I looked up the 505 response code and saw that it was "The Web server (running the Web site) does not support, or refuses to support, the HTTP protocol version specified by the client"
The web site I am trying to access on the web server is https://query.yahooapis.com/v1/public/yql?q=select * from yahoo.finance.quote where symbol %3D"msft"&diagnostics=true&env=store
I was able to get on the site and see that it provided xml data. However when I tried to make a HttpsURlConnection with that site, I got a 505 response code, code for doing so is
URL url = new URL(params[0]);
URLConnection connection = url.openConnection();
HttpsURLConnection httpConnect = (HttpsURLConnection) connection;
int responseCode = httpConnect.getResponseCode();
where i inspected the value of params[0] at runtime and saw that it had the right url in it. Does anyone know how i can fix this issue? The web server should support https because that link works. I don't understand why a 505 error is occuring then.
java.net.URL will allow you to create an invalid URL with spaces, which results in this error. Spaces in query parameters should be encoded as +, so make your URL:
https://query.yahooapis.com/v1/public/yql?q=select+*+from+yahoo+finance.quote+where+symbol+%3D"msft"&diagnostics=true&env=store
This request is still incorrect, and will result in a 400 ("expecting table got 'finance'"). From these questions:
Getting data from Yahoo Finance
Issue with AngularJS and financial quote
I believe you want:
https://query.yahooapis.com/v1/public/yql?q=select+*+from+yahoo.finance.quote+where+symbol+%3D"msft"&diagnostics=true&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys
I think i got the problem. I looked online and saw that someone else had the problem and that it was the spaces inside the url. I am not sure how to resolve this though
Related
i already tried to find an answer here on nearly at any place at the web, but didn't find an answer that helped me out here - so i'm trying it here with this question:
i have to to get some information from a server in a domain, using https via indy components and the windows authentication. that's working quite fine (via IdHTTP1.Get(sURI)), the server logs are showing this (domain/user/request) and the response is always valid.
afterwards i try to post now some new values to the requested data, but this fails, since i get a "401" authenticaion error. BasicAuthentication=false, and HTTPOptions=[hoInProcessAuth,hoForceEncodeParams] via IdHTTP1.Post(sURI, Req_Json), where Req_Json is a UTF-8 encoded TStringStream. Now (and only when trying to POST) the IdHTTP1Authorization event is triggered twice, even if I do a handled=true there (read somewhere in a forum) it fails, if I do nothing there I get the same result: 401. There were some tips about the IdHTTP1SelectAuthorization event, but with that I had no luck, too.
Any ideas, where to start to get this solved? If there are any questions open, don't hesitate to ask!
p.s.: trying to post the same information via postman works correctly - so i guess it's about delphi/indy ...
I m creating a code in which based on query string the URL is changing when no values are supplied in URL everything is working fine but as i supply values to URL it shows Error HTTP Error 403.0 - ModSecurity Action
Kindly suggest some solution
also the same is working fine in local problem occurs when i upload my webpage to server
I know this is an old thread, but posting the answer so that it can be helpful for others. ModSecurity is an open source, cross-platform web application firewall (WAF) module.
https://modsecurity.org/about.html
So whenever you see the 403 (ModSecurity Action), this means that the mod security firewall has blocked the request. The probable cause could be vulnerable data present in the posted data, or the it could be because of the URL posted as parameter or it could be JavaScript.
In above case, the ModSecurity might have deemed the input as SQL Injection attack and hence may have blocked it. If you look into the logs of the firewall it may give you the detailed explanation.
In my case, I was passing URL as query parameter in the request hence it was returning 403.
When I scanned ASP.NET application using Burp Scanner Tool I got 'Open redirection (DOM-based)' issue in asp.net webresource.axd file. Please let me know if anyone experienced same issue, or if you have any idea or workaround can fix this issue.
Issue details are below:
Issue detail The application may be vulnerable to DOM-based open
redirection. Data is read from document.location.pathname and
written to the open() function of an XMLHttpRequest object via the
following statements:
var action = theForm.action || document.location.pathname, fragmentIndex = action.indexOf('#');
action = action.substr(0, fragmentIndex);
action = encodeURI(path) + action.substr(queryIndex);
xmlRequest.open("POST", action, true);
Pardon my .NET ignorance, but let me attempt answer anyway, since this is a complex vulnerability and is language independent.
As you are crafting a URL to post to before doing your POST, it certainly opens a door for a hacker to inject malicious code on your page, then stealing data and identities. I presume this AXD file will land in Javascript somewhere.
Fixing this is doable. BURP complains about this pattern for a reason. Remove it. Instead, POST the data to your server as soon as you can, don't temper with the URLs in JS... Once the request lands on your server, validate your parameters (error our if your params contain js snippets).
In short, it's crafting a URL to redirect to (or AJAX POST to) that's not safe. Don't use that pattern.
I'm a noob when it comes to ASP.NET. I know few basic commands such as Response.Redirect("URL") to redirect my application web page to a different location.
However i receive HTTP Error 400 - Bad Request, whenever i try to use the code shown below
Response.Redirect(Server.UrlEncode(this.Downloadlink));
where this.Downloadlink is a user defined property which returns something like this
http://mdn.vatsag.net/fp;files/DOWNLOAD/VTSetup.exe
If i post this link in the browser, the .exe file pops up (means the link is good)
However this error comes when i use the ASP.NET code.
Any form of response on this issue/reason is deeply appreciated.
See here: http://www.kirit.com/Response.Redirect%20and%20encoded%20URIs
In short: if you quickly want to fix the issue, remove the part of your code that is UrlEncoding the URL!
I'm using the Google URL Shortener from an ASP.NET website. It works
fine from my localhost, but on the test server I get the following
error:
System.Net.WebException: The remote server returned an error: (403)
Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at GoogleUrlShortnerApi.Shorten(String url)
I'm using the exact code that is shown here:
http://www.jphellemons.nl/post/Google-URL-shortener-API-%28googl%29-C-sharp-class-C.aspx
Could it be that the key works only on my local computer, and not any other computer? I have obtained another key (using another Google account), but this one gives me the same error (403) both on my local computer, and on the test server.
I doubt very much the API is linked to a particular PC. You need to check the requests - both the URL and headers - that your program is sending out, they must be different in some way. Is your server behind some kind of proxy - e.g Apache? If not configured right this might also be mangling the request. Also make sure your requests are encoded correctly.
I made a few modifications, according to a tutorial by Scott Mitchell, and I change the following lines of code:
First, Instead of:
string post = "{\"longUrl\": \"" + url + "\"}";
I used:
string post = string.Format(#"{{""longUrl"": ""{0}""}}", url );
Second, I commented out these 2 lines:
request.ServicePoint.Expect100Continue = false;
request.Headers.Add("Cache-Control", "no-cache");
I don't know why, but suddenly it started working. So I wanted to see which of the 3 thins I did made the problem, so I returned each one, and - TADA - it still works, even with all 3 back there! So I really don't know what caused the problem, but since the code work without those 2 commented out lines, and the other modification, I am leaving it that way.
I hope this answer will help someone sometime...