I was wondering if it is possible to block certain things from running through server.
Example. I am apart of ad network and some of the ad's are sexually suggestive. I have asked to not get these ad's on my page but was told they can't control the delivery network to block only adult ad's.
Is it possible in apache or htaccess or something to program the url's of the "dirty" ad's and have them not show up to the end user??
Sorry if my question is worded poorly. Thanks.
The below code in htaccess denies access to sexualwebsite.com:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*sexualwebsite\.com [NC]
RewriteRule .* - [F]
</IfModule>
Replace sexualwebsite with whichever domain you want to block. Source: http://davidwalsh.name/block-domain
Usually ads are not actually served by your server but injected into the page on the client using Javascript. Nothing you modify on your server would affect which ads are being pulled in by that client-side script.
It's might technically be possible to have some additional Javascript to monitor the ad-serving script and disallow the loading of an ad, but it would be a hack and would break if your ad provider changes something. It would also probably violate your ad provider's terms of service resulting in you not getting paid.
The only reliable way to control which ads are being served is by some API or control panel that would have to be provided by your ad network. If they don't offer this functionality, then there's probably nothing you can do about it.
Related
I'm experimenting trying to build a web app for an idea that I had. I wanted to basically have people log in over Facebook (so I won't be handling passwords anyway), and add in their student email address (ie .edu). Then, this information would be stored in my site's database.
I realized that since this is potentially sensitive information, it might be a good idea to encrypt--and I wanted to figure out how to use SSL anyway. I installed the certificate and used .htaccess to redirect visitors to the https site... Then I noticed that the jQuery EtherPad plugin I was using had stopped working. Presumably, I will eventually figure out a better fix for using EtherPad, but I was wondering anyway, if there's any purpose to using SSL on the entire site or if it is correct. I had heard that it makes a lot of sense to use https only when users are entering secure information, ie login.
Additionally, I can't quite figure out how to do this. If you enter my site's name, it redirects the homepage to https. Furthermore, from there, any links remain https. However, if you enter a folder ie /about, it will use http until the user goes to the homepage.
Any advice? I hope this is specific enough. I read several other pages, but they were too dense for me and didn't seem to address my specific question. I am a web development and stackoverflow noob.
Below is my .htaccess file. I have a vague understanding of what it means, but not exactly.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^website\.com
RewriteRule (.*) https://www.website.com/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ http://www.website.com/login/$1 [R,L]
i read the other threads about this topic but i couldn't find anything that i felt could apply in my case. It seams pretty basic though. I have a website built in php with apache server. In this moment all the traffic is done via http. The people who paid for the site, now want to move it to https. They bought a certificate and the web server hosts will install it. What changes do i need to make to make it work via https, besides changing the redirects within the code?
I also found this link which seems pretty helpful, but i think maybe it's too complex?
Thank you,
Alex
You should change your resource links (like external JavaScript references such as jQuery) in the site where there are hard-coded paths in http://domain.name/some-link-here to just //domain.name/some-link-here. This will prevent the browser from complaining about mixed-mode content.
For links that are on the same domain, you could use absolute/relative URLs.
After that you can place and .htaccess such that any URLs accessed on the domain would automatically redirect to the HTTPS version. Place the following lines as the first rule in the file
.htaccess code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The .htaccess will also take care of any hard-coded links (towards the same domain/site) that you might have in your site and that you have missed.
I am making a template for a website and want every page to be passed through a single php file to allow for both easy page editing and elegant, intuitive URLs. I have a standard Linux webhosting package and want so that when the user visits http://example.com/language-x/a-page-called-foo then the sever invokes and returns the output from http://example.com/template.php?page=a-page-called-foo&language=language-x without the user seeing anything to do with tamplate.php in the address bar. Is there some standard way to do this so I don't have to contact my webhosting provider and asking for them to tweak the way the server is working?
Assuming you are using Apache with mod_rewrite enabled as your webserver, what you can do is create a .htaccess file in your application root. The content of this file should, roughly, contain something like this:
RewriteEngine On
RewriteRule ^([a-zA-Z0-9]+)/$ index.php?page=$1
You can read more about this subject here http://www.desiquintans.com/cleanurls
Try to learn basic Regular Expressions patterns, as this is used for matching your URLs. http://regexone.com/
I had created a Wordpress website www.saftech.ae sometime back (end Jan- strt Feb). The website was working alright till I had last checked on 10th March 2014. A few days back I was informed by my colleague that the site is not opening. On going on the website I was greeted with a URL blocked by the service provider stating the material on the site comes under the Restricted Content Categories.
