Is it possible to change the configuration of Yii, to:
1- make Yii and the database accessible from outside the folder 'protected'
2- send data from outside the folder 'protected' to files inside 'protected'
Or is there any other solution to do this ?
thank you for any help.
It is possible since the protected folder is only protected by a .htaccess file.
If you eliminate the "defensive rules" and have the right directory/file permissions, the protected folder can be easily made accessible from outside.
However I strongly recommend not to do this, because direct access to the protected folder (as it name suggests) should be made inaccessible for standard users.
Related
So I am taking a web development class and in most of my classes they’ve been teaching us to keep our files separate. For instance, I have a public folder and an includes folder. In my includes folder I have my database information and functions. So here is where my issue is: I am trying to post a site in godaddy and when I try to set it up their tech support told me I should place all my files in the public folder. Is that really true? I thought I would need to place my includes(private) folder in another place; if so, where should I be storing it?
GoDaddy may not be the best source of advice. When you SSH into your account (or use the File Manager) you should see your login dir which will IIRC have a www or html dir (and sometimes both, one symlinked to the other). Those are your public webroot/DOCROOT locations. Make a dirtree of your own as a sibling to the www/html dir and use that for your include tree.
When you need the absolute path to your directory tree in order to know where to grab your includes, you can get that from the GoDaddy admin interface - https://support.godaddy.com/help/article/58/finding-your-hosting-accounts-absolute-path
My asp.net project, currently runs from http://localhost:51143/default.aspx
Is there anyway, I could include the root to this like http://localhost:51143/TOrders/default.aspx The reason I want to do this is because the URls that get called on the menu click events refer to "TOrders/Reports/aaa.aspx and so on and in production it would refer to intranet/TOrders/Reports/aaa.aspx and so on.
One solution could be to intercept every request in Application_BeginRequest method in Global.asax.
There you can create a rule to remove TOrders/ from the beginning. Try something like this:
void Application_BeginRequest(object sender, EventArgs e)
{
if (Request.RawUrl.StartsWith("TOrders/"))
Server.Transfer(Request.RawUrl.Substring(8));
}
This may not the nicest solution, but it should be enough to give you idea what to do.
Edit:
Since you have web project (not a web site), you can set virtual path of your project. I think this is what you are looking for.
If you are using VS2010, in Solution explorer right click on your project and chose Properties, then on Web tab, in Servers section, change virtual path of your project to /TOrders/ instead of / which is default value. Now you should get http://localhost:51143/TOrders/default.aspx
You need HttpRequest.ApplicationPath property
or HostingEnvironment.ApplicationVirtualPath property.
Also useful for building virtual paths is VirtualPathUtility class.
EDIT:
Try to copy your project into a subfolder of you web root, for eg. in IIS:
C:\inetpub\wwwroot\ (or what you set)
C:\inetpub\wwwroot\MyProject\
Now in IIS Managment Console, in your Default Web, you create a new 'Application'. Either you upgrade the existing folder or you create a virtual new one to your folder.
Then select a virtual path (TOrders) and set the physical path. There you will also set the AppPool if you have .NET 4, or select the runtime if you have 2.0/3.5 on IIS6.x. Try the highest version first...
Go to localhost/TOrders/
We have an application that has been developed by the third party, and I don't want to go back to them to get them to add in cache control for specific pages.
All the pages that need caching disabled are in a single directory.
The issue is that IE seems to not follow Cache-control:nocache properly, so we need to add in Pragma:nocache and cache age as well.
Is there a way to do this using configs in the directory? will it cascade through all child directories? Can it be done via the main web.config?
To be clear, I'm not looking for a way to do this via code, it needs to be via configuration of either IIS or the web.config files.
We're using ASP.NET 2.0 and 4.0, on IIS 6.0.
This can be done in IIS using the UI, it's actually quite easy, or atleast it was in my use case.
All you do is simply open up IIS manager, navigate to the site and then the directory you want to add the headers to Right Click -> properties.
Click the "Headers" tab, and add in the headers you require.
This goes recursively down the child directories, and adds the headers before any added by the code.
In IIS 7.0/7.5, you can use the StaticContent section of a web.config in each of the directories.
You can do that on global.asax
protected void Application_BeginRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
string cTheFile = HttpContext.Current.Request.Path;
if (cTheFile.Contains("/ExtraDir/"))
{
// add your header here
app.Response.AppendHeader("Pragma", "no-cache");
}
//... rest code of...
