I have a client that has a domain registered through GoDaddy (e.g., http://www.godaddysite.com). He has the domain set to forward w/masking to a page on our servers (eg., https://www.someuniversity.edu/someproject/loginpage.aspx).
When on our network (a university network) I can navigate to his domain, the forwarding/masking works and I can log in without issue. However, anyone off the university network, when visiting the client's site, cannot log into the site. It forwards/masks as it should, accepts the user name and password but stays on the login page after the credentials are accepted. If they navigate directly to my site they have no issues.
I checked his GoDaddy settings and everything appears right. GoDaddy says it is our configuration that is causing the problem (not allowing a different domain mask the site). Is this true? Is there something I need to change in IIS to allow people to log in when they visit through the GoDaddy site?
Update:
Finally was able to test this offsite. This scenario ONLY happens in IE. So now it is a browser setting issue.
The most common cause of this sort of problem is described here: http://blogs.msdn.com/b/ieinternals/archive/2013/09/17/simple-introduction-to-p3p-cookie-blocking-frame.aspx
If you change the IE Privacy Settings (Tools > Internet Options > Privacy) to Accept All Cookies does the problem go away? If so, then you need to set a P3P response header.
Related
I have a wordpress site:
http://www.fairlady-sleepingtiger.co.uk/
but the home page is not displaying all the content.
When I inspect the Console I see this message:
www.fairlady-sleepingtiger.co.uk/:12 A Parser-blocking, cross-origin script, http://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=088620b277/cloudflare.min.js, is invoked via document.write. This may be blocked by the browser if the device has poor network connectivity.
I have deleted/disbaled all Cloudflare functionality from this site but this still comes up.
Can anyone help please?
You are still pointing to Cloudflare nameservers, so your domain is still being proxied.
There is a period of time where we will continue to handle DNS even after you remove your zone, which protects against this situation where the nameservers didn't get changed. Otherwise the site would just be unreachable.
If you want to completely remove Cloudflare you need to update the nameservers at your registrar, and depending on the registrar it should update in 24 hours or so.
Well i have this website made with wordpress hosted on hostgator in a web hosting. Sometimes when i access it with some browsers like firefox it give my this error:
The text is in spanish but it basicly says:
"The conection is not safe The owner of www.domain.com has configured
this website incorrectly. To protect your information againts thefts,
Firefox has not connected to this site"
Sorry for my english.
Thanks!
There are various reasons for this error. As a primary investigation, you may check below:
Make sure that you have valid CA bundle installed along with certificate.
If you have URL(s) set in your code (any web page), make sure that you have used "HTTPS://" instead of "HTTP://". Because, if there is a URL in your code which is set with HTTP, browser will detect that page as non-secured and it will not load the page and will show security error.
https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean
When Firefox connects to a secure website (the URL begins with "https://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated or if the encryption is not strong enough, Firefox will stop the connection to the website and instead show an error page
Google Analytics recently started showing PHP scripts as referrers to my website, for example:
localhost/index.php
EDIT: This is a recent surge in activity coming from India. It is not coming from our own services, such as our web host, or a backup service. It is also coinciding with spam users on my websites from India, so I know this is intentionally malicious behavior.
Any suggestions on how to investigate further and prevent it? We are running on Django, hosted on AWS, if that helps.
If the server have subnet or the server is on your system it may cause that kind of referrers if request from the subnet.
Well, In case of Django if somebody from your team is running a development version of your application with the Google Analytics tracking code, then things like this can show up. Not only will localhost show up in your Referrers, but your aggregate metrics like Bounce Rate, Time On Site, Conversion, and others will be incorrect because the unusual behavior of a developer's will be mixed in with that of normal users and skew our results. There are basically 3 steps to fix it :
Add a Google Analytics exclusion filter
1) Open Google Analytics and choose your property view.
2) Navigate to Admin.
3) Click on Filters under the View column.
4) Click on New Filter.
5) Create a new "Predefined filter" which excludes traffic to the "localhost" hostname.
Edit: Configure ALLOWED_HOSTS in Django settings
This is a security measure to prevent an attacker from poisoning caches and password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations. Django 1.5 introduced the allowed hosts setting that is required for security reasons. A settings file created with Django 1.5 has this new section which you need to add:
ALLOWED_HOSTS = [
'.example.com', # Allow domain and subdomains
'.example.com.', # Also allow FQDN and subdomains
]
Add your host here like ['www.antodominic.com'] or ['*'] for a quick test, but don't use ['*'] for production.
Hope this helps ...!!
Cheers.. :)
If you have a website that is externally accessible, then yes- someone is trying to hack your website... and every other website in existence. It's a fact of life.
Your localhost referrer is not necessarily indicative of malicious behavior, however. It's more likely that your dev instance, or someone else's dev instance of their site with links to your site, is creating the entries in your analytics.
However, if it's a referer with a link to another site in the querystring, then what you're falling victim to is referer spam attempts. If you want to prevent them, you can block them via htaccess if you're running on Apache, or via web.config if you're running on IIS. Just replace the pertinent bits regular expressions, or better yet, add to them.
I'm trying to get a ASP.NET application to use windows authentication. I have disabled anonymous auth and enabled windows auth in IIS7. On my dev box (my workstation, localhost) I can use fiddler and see proper token is passed in through the header and I'm not prompted. Everything is working fine and I'm authenticated as my domain user.
However, on a remote server on our domain, with identical settings, I continually get prompted. We need it to automatically send the domain authentication for windows auth.
Does anything in IE need to be configured for this to happen for a remote machine on the same domain? Could someone explain why this may not be working and what needs to be checked? Thanks.
Check your IE zone settings, I don't think IE is set to automatically send DOMAIN\Username credentials in an non Intranet zone. You can set this with a group policy at some point but for now set it manually in your IE settings.
Hope this helps.
I would thinks so because the "dev" box probably, in most cases, would use RFC1918 address space. (10.0.0.x etc) which is not routeable on the Internet.
what is the name of the dev box?
Is it a RFC1918 IP?
If the Dev box is on the domain then AD DNS is most likely putting it in the Intranet zone.
In this case add it to the list of sites.
I'm testing my Asp.Net application from localhost to check how it behaves when cookies are disabled. I tried blocking the cookies in IE8, by setting it at
Tools -> Internet Options -> Privacy -> Advanced
and selecting "Block" for both "First-party Cookies" and "Third-party Cookies". However, when I run my application, the cookies still get created.
Can you let me know how I can disable cookies in IE8.
Thanks in advance.
Just use the Dev Tools. Hit F12, go to Cache > Disable Cookies.
I believe that these setting are meant for Internet Zone. For your localhost site, I suggest that you use hosts entry to map some arbitrary domain name (say www.xyz.com) to localhost, add this site as blocked site (use sites button on privacy tab) and access your app using this address.