I have a website, at localhost:82
when I type this into IE, it comes up with a 404 error and the requested URL is localhost:80/wwwroot, which is not at all what I requested.
There is no URL rewrite set up. I have tried to set up a tracing rule to see what is happening, however, the instructions at http://learn.iis.net/page.aspx/266/troubleshooting-failed-requests-using-tracing-in-iis-7/ say to look for "Fail Request Tracing" link, but it doesn't exist in my IIS 7.0 even under administrator.
Not sure where to look or why this is changing my requested URL.
Any help would be appreciated.
Run Fiddler and check the HTTP response.
Related
I am experiencing a redirection malware in some of the subpages of my website. I tried deleting a script that´s been created by someone else. I use wordpress. But it still redirecting to that site. I don´t know how to fix it. It would like some help please.
In the console also appear messages like these:
www-widgetapi.js:1120 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube.com') does not match the recipient window's origin ('https://mysite.example').
q.sendMessage # www-widgetapi.js:1120
googleads.g.doubleclick.net/pagead/id:1
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
static.doubleclick.net/instream/ad_status.js:1
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
jsclou.in/pab1002.js:1
Mixed Content: The page at 'https://mysite.example/wp-admin/post.php?post=114&action=elementor' was loaded over HTTPS, but requested an insecure frame 'http://malware.example'. This request has been blocked; the content must be served over HTTPS.
Any advice about this please?
Tried to delete the script where I found the site jsclou. It din´t solve it.
It look like this:
I have correctly configured the resource id in the "site" section in the system settings. But when I enter a mysite/ non-existentaddress in the browser, instead of a redirect to 404, a redirect to the main page occurs
I tried to add in my htacceess file redirect to 404, but it didn’t help
So your error_page system setting has published resource ID as desired 404 page, right?
What do you see here https://www.redirect-checker.org/index.php checking yoursite/non-existentaddress URL?
This setting should work without any htaccess additions, please comment them if any.
BTW how about friendly URLs, is it active now?
I would like to return a 404 status code for every single request to a website. I still want to deliver a page of content, but I want the status code on every single request to be 404. (It's weird, I know, but there's a specific reason...)
I know I could do with this an HTTP Module or an OWIN pipeline, but I'd like to do it without writing or deploying code, if possible. However, this is a very weird situation, so I'm not sure if this is possible.
Can I set this from the web.config?
As lex says, we couldn't return the right content page with 404 error status.
Here is a workaround, we could try to use custom error page to achieve your requirement. If it should return 404 error, you could redirect the page to custom error page. But you should use the url rewrite to redirect all the pages to a not existed page.
Details about how to use custom error page in IIS, you could refer to this article.
Details about how to use url rewrite, you could refer to this article.
Here's the thing. I'm trying to protect my server from XSS Attacks (And so far with no trouble at all, changing HTTP response Headers and other things) But a Generic vulnerability is still going on, and it happens because in the URL some javascript code can be inserted
(i.e. http://myhost.com/thisfile.jsp?<script>alert("hello")</script> )
when I type this, the response is HTTP 202 OK Status (It redirects to my 404 page). But I need to do one of these actions:
throw another HTTP Status (405, 500, Or any status giving an error)
Throw an error.
What can I do? Is there any way to strip the tags or recognize them via web.config file to throw an error?... I've been trying with the rewrite module and the request filtering with no success at all.
Thank you so much in advance, regards.
Thank you... I solved it and it was so easy (I can't believe i didn't try that first).
I went to IIS manager and then click on request filtering.
Then, on the "Rules" tab I added a "Filtering Rule". Applying to all file extensions and in the field "Deny Query String" I added <script>, <scr+ipt>, etc. So when the URL comes with a tag like that the connection is closed without showing 404 or any error page.
It worked and now the vulnerability scanner doesn't show any risk.
I am trying to use an image from an existing website in my html page. The issue is that the image is not getting resolved correctly, Even when I hit the image URL directly on browser, its getting redirected to some other site. I have tried on all browsers but no luck.
I have heard about restricting resource using hot linking but in this case not sure whats happening. Any pointers/suggestions please.
Eg - I want to use image(http://www.acsisair.com.au/wp-content/themes/acsis-air/images/logo.png) but when hitting this URL after clearing browser cache, its being redirected to other website (http://www.nine.com.au)
It's very, very likely a form of hotlinking protection: if you change the URL subtly to make it clearly incorrect, you get a 404 page.
That means when you enter an URL to a resource that exists, you're given a header redirect. That's not an accident.
There's likely nothing you can (or should) do to circumvent this.
Use images you can host on your own site.