}
My default document is in subfolder not in root how can i make it default in asp.net 2.0 website.
Tried iis7 default document setting to '/pages/default.aspx'
'~/pages/default.aspx' but it didn't work.
Default document is not the same as start page. Default document means if I requested mysite.com/somefolder and didn't specify a file, which file should IIS display.
If you want to use a specific page as your home page, create a Default.aspx file and write this in it's codebehind class:
public override void ProcessRequest(HttpContext context) {
context.Response.Redirect("pages/default.aspx", true);
}
As the client might have disabled Javascript, a server side approach would be more reliable. However it's best to issue a permanent redirect instead of a simple Response.Redirect. Also doing it using JS will be bad from a SEO point of view.
You don't need to create a dummy Default.aspx page.
In your Global.asax.cs file, write the following:
public void Application_Start(object sender, EventArgs e)
{
var routeCollection = RouteTable.Routes;
routeCollection.MapPageRoute("DefaultRoute", string.Empty, "~/YourDesiredSubFolder/YourDesiredDocument.aspx");
}
Explanation:
Application_Start code is guaranteed to run once and only once on the application start.
The first line of code, gets a collection of the URL routes for your application.
The second line of code, defines a new route pointing to your inner page in the subfolder that you wish.
The second argument is empty to indicate that this route is used when there's no specific page is requested and there's no Default document existing.
Default documents are a subfolder-specific thing - what you're trying to do won't (directly) work. Set up a default.htm file in the root, and have it refresh to your real "home page".
The better question you should be asking is how on Earth your homepage got out of the root directory.
In theory you could have a Web.config file inside the directory and use the defaultDocument element to set the default document. See here: https://stackoverflow.com/a/2012079/125938.
Unfortunately I haven't been able to get it to work myself locally, but that might be because it isn't supported in the Visual Studio development server.
Say "index.html" is the default page you want and it is present in "Public" subfolder.
Instead of specifying "/Public/index.html" as the default site, try "Public/index.html"
Where can I setup custom errors for directories in my application such as App_Code, App_Browsers, etc.? I already have customErrors configured in the web.config and that works as expected. For example,
http://www.mysite.com/bla.aspx > redirects to 404 page
but
http://www.mysite.com/App_Code/ > displays "The system cannot find the file specified."
There's no physical App_Code directory for my site. Is this something that I can change in IIS?
You are trying to server content from an Protected Folder... ??
I think you might need to allow access to these folders to get the nice errors you are looking for...
http://www.webdavsystem.com/server/documentation/hosting_iis_asp_net/protected_folders
That being said... there is a reason these folders are protected.
I would never put anything i needed IIS to serve in protected folders.
But there are always reasons to do do something? i have broke a few rules in my short lifespan :)
UPDATE:
Found this when i tried this locally: http://support.microsoft.com/kb/942047/
Looks like those reserved directories throw special 404's you might be able to get IIS to Target the 404.8 type... with out opening up serving to those directories
I believe you will need to set the error pages in IIS itself, as the requests you talk about never reach the ASP.NET application. The reason your first example works is because IIS recognises the .ASPX extension and forwards it to ASP.NET.
One way is to provide a redirect in the global.asax file:
void Application_Error(object sender, EventArgs e)
{
//uncomment this to narrow down 'helpful' microsoft messages
//HttpRequest request = ((HttpApplication)sender).Context.Request;
Exception ex = Server.GetLastError();
//ErrorManager is a custom error handling module
ErrorManager.ProcessError(ex);
Response.Redirect("~/error.aspx?error=" + HttpUtility.UrlEncode(ex.Message), true);
}
{ On a side note, I was getting an exception that I just couldn't track down - it just said 'file not found' but didn't say which file was missing. It turned out to be a broken image reference in a css file - breaking on line two of the code above helped identify the missing file }
Add a Wildcard Mapping to IIS to run ALL Requests through ASP.net, then you can use Global.asax to handle the error.
Taken from here:
Follow these steps to create a wildcard script map with IIS 6.0:
Right-click a website and select Properties
Select the Home Directory tab
Click the Configuration button
Select the Mappings tab
Click the Insert button (see Figure 4)
Paste the path to the aspnet_isapi.dll into the Executable field (you can copy this path from the script map for .aspx files)
Uncheck the checkbox labeled Verify that file exists
Click the OK button