I am facing one issue. I am accessing third party image into our site but it gives me 403 error.
But I am able to access it if I am hitting that image url directly on browser.
Please provide what the reason behind it
This image is not available for hotlinking. Service does checking of referrer and doesn't allow to embed image inside another sites. You can try to use proxying for that reason with short server-side script.
Please, refer to this thread, if you're using PHP.
Related
I have configured a webserver on localhost with https using Microsoft IIS Administration. I am able to browse directory with files with browsers and Visual Studio using localhost prefixed with https, such as https://localhost/trial etc.
I wish to upload a file to the said directory, ie., trial, using Libcurl to test some features. Unfortunately I'm unable to do so.
Using the same Libcurl example as given on
Libcurl File Upload
-modified for https, the console window tells me that the following has occurred, upon running the code :
IIS 10.0 Detailed Error - 405.0 - Method Not Allowed
HTTP Error 405.0 - Method Not Allowed The page you are
looking for cannot be displayed because an invalid method (HTTP verb)
is being used.
I checked the IIS Administrator and saw that all authorizations are allowed. I suppose the fact that it is flagging a HTTP verb issue rather than HTTPS as I'd enabled and used as URL in code isn't a big thing?
Libcurl uses PUT for uploading files, so should be an allowed verb.
I am quite new to this, so I'm not certain I did something incorrect with the setting up of the webserver, or whether there are security issues or permission issues which are causing a problem here.
As far as I know, there is impossible to use http put or post a file to a IIS web application's folder without writing server-side code. Otherwise, configure an FTP site on your IIS installation. Then you could use ftp command to upload the file.
If you really need using HTTP put or post to upload the file, you could consider using WebDav.
More details about what is webdev and how to use it, you could refer to below article.
https://learn.microsoft.com/en-us/iis/install/installing-publishing-technologies/installing-and-configuring-webdav-on-iis
https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-7/what39s-new-for-webdav-and-iis-7
Try hostname instead of localhost
Add a trailing slash (/) for the directory.
I am trying to use an image from an existing website in my html page. The issue is that the image is not getting resolved correctly, Even when I hit the image URL directly on browser, its getting redirected to some other site. I have tried on all browsers but no luck.
I have heard about restricting resource using hot linking but in this case not sure whats happening. Any pointers/suggestions please.
Eg - I want to use image(http://www.acsisair.com.au/wp-content/themes/acsis-air/images/logo.png) but when hitting this URL after clearing browser cache, its being redirected to other website (http://www.nine.com.au)
It's very, very likely a form of hotlinking protection: if you change the URL subtly to make it clearly incorrect, you get a 404 page.
That means when you enter an URL to a resource that exists, you're given a header redirect. That's not an accident.
There's likely nothing you can (or should) do to circumvent this.
Use images you can host on your own site.
We're looking to do some scraping on a specific URL that uses cloudflare. Has anyone experienced issues using Zombie.js/user-agents while trying to crawl cloudflare hosted sites.
Would love some help!
I am trying to interface to an API on a client's site and I am getting a 403 error indeed. The request doesn't even reach my server.
Turning security to "essentially off" did not help. The final solution was to white-list the developer machine's IP.
The error is triggered on a single URL (json serving API) with a Java client with standards compliant libraries.
Solution:
1. try to set a rule to allow direct access for that URL
2. try setting security to weaker and weaker ("essentially off")
3. if both fails: try whitelisting
4. set up an alternate non-cloudflare url (direct.domain.com)
These will of course only work if you can negotiate with the site owners.
Backup solution: use an embedded browser that you can "frame" and "remote control" or a testing framework that does the same through a plugin, and extract the content from there (if you can)
Hope this helps.
You're probably triggering one of our security features by trying to scrape a site on us. The only option, really, would be to ask the site owner to whitelist your IP(s) to override the behavior.
I have researched the Internet to solve the following cross-domain web-client situation without luck:
A client browser with website A loaded wants to download a webpage-stream directly from website B and incorporated the steam into its DOM.
The boundary conditions are:
webserver of website B has no special policies for:
-cross-domain accesses,
-and/or special jsonp services.
I don't wat to use either:
-a proxy-service on my webserver, or
-using a third server such as http://anyorigin.com/, or
-depend on a particular extensions for the browser.
I understood that actual browsers don't handle 'X-Frame-Options' different that 'SAMEORIGN'
Do you guys have any feasible solution?
Is there a reason you don't iframe in the results of website b? That'd be the first thing I tried...
I'm afraid you'll have to patch the feed in at the server level. But at least, you can add a cache so it doesn't pull the feed in every request.
Edit: I'm assuming you don't want iframes
I've added a SSL certificate to an existing site, and now in IE I get a mixed content warning. Problem is, I don't know what's the non-secure content IE is warning me about. It's a simple html page, with a few Flash, a few images, a loaded CSS and JS.
How can I find out what's the non-secured content..?
Edit:
I found the culprit: it's the JS AC_RunActiveContent.js used to display Flash movie. So anyone has an idea on how to prevent SSL mixed content when using AC_RunActiveContent.js.?
This means that something is requesting content using the http protocol specifically, or you have an absolute path to an image or other content that begins with http instead of https.
A few tips: Use relative paths everywhere you can. If you must use an absolute path, and it's to a server you own, use https. If you're loading stuff from off your site, you're probably stuck with the mixed-content warning.
This also goes for your scripts, check out the JS, and the CSS template and make sure they're not the guilty parties - if they are change them to use relative paths, or to request items via https instead of http (assuming you're positive that the server they're referencing supports https, if it doesn't you're stuck).
There are a few other details, this might be helpful.
Ok, so here is the solution for my particular problem. It was the codebase value in my code that needed to be https as well (I didn't think it would trigger the warning, as my Flash were displaying correctly, oh well)...
AC_FL_RunContent( 'codebase','https://download.macromedia.com/pub/shoc...
Link to Adobe info on this: Security Information error in Internet Explorer
I use the Firefox console -- it reports the http resources it blocks from fetching on a mixed content page.
Search your source for http: only. Another great tool to help you out is Fiddler with which you can see what's getting downloaded upon requesting your page.