I'm trying to access a streaming page but I get the error "Forbidden. You do not have permission to access this document."
However I can skip this message with F5/refresh and watch the video.
Is there any way to open this URL and do a refresh automatically? (using PHP)
I've tried something like this but it does not seem to work
header("Refresh:0; url=http://www.url.com");
Thank you in advance.
The forbidden access message is most likely coming from your web server configuration (apache?). The browser will stop there, and no document will be loaded from your server.
Since PHP is only interpreted after that, it will actually not get interpreted at all... you have no way to override this behavior in PHP alone, you need to fix your configuration on the server.
If you have a behavior that shows a 403 once every two load, chances are you have either a load balancer type of setup (loading one server or the other), or something that alternate between two configuration (for example issues in your domain name configuration, like the ServerName configuration).
In that case, if you add a header("Refresh:0; url=http://www.url.com"); in your page, you will only get this worse, since the successful load will reload, and then get back to the forbidden message (403).
check your web server config and logs to find the issue.
It's more likely the page is using HTTP REFERER restriction from it's own domain.
If you accessing the page by code, just added the referer condition on it.
In php you can use curl and add this line
curl_setopt($ch, CURLOPT_REFERER, 'domain_url');
Related
I'm using a shared hosting service for my sites and there is a strange situation.
When any php page is accessed from a link (like Google search results page, etc), the page will not open.
The following error is shown:
"Forbidden you don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."
If the same url is input directly into the browser, the page displays fine.
The situation is not the same for html extension pages, which open properly from links too.
I am not using any .htaccess file.
Permission for files is 644 (I've never changed anything).
This situation is something new, there was not such a problem in the past.
Any advice is welcome.
hello i am implementing php files from one website into another and here is the following error message i am getting when trying to open the following page with implemented php files:
http://www.holidaysavers.ca/europe-destinations-canada.php
basically the php files i am importing from one website into another are identical , however they work on the original website but when i implement them into a new website it does not work anymore.
could you assist me in trying to get this resolved?
thank you
You can't include a PHP script that is on an external website/server into your local script - unless you enable allow_url_include on your php.ini (if you have access to it)
Instead, you can let that website/server render the page and get the resulting html output on your local script.
Replace this line in your script:
include('http://www.holidaysavers.ca/europe-canada.php?detour');
With this:
echo file_get_contents('http://www.holidaysavers.ca/europe-canada.php?detour');
Could you post the code from "europe-destinations-canada.php"? It looks like the script is asking to do stuff that's not configured in your php setup on this new site/server
I don't really know what kind of host you are using or if you are using Xampp, I do have an easy fix to it, for xampp and possibly other web server software. Go to your php.ini file, which you can search for or just look for it in c:\\xampp\php\php.ini, the php.ini should be in the php folder in the server software folder. Now search for allow_url_include in the php.ini file and than replace Off with On, if it isn't already on or something. This is most likely the fix because it worked for me.
I might be able to help further if I know if you are using a hosting or home server. If you are using a hosting website than please share what kind of hosting service you are using so I could inspect it further.
Using as example a random remote php file.
The goal is to use this remote file locally, make sure it hasn't change or be altered. The remote file will be downloaded one time only.
Hard coding the sha256 signature avoid to use the network on startup. This is just a base that can be turned to many scenarios, like checking for updates, depending your needs.
<?php
$lib_url = "https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php";
$lib_filename = basename($lib_url);
// SHA256 signature
$lib_signature = hash_file("sha256",$lib_url); // "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd"
// Hardcode the signature to avoid a network call on startup:
//$lib_signature = "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd";
if (!is_file($lib_filename) || $lib_signature != hash_file("sha256",$lib_filename)){
// No local copy found, or file signature invalid, get a copy
copy($lib_url, $lib_filename);
}
require $lib_filename;
It is very useful if you intent to share a program as a single file, without composer.
For the case of a file hosted on Github, an ETag HTTP header is provided, it can be used to avoid to download the whole file.
php -r 'var_dump(json_decode(get_headers("https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php", 1)["ETag"]));'
//string(64) "c0153dbd04652cc11cddb0876c5abcc9950cac7378960223cbbe6cf4833a0d6b"
The ETag HTTP response header is an identifier for a specific version
of a resource. It lets caches be more efficient and save bandwidth, as
a web server does not need to resend a full response if the content
has not changed.
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/content/91/8151691/html/HolidaySavers.ca/europe-destinations-canada.php on line 52
says it all. I believe this is called XXS. It appears you're attempting to include a URL based file which is denied in your server configuration which is either one of two things.
You're attempting to include the file on site B from site A which you would then use instead of include('WhateverFile'); file_get_contents('WhateverFile'); however this will only return the client side data as it is an HTTP request;
You've duplicated the file on site B and forgot to update the domain configuration. Be sure that the include path reflects the site you're running the script on ie.
include(dir($_SERVER['SCRIPT_FILENAME']) . DIRECTORY_SEPARATOR . 'WhateverFile.php');
In any case. I would have to actually examine the line 52 on the said file to see why PHP is complaining to you in detail lol
I am using linux cpanel shared hosting.
Am using http://aaa.com/script.php to scrape data from other website.
PHP portion is to curl call to read whole page content, then on the page, will output the full content as html, then use jquery scrapping & ajax call to insert final data into mysql.
(I decided to go for jquery client side scrapping because the page with html to scrap is pretty complicated, and hard to achieve with phpsimpledom and regex.)
I want this page to stop outputting html when it is
- not open by me as a tester
- not open by local cpanel cron task.
So I put exit(); at the top few lines.
If detected is legitimate, then will continue the rest of the html outputs at bottom, else, just exit and show an empty page.
