Amazon Cloudfront and Exotic File Extensions - Access Denied - file-extension

Alright, I've run into a weird issue - I have a series of .unity3d files on Cloudfront via an S3 bucket, as well as test images, and a .unity3d.zip version of one of the files. The .unity3d files result in an "Access Denied", but the images and unity3d.zip file download just fine.
What's going on, and can I fix it, or must I append/trim .zip to all my unity3d files?

So, turns out, this is a mis-diagnosis, related to the exotic file extension. When a ".../file.unity3d" address is entered into the address bar of Chrome, it does not replace the webpage previously loaded. If that previous load was an Access Denied, you'll still see it.
In more detail:
If you have a malformed URL (a typo, say), OR if you have a restricted access file on S3, you get an Access Denied.
And if you have a file the browser doesn't know how to open, it will not update the webpage
So, if you (as I) first visit an address that generates an Access Denied, and then visit a valid address with, say, a unity3d file, in the same tab, it will appear as though the unity3d address generates another Access Denied, when it doesn't, making the valid address appear invalid.
You can more easily see what's going on via curl in the command line.

Related

Restrict access to content via a signed URL in IIS?

In the past, I've used NGINX and the ngx_http_secure_link_module to achieve this, which has worked great. If you try to access a media file directly, you get a 403 access denied error. But with a valid signed URL...
emample.com/media/audio.mp3?expires=[1 hour]&signature=[SHA2(filename+expiration+secret)]
...access is granted.
But I'm using IIS now, and I'm wanting to achieve the same thing. I've tried using ASP code with the URL rewrite module, where I'd create an empty media folder with an ASP page to process requests, store all media in an offline folder, and use the rewrite module to spoof URLs.
For example...
emample.com/media/audio.mp3?expires=[1 hour]&signature=[SHA2(filename+expiration+secret)]
...would rewrite to a page called "stream.asp". I'd check the signature, return an error if it was incorrect, but otherwise I'd change the content type property to match that of the file, then do a binary stream from the offline folder where the real file is stored.
This worked fine for documents, but for audio and video, it was sluggish, and you couldn't skip the content back and forth. I'm sure I could have adjusted the code to have made this possible, but accessing files this way put a lot of strain on IIS.
What I'm looking for is a simple URL check in IIS that either grants access to a file or denies it based on a URL signature check.
Does anybody know of an IIS module that can do this? Or perhaps it's even possible to use the URL Rewrite module to achieve this?

403 - Forbidden: Access is denied. Getting my site to display

I am trying to change the content of my site (it is a help site and I have gone from using one software package to another for creating it) and usually, I would just make sure that the content was in the root folder and all is good.
The issue is that when I change the content I get a 404 error, so I did some googling and put some code in the web.config file and now I get a 403 error! Then I tried everything I could and still get the 403.
If I change the content in the root folder back to the original, there is no problem and on another site I have, I can just add a folder then navigate to www.site.com/newfolder and it works fine.

PaperJS importSVG from local file

Having recently resolved an issue I was having with PaperJS canvas I am currently trying to import an SVG via the project.importSVG() function.
I can successfully import a http addressed file such as this: https://upload.wikimedia.org/wikipedia/commons/8/84/Example.svg
However all local file uploads fail with 'error code 0'. I thought prepending the path with file:// might do something, but no dice
Error code:
Error: Could not load "file:///Users/#####/Documents/####/########/green-leaf_final.svg" (Status: 0)
The javascript code I am using is:
project.importSVG("file:///a/path/to/file/green-leaf_final.svg", function (item) {
console.log(item);
});
N.B: a warning comes up for local files also saying:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///a/path/to/file/green-leaf_final.svg. (Reason: CORS request not http).
Which personally seems even more confusing - I am not trying to read a remote resource, but perhaps the file:// prefix is interpreted in this way?
The answer to this question is more about general web hosting and web browsers than anything else.
Whilst this answer might not tell you directly why, any file being accessed from a remote origin (or even in your local machine), for specific browser request types, stops you from accessing this resource unless a 'CORS header' is included with within the origin.
Presumably, a local file system cannot supply this information, and as such you should host your file on localhost or another hosting means you have available in order to do it.
If you are already developing in PaperJS (and therefore likely have npm as a command-line tool) and this sounds daunting, then use npm install http-server -g and check the docs here for information about flags to provide and how to start the server. For this purpose you should navigate to the desired directory where your target file is in an OS command line shell and write http-server -o --cors.
The above command should serve all your current directory's files on localhost.

