In nginx I'm looking to allow direct access to files but not the folder they are in..
Example
If I go to
http://mysite:43467/mystuff/docs/file1.doc
I will see the file perfect this is what I want
But
If I go to
http://mysite:43467/mystuff/docs/
Or
http://mysite:43467/mystuff/
I want to get a 404 not found error. If either of these are used so only the full address is the accessible
I want only the direct file / file address accessible.
Is this possible
Thanks
Update
Working example found on the net
http://lightspeed.sytes.net:25461/movie/mvcXZMLIYO/DQq0ilPnDz/12089.mp4
This works
But if u try access
http://lightspeed.sytes.net:25461/movie/
For example access denied
I am looking this sort of thing
Related
When I put this line in Tomcat Server .xml file under host:
<Context docBase="c:\Documents and Settings\The User\videos" path="/videos />
I can access the images without a problem when I run the project like
localhost:8080/example/videos/smile.WebM, for exmple.
The problem is when I run the server without project and still am able to access the images with the url localhost:8080/videos/smile.WebM.
The image is still available. How to restrict or deny the access to this if I directly put the url without project name it shouldn't give access to that particular folder or image it is in .
You are able to access the images in absence of project also because server.xml belongs to full tomcat but not to particular project.
My recommendation would be not to use this approach, instead store images inside project folder so that will be accessible within projects only.
I've been looking around for hours on how to fix this. Every answer I look at involves using a cli to assign permissions and change user groups and the like. Unfortunately, my host will not allow me to use SSH so all I can do is use the Plesk 12.5.30 cpanel. This means my options are very limited in terms of problem solving.
So far I have tried assigning 755 permissions to everything via my FTP client, creating a new FTP user, and moving the forbidden file to the root
Relavent info:
the only forbidden file is my main css file
the files are sitting in a subdomain
creating a blank HTML template file via the cpanel in the same folder as the css file does not throw a 403
putting the css in a style tag in the HTML template causes a 403
I hate my host but I can't switch
Is there anything I can do short of pleading with my boss' boss to change hosting providers?
Suppose the URL http://example.com/test.php. If I type this URL on the browser address bar, the PHP code is executed, and its output is returned to me. Fine. But, what if instead of executing it, I wanted to view it's source as plain text. Is there a a way to issue such request?
I believe that there must be some way, and my concern is that some outsider could retrieve sensitive code, such as configurations file, by guessing it's location. For example, Joomla instalations have a configuration.php on it's root folder. If someone retrieves such file as plain text, then these database credentials have been seriously compromised. Obviously, this could be prevented with proper permissions, but it's just too common to just issue 0777 as everything permissions and forgetting about access denials.
For PHP: if properly configured, there is no way to download it. File permissions won't help either way, as the webserver needs to be able to read the files, and that's the one serving contents. However. a webserver can for instance be configured to serve them with x-httpd-php-source, or the PHP/webserver configuration may be broken. Which is why files which don't need direct access (db config, class definitions, etc.) should be outside the document root, so there is no way those files will get served by accident even when the webserver config is incorrect / failing. If your current hoster does not allow you to store files outside the document root, switch hosting a.s.a.p.
There is a way to issue such request that downloads the source code of http://example.com/test.php if the server is configured to provide a URL to do so. Usually it isn't, so usually there is no way to issue such a request.
I have a big solution that contains a lot of .aspx file, basically it's a big sln file for my whole server
I wanted to add a website in my IIS server that contains inside a child directory within the root site folder, for example:
my-tools.com physical path is D:/MyWeb <-- Working well
I added a secondary sites, with no relation to the upper site called mysite which is like that:
mysite.my-tools.com which its path it D:/MyWeb/MySite/
If I try to reach mysite.my-tools.com/M_Index.aspx file it give me an error tells me it's not found, however, when I try to view a .jps file from the same directory (e.g mysite.my-tools.com/test.jpg) it returns just find.
it's important to tell that all the pages share the same solution, what do I do here and why it is not working? can anyone tell me?
thanks a lot
having the folder separated like you do is a step in the right direction. next step is to configure IIS to point to that separate folder. then you would need to create a DNS entry for your sub-domain at your DNS host. "subdomain.domain.com". You would be creating a new site, so you could use the same IP address, as long as you add the proper host headers for each site.
I am working with two different web sites in asp.net. In the first project i upload some images to a specific folder under the project root and save just the filename in the database, now i am trying to display this images at some page of the second project I know the filename from the database and the image folder as absolute pat but I have not been able to display the image, even thought when looking in firebug the image src is correct src="D:/MyFolder/image.jpg" the image does not display, probably because it is not pointing in the right directory.
I have also tried using Server.MapPath and then my D location but still no success.
I am sure someone has faced the same situation before and was really hoping to get some hint to manage this.
Thank you in advance
I found my solution, strange but i didn't catch it before. Uploaded pictures under a project can always be accessed using the url of the project http://www.yourwebsite.com/images/photo.png now in the second project you can use reference the images using this url and concatenating the file name which i store on database. I think this is the best solution and without changing the code access security which i think can bring other problems with it. Anyway thank you guys.
If you want to display the image that is not in your project (I mean it is present in some other project or some other drive) just create the virtual directory in IIS
Go to "Run", type inetmgr
Right click on your project and add virtual directory
Give alias name and path so that it acts like folder in your project
I don't think you can serve files outside of your application path by default. It's called Code Access Security. You can read up on it here:
http://msdn.microsoft.com/en-us/library/930b76w0.aspx
You can fix this by changing your trust level to High in your web.config:
http://msdn.microsoft.com/en-us/library/tkscy493.aspx
I wouldn't recommend doing this for any site that is externally accessible. In fact, depending on how/where you're hosting your application, this option may be restricted.
You can only "link" to files that exist relative to the same project or are hosted on another site via an absolute URL.
If you want to service files outside the application/website (on disk or in a database) you will need to build a mechanism that gets the file and binary writes it to the browser, setting the MIME type etc. This is best done using an HttpHandler.