I tried opening my wordpress account but got the same page of URL being blocked. I couldn't even access the cpanel directly and I had to open it via the IP address. Being a first timer at making a website, I don't know what to look for in such a situation. I opened the files via an FTP client and on opening the .htacess file , I found the following code in it,
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
What does this mean? Is my website compromised? How do I confirm? What should I do incase the website is compromised?
I have already shot a mail to my service provider and called the support team innumerable times but have not gotten any help from their end till now. Kindly help.
So, I requested the third party host where my website is being hosted to run a scan and I was told that my site had been compromised due to a phishing attack which may have been caused by one of the themes. I removed all those files, added more security plugins but now my site has been blacklisted on PhishTank and McAfee. I have already send them a request to review the website again. What else can I do to unblock my website?
I too have the same problem with my wordpress site. It works every where except certain fire walls would block it. In my case McAfee blocks it on certain IP addresses. I don't think what you describe means that your site is compromised, it is just that your firewall categorizes some of the scripts in your site as belonging to a malicious category. If you have lately Installed any new theme or any new plugin, Try getting rid of that and it should work.
Moreover I am also getting blocked to visit your site due to McAfee settings.
My website is finally unblocked and working perfectly. This mess had started from the twentytwelve theme which was already present in wordpress when I had started using it. The twentytwelve theme was vulnerable in my case which led to the whole phishing site being hosted on my domain.
All I did was remove the whole twentytwelve theme folder, sent review requests to Phishtank and McAfee where my website had been blacklisted to unblock it and constantly kept bugging my ISP to unblock the website. It took almost 10 days for my site to come back online.
Also,I added Sucuri and Wordfence security plugins with email alerts for any kind of changes or logins.
PS: I would advice people to just keep the theme they are using and remove all the other inactive ones. I am using the responsive theme and today I had to remove twentythirteen theme as the file was modified but not by me.
As outlined by this guys post, blocking IP's via PHP is pretty easy.
However, how can I do this, site wide, using IIS?
Here are my (big) caveats:
I do not have access to change the php.ini. So I can't use auto_prepend feature.
I am on Windows with IIS so I can't use .htaccess.
I don't have any PHP "footer" which gets called on all of the scripts. In fact, a lot of the pages are static HTML!
Is there any way I can use IIS to whitelist IP's?
The good news is that I have a static list of IP's to whitelist, so I wont need to easily change them.
You can whitelist IP addresses in IIS, which should give you the results you want.
In IIS 6.0, right-click your website and choose properties.
Go To the Directory Security tab.
Click Edit for "IP addresses and domain name restrictions"
Click the "Denied access" radio button.
Enter any IP-addresses that you want allowed.
You can use a URL Rewriter like IIRF to do this. Insert rules to return 404's or whatever you like to requests that come from disallowed IPs. This will work with any web app platform: PHP, Java, ASP.NET, RoR, static html or images, whatever.
The readme gives an example like this:
RewriteCond %{REMOTE_ADDR} ^(?!127.0.0.1)([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})(.*)$
RewriteRule ^/(?!redirected.htm)(.*)$ /redirected.htm
and it says:
The above condition evaluates to true when the server-variable "REMOTE_ADDR" evaluates to an ip address which is NOT 127.0.0.1. The ?! is a zero-width negative lookahead, and the (.*) at the end of the regex is to catch any rubbish that sometimes appears in that variable. The rule following the condition says, for any URL which is not "redirected.htm", map it to "redirected.htm". This prevents endless re-writing. (You could also prevent endless rewriting with an [L] modifier flag).
This RewriteCond+RewriteRule redirects any externally originating requests to the IIS server. You could do something similar for a specific set of whitelisted IPs.
IIRF is an ISAPI filter written in C, and is similar in philosophy to mod_rewrite. It works with IIS5, 6, or 7. You will need admin access to set it up. You don't need to "program it", but there is a ini file that has similar syntax to .htaccess (specifically for the mod_rewrite rules).
IIRF is free and open source.