Now is security issue, what's the possible and best way for me to make sure other visitors/bots to this page will see empty page.
If I put a password to cron task, I don't think it can work right?
Because at script.php I am scrapping data, so if the website owner see the visitor referral log, he can see the full url including ?password=12345, isn't it.
/usr/local/bin/php -f /home/mysite/public_html/dir/script.php?password=12345
If I put my script outside of public_html, like /usr/local/bin/php -f /home/mysite/script
I don't think it will work for jquery, it is purely for php isn't it?
What else I can do??
You could config apache's virtual host to only allow access from your ip.
Anyone else would get a 404 page not found or 403 permission denied depending how you configured it.
Here's a sample
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Using 127.0.0.1 tells apache to let requests from itself (ie cron) to work but noone else.
You get learn more by reading the apache2 docs
Passwords on the query string are a bad idea. You could check for valid IP addresses at the start of your PHP file. This will allow any request from a set of IP addresses to access the parsed jQuery output. All other IPs will be denied access.
$allowedIps = array('127.0.0.1','::1');
if(!in_array($_SERVER['REMOTE_ADDR'],$allowedIps)){
echo 'No jQuery for you';
}else{
echo 'jQuery goodness to follow...';
}
I have deployed my PHP application built on Codeigniter. When I call the root URL, browser is successfully redirected to login view but not HTML is rendered.
What can be the issue?
Did you deploy it to a different computer than your development machine. Maybe you are using "nice urls" and the target server does not allow url rewriting with htaccess?
If nothing is being shown in the browser it is worth checking the following:
system/cache is writeable
system/logs is writeable
GZIP compression is disabled in application/config/config.php
telnet port 80 and see what you get back, any headers?
tail the logs to watch for errors
It could be related to the way you load views.
Loading a view this way sends it straight to a browser:
$this->load->view('foo_view.php', $data);
But if you have an optional, third, parameter set to TRUE, it will return data as a string so you have to echo it:
echo $this->load->view('foo_view.php', $data, TRUE);
More info at the bottom of this CI User Guide page.
There should be proper deployment otherwise you are bound to see issues. This may prove helpful to you.
Deploying CodeIgniter (or any PHP projects) to the live site?
I have one form in a PHP (5.2.9-1) application that causes IIS (Microsoft-IIS/6.0) to throw the following error when POSTed:
The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access.
It's an HTTP 405 status code. All other forms in the application work, so I believe that the IIS 'verbs' setting for PHP pages is correct.
This is a customer's server, which I have no access to for verifying settings or testing code. All I can do is send the customer replacement files. Other customers on IIS servers have no such issue.
The form is perfectly straightforward:
<form method="post" action="index.php">
... fields ...
</form>
What can cause IIS to throw that error on one form only, but work fine on others?
I managed to get FTP access to the customer's server and so was able to track down the problem.
After the form is POSTed, I authenticate the user and then redirect to the main part of the app.
Util::redirect('/apps/content');
The error was occurring not on the posting of the form, but on the redirect immediately following it. For some reason, IIS was continuing to presume the POST method for the redirect, and then objecting to the POST to /apps/content as it's a directory.
The error message never indicated that it was the following page that was generating the error - thanks Microsoft!
The solution was to add a trailing slash:
Util::redirect('/apps/content/');
IIS could then resolve the redirect to a default document as is no longer attempting to POST to a directory.
I am deploying VB6 IIS Applications to my remote dedicated server with 75 folders. The reason I was getting this error is the Default Document was not set on one of the folders, an oversight, so the URL hitting that folder did not know which page to server up, and thus threw the error mentioned in this thread.
The acceptable verbs are controlled in web.config (found in the root of the website) in <system.web><httpHandlers> and possibly <webServices><protocols>. Web.config will be accessible to you if it exists. There is also a global server.config which probably won't. If you can get a look at either of these you may get a clue.
The acceptable verbs can differ with the content types - have you set Content-type headers in your page at all ? (i.e. if your Content-type was application/json then different verbs would be allowed)
By any chance have you tried POST vs post? This support article suggests it can cause problems with IIS: http://support.microsoft.com/?id=828726
I don't know why but its happened when you submit a form inside a page to itself by the POST method.
So change the method="post" to method="get" or remove action="anyThings.any" from your <form> tag.
It sounds like the server is having trouble handling POST requests (get and post are verbs). I don't know, how or why someone would configure a server to ignore post requests, but the only solution would be to fix the server, or change your app to use get requests.
We just ran into this same issue. Our Cpanel has expanded from PHP only to PHP and .NET and defaulted to .NET.
Log in to you Cpanel and make sure you don’t have the same issue.
I had this issue with a facebook application that I was developing for a fan page tab. If anyone faces this issue with a facebook application then
1-goto https://developers.facebook.com
2-select the application that you are developing
3-make sure that all the link to your application has tailing slash /
my issue was in the https://developers.facebook.com->Apps->MYAPPNAME->settings->Page Tab->Secure Page Tab URL, Page Tab Edit URL, Page Tab URL
hope this will help
As drewm himself said this is due to the subsequent redirect after the POST to the script has in fact succeeded. (I might have added this as a comment to his answer but you need 50 reputation to comment and I'm new round here - daft rule IMHO)
BUT it also applies if you're trying to redirect to a page, not just a directory - at least it did for me. I was trying to redirect to /thankyou.html. What fixes this is using an absolute URL, i.e. http://example.com/thankyou.html
i had to change my form's POST to a GET. i was just doing a demo post to an html page, on a test azure site. read this for info: http://support.microsoft.com/kb/942051
An additional possible cause.
My HTML page had these starting tags:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
This was on a page that using the slick jquery slideshow.
I removed the tags and replaced with:
<html>
And everything is working again.