.Api respectively. My customer wants the web application to be available simply as www.example.com.
I tried a quick solution in my test environment - I just moved the content of X.Web folder to wwwroot and without any problems everything worked fine.
However, on my production server the web app works - htmls, scripts and styles are loaded correctly, but X.Api stops working - i get response
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title> IIS 502.5 Error </title>
<style type="text/css"></style>
</head>
<body>
<div id = "content">
<div class = "content-container">
<h3> HTTP Error 502.5 - Process Failure </h3>
</div>
<div class = "content-container">
<fieldset>
<h4> Common causes of this issue: </h4>
<ul>
<li> The application process failed to start </li>
<li> The application process started but then stopped </li>
<li> The application process started but failed to listen on the configured port </li>
</ul>
</fieldset>
</div>
<div class = "content-container">
<fieldset>
<h4> Troubleshooting steps: </h4>
<ul>
<li> Check the system event log for error messages </li>
<li> Enable logging the application process’ stdout messages </li>
<li> Attach a debugger to the application process and inspect </li>
</ul>
</fieldset>
<fieldset>
<h4> For more information visit:
<a href="https://go.microsoft.com/fwlink/?linkid=808681">
<cite> https://go.microsoft.com/fwlink/?LinkID=808681 </cite>
</a>
</h4>
</fieldset>
</div>
</div>
</body>
</html>
for each and every request. In my Event log I can see:
Application 'MACHINE/WEBROOT/APPHOST/DEFAULT WEB SITE/X.API' with
physical root 'C:\inetpub\wwwroot\X.Api\' failed to start process
with commandline '"dotnet" .\X.Web.dll', ErrorCode =
'0x80004005 : 80008081.
The questions are:
1) what can be a problem
2) Why in the event log I can see ...failed to start process
with commandline '"dotnet" .**X.Web.dll**...
3) Is there any other way to achieve this simple requirement of my client
So, just to make sure I understand you properly, initially, you had: www.example.com/X.Web and www.example.com/X.Api, and X.Web was calling X.Api, right? Then you moved X.Web files from wwwroot/X.Web to wwwroot directly, and it worked on your env but not on the production env? Which version of IIS are you using?
1/ Maybe an idea: by moving X.Web maybe you have changed the user under which your X.Web application was running, making it unable to launch your ASP.NET Core application.
2/ My suggestion to 1 could explain, credentials issues.
3/ I would definitively avoid putting the file of X.Web directly under wwwroot and instead I would configure IIS to get a redirection from www.example.com to www.example.com/X.Wep. You could use URL Rewrite module (maybe an overkill in that case but it's a module that is very good to know in my opinion because it can help in various scenario) or simply configure IIS to redirect, this SO thread could be helping How to redirect a URL path in IIS?
When trying to download google documents in node.js request module the following is returned
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>414 Request-URI Too Long</title>
</head><body>
<h1>Request-URI Too Long</h1>
<p>The requested URL's length exceeds the capacity
limit for this server.<br />
</p>
</body></html>
How can this be avoided without reconfiguring Apache?
My site has just been hacked and I suspect that it was a remote file inclusion attack. These are my server specs:
Windows Server 2008 R2 running ColdFusion 9 (9.0.1.274733) and IIS 7.5
This is the source code of the page that appeared after my site was hacked:
<!-- # sql_master : securiiity#gmail.com #-->
<html>
<head>
<title>0wned !</title>
<Meta http-equiv="content-type" content="text/html; charset=windows-1254">
<Meta http-equiv="content-type" content="text/html; charset=ISO-8859-9">
</head>
<body bgcolor="black">
<center>
<font color="#ffffff" size="3" face="Tahoma">0wned By <br>SQL_Master , Z0mbi3_Ma , xMjahd !</font>
<br><br>
<img src="http://fc08.deviantart.net/fs71/f/2010/255/e/7/never_look_back_by_arbebuk-d2yiadv.jpg" width="600" height="500"/>
<br><br> </div> </td>
<font color="#ffffff" size="3" face="Tahoma"><a class="__cf_email__" href="http://www.cloudflare.com/email-protection" data-cfemail="d389e3beb1bae08c9eb293bbbca7beb2babffdb0bcbe">
[email protected]</a>
<script type="text/javascript"> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script>
</font><br><br> <font color="#ffffff" size="3" face="Tahoma">FROM MOROCCO</font> </tr>
</table>
</body> </html>
My site and server are periodically scanned by Symantec and it only picked out the IP of the person who hacked my site.
After the site was hacked, I went and cleared the ColdFusion Verity search and in IIS, I made .cfm the default file type to give preference to and the site was back on line.
However, I did a whole site search but was unable to find the above code anywhere.
Can someone please explain to me how this types of attacks are made and how I can clean my site and server and prevent this from happening again in the future.
Thank you.
I have a website (just for my own references, nothing interesting for the public.)
When I load my page (Test Page) inside IE9 and view the source of the page - I can see the HTML as expected.
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<title>Test Page</title>
</head>
<body>
<div id="body">
Simple test page, with an image. <br />
<img src="http://www.w3.org/2008/site/images/logo-w3c-mobile-lg" alt="WC3 logo" />
</div>
</body>
</html>
But when I look at the developers toolbar (by pressing f12) the HTML appears in a <framset> tag.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Marrowbrook.com </title>
</head>
<frameset rows="100%,*" border="0">
<frame src="http://217.118.128.188/wotney//TestFiles/testpage.htm" frameborder="0" />
<frame frameborder="0" noresize />
</frameset>
<!-- pageok -->
<!-- 02 -->
<!-- ->
</html>
Using Chrome, if I right click and View Source, I see the above <frameset> code, but I can also right click and select View Frame Source where I can see the HTML as expected.
Can anyone tell me why I'm seeing this ?
Thanks.
This could happen because your host name was bought with one provider, but you are hosting it on another - and you got a frame based redirect setup.
What platform is your site hosted on? It looks like the server is doing something, because the src of the frame in the frameset points to your page. It could be some kind of 'preview mode' or something of the server/cms. So it looks like the server is using a default page with a frameset on it, that pulls your actual page into it after you deploy it
It also happens when the domain you are using to get to the site is set as "Masked" Forwarding.
Check with the domain manager on your hosting and remove masked forwarding.