I have a problem where due to network issues here I need to access my site via IP not hostname. This causes IIS to recognise the requests as being to the IP (10.0.6.63) instead of the loopback 12.0.0.1
It will find the sitecore_media.ashx fine but the media handler then redirects to 404 instead of serving the media.
Could someone tell me how to get the media handler to accept this request or point me at the doco that explains how it works?
Thanks
Jim
The media handler relies on the SiteResolver to ensure that the correct media items are returned.
As #Martin states - you need to ensure your <site hostName=""> is correctly configured. The hostname attribute value is tested against HttpContext.Current.Request.Url.Host. If you access your site as http://127.0.0.1/sitecore then your hostName is 127.0.0.1.
Note too that you can put multiple entries into a single hostName attribute by pipe (|) separating them.
Related
I'm testing a cname record to a domain on my windows server 2012 r2 for future purposes.
I have this website => http://hiligolan.co.il/ which is already running.
This is the binding setup
Now I'm trying to set a different domain to the one I mentioned above using a cname record
When I'm surfing to http://rideme.co.il/ it returns http not found (as you can see)
Checking the ping shows no problem
So I assume that maybe the problem is at the server,
Could it be that something in the iis configuration blocking it?
note: I'm not looking for 301/2 redirect, what am I looking for is that anyone who will surf http://rideme.co.il/ will actually see http://hiligolan.co.il/ website but under rideme.co.il domain.
note 2: I'm not looking to add every other domain on my iis host binding (assuming I have thousands domain), I just want it to be "open" to all, allow every domain referring cname to => http://hiligolan.co.il/ to display it.
Thanks in advance.
You explicit ask IIS to only forward HTTP requests whose Host header contain hiligolan.co.il with that site binding.
Therefore, any request with Host header of rideme.co.il is not forwarded and 404 makes perfect sense.
The fix is also easy, to add a second site binding for the new domain.
Reference
https://docs.jexusmanager.com/tutorials/binding-diagnostics.html#background
Say we have an internal URL https://my.internal.url (in our case a Liferay Portal) and from a web application firewall an external URL https://my.external.url pointing to this internal URL.
The internet user is using the external URL.
PrimeFaces extends attributes like for example
onclick="...;window.open('https://my.interal.url'..."
This leads to CORS problems.
The HTTP header Access-Control-Allow-Origin is not an option, since the internal URL is internal.
We'll talk with the WAF people about URL replacement, but I'd like to know wether or not we can tell PrimeFaces to use the external URL (or maybe relative URLs in case this would work).
The portal doesn't know about the external URL but of course we could implement this as a configuration option.
(watching the source code, there are more occurences of the internal URL outside of the jsf/PrimeFaces portlet, so I add the liferay tag too)
Update
The question is obsolete, WAF has to handle this correctly (an old SSL environment did it, a new WAF environment doesn't)
You say
The portal doesn't know about the external URL
however, any properly configured reverse proxy (or WAF) should forward the actual host name used to request the current page.
On Apache httpd's mod_proxy_http, this is done with the option ProxyPreserveHost On. When forwarding with AJP, the host is automatically forwarded. Other WAF/Proxy configurations - of course - differ. But the proper way to generate the URL is to let the generating server know what URLs it should generate.
If you need to worry about the proper host name, you'll need to do so by request: Liferay is well able to use Virtual Host names to distinguish between different sites - and if they're completely different, you might be signed in to one of them, but not to the other. This has a repercussion on the permissions.
Have the infrastructure handle it for you. Don't write code (or application configuration) for it.
We have a domain name with DNS management facility. We also have a web application developed in a GlassFish server hosted in a virtual server with a path is
http://198.98.103.233:8080/pemis/
I want to direct to the home page of that application when some one type the domain name. After navigating through the pages, we must be able to see
http://www.pemis.lk/faces/public.xhtml
in the browser rather than
http://198.98.103.233:8080/pemis/faces/public.xhtml
How can we configure that.
Thanks in advance.
You need to install your application as the root application in Glassfish, as explained here. But it's not hard:
asadmin deploy --contextroot "/" your-webapp.war
or set the context-root property in the sun-web.xml or glassfish-web.xml depending on the version of Glassfish you use.
To change the port Glassfish listens on you need to modify the HTTP Listener configuration. On default installations you'll want to change http-listener-1's port. You can do so using the console. But you can also directly edit the domain's domain.xml:
<network-listeners>
<network-listener port="80" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool"></network-listener>
...
</network-listeners>
Last, to make www.pemis.lk point to that server you need a DNS entry that points to the address the server is attached to. The details of how to do that depend on the comapny that sold you the domain, quite often they have online tools that allow you to enter or modify the name-address mapping. In case of doubt it's best to contact them by phone or mail.
I'm on the same path and, as you don't posted the solution that you found (if you found it), I'll add here some future reference for anyone facing this problem.
I'll break the question in two parts: Eliminating host:port and changing how the URL behave.
I don't have a complete response to the first, however if you chose to listen at port 80, by HTML standard, you will supress the port on the URL, getting half the solution you want.
The second part, changing the URL behavior and/or shortening it can be achieved by either using mod_rewrite in apache or Tuckey's URL Rewrite Filter (http://www.tuckey.org/urlrewrite/). A google search using URL Rewrite can achieve you a more in depth explanation and there's a guide on the website.
You should, however, update your question with an answer, if you found one.
Is it possible to block all requests that use the IP address rather than the domain name for a site on IIS? For example, i'd like to block https://104.100.100.2 but not https://somesite.com (which resides at the dummy ip of 104.100.100.2). I've tried using URLScan 3, but was unable to build a working rule. Thanks!
http://technet.microsoft.com/en-us/library/cc753195%28WS.10%29.aspx
Have a look here and bind to the publicly accessible domain name - should do the trick (IIS won't respond to requests that haven't accessed using the https://somesite.com)
Not sure how else to do it...
Dave
Suppose I have two domain names (domainA, domainB). I set the CNAME record of domainA to domainB, so whenever a user resolves domainA, he will be redirected to resolving domainB instead. My question is if it is possible to restrict accessing domainB directly. So no one can resolve domainB unless it has first resolved domainA.
The DNS system is designed to be an open system that allows anyone to resolve addresses. In its native form it is not possible to do what you are looking for.
Even though the most common (perhaps only) software used for DNS servers on the internet is open source ISC Bind - And you could potentially use that to write your own DNS server to attempt to create that functionality I am reasonably sure that because DNS works as a referral network (i.e. other DNS servers make requests against your DNS servers on behalf of clients) it would be difficult to lock DNS down to a single source.
Simply DNS isn't designed to provide any form of security. Your request is akin to asking 'could I make a phone book that only allowed people to read my name if they read my neighbours first'
The only method you could use is to allow users to make a request to example.com and from their redirect their request to example.org. That way you are operating at a level higher than IP Name resolution and you start getting more control over what happens.