Htaccess - Allow access to file only from pdf.js

i have some problem with .htaccess file.
For prevent download or print of pdf documents , i am using PDF.js for reading contents.
Now i want to disable direct http connection to those files.
Inside the pdf.js folders, i put a directory called "doc", that contains all items and this .htaccess:
Order allow,deny
Deny from all
<Files ~ "viewer\.html$">
Allow from all
</Files>
Where viewer.html is the page that contains the documents reader.
So, when i try access from my browser to
localhost:8080/test/pdfjs/web/viewer.html?file=doc/mondia.pdf
i get:
Unexpected server response (403) while retrieving PDF "../test/pdfjs/web/mondia.pdf"
Where i am wrong?
If PDF.js is running inside the user's web browser, then the user needs to be able to download the PDF document. Apache can't (reliably) tell the difference between "PDF.js on the user's computer" and "Google Chrome on the user's computer" - both are HTTP requests from the user's computer for the resource.
If you really wanted to, you might be able to detect some header set by PDF.js when it requests the PDF, and refuse requests without that header. That would stop casual users directly accessing the file, but anyone who presses F12 in their browser could see the PDF being downloaded by PDF.js and save the contents from there.
Even if you served it in some form other than PDF, the user could copy and paste the resulting HTML, or take a screenshot of how it renders to the screen.
Stopping a user doing something with their own computer is fundamentally hard; if they can read something on their screen, you have sent it to them in some form. To really block them, you need a trusted "DRM" encryption system that renders directly to screen without ever making decrypted data accessible to the user. In the vast majority of cases, that would be completely overkill, and just annoy your users (for instance, blind users probably won't be able to access the content, as their screen reader software will not be trusted).
You can try with this plugin
https://it.wordpress.org/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/#description
or similar,
DRM is the best solution for wordpress site.
Or try with this header in pdf-js
How to set range header from client with pdf.js?
Please edit the .htacess file present in Vtiger_root_location/storage
add 'pdf' option as follows:

Problems with .pdf-files in Joomla 1.6

I've installed a Joomla 1.6 template, and everything is working fine except 1 thing.
I have uploaded some .pdf-files somewhere in the file system and people who visit the site can view or download these pdf-files, but when I click on the link or trying to right-click and "Save as target" I get an error message like this:
Forbidden
You don't have permission to access
/path/filename.pdf on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request. Apache mod_fcgid/2.3.6
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server
at website Port 80
I've logged in as administrator and checked if I found anything that denies access to files with .pdf extension, but all I found was that it seems like a .htaccess-file is being created in the same folder as the .pdf-files just after I'm trying to open them in my browser.
The content of the .htaccess file that is being created is this:
deny from all
I have also tried to edit this files content to "allow from all", and tried to delete it too, but Joomla is just changing it back.
Anyone know why or what that prevents me from viewing or downloading the pdf-files?
If it's a UNIX/Linux server you can FTP in with a client that shows permissions like FileZilla. It's probably the permissions associated with the parent folder cascading down to these files. Try to see if you can upload an image to the images folder and if you can save it the same way you're trying to save the PDFs. If downloading the image to your machine works, I would then look at the permissions settings. If you're not sure which permissions to look for, check out this: http://www.tuxfiles.org/linuxhelp/filepermissions.html
Usually a client can download/view files with permissions of 644 or higher.

Resources