Someone told me that another person was hotlinking my CSS file. I was able to find with them using my CSS file. I'm not fine with them hotlinking my CSS file.
Is there anyway to only allow one single URL to use my css file?
I asked the person to stop and told them "you can take it and host it elsewhere", but it seems that they won't listen. I decided to change their background to something borderline nsfw, but that still didn't stop them from doing it again. I could start putting goatse and such, but that is going to be wasting my time.
You can use your .htaccess file to restrict the domain.
Reference 1
Reference 2 http://www.globinch.com/2011/04/13/prevent-hotlinking-of-image-script-css-etc-using-htaccess/
You could wrap the css in php code and check the referrer.
You can block access folders or files using server settings - http://support.microsoft.com/kb/324066 - but if you are in a hosted environment you may not be able to change these settings - you may have to make a request to your host.
If your site is (or supports) PHP, you could put your CSS into a PHP file and include that in the files that need it. Then it would be safe from hot inclusion.
Related
Our sitecore developer quit suddenly and I need to make a small change. I'm a front end developer and have no real experience with the sitecore backend. I just need to add some CSS styles to the main style.css file or I need to add my own file. I've got full access to the CMS, but no access to the hosting account. I'm trying to find the main CSS file through the CMS browser, but I'm not having any luck.
Can you help me either:
A) Locate the main CSS file so I can add some classes (preferred)
B) Add my own link in the tag to my own CSS file hosted on another domain
C) Use the home page link to CSS file where I can add some classes
A note about OPTION C... I'm in the CMS and I see there is a system folder and in that a CSS folder where I can add a custom.css file. Then I go to the home page and I can actually call that CSS file from a field in the home page BUT, when the site loads, even though it's calling this file, it comes over as .aspx and it's blank so no styles I set are applied.
you can find the location of file as suggested by Maciej or use firebug or any other developer tools to find the location of main style.css. Once you get the location you can browser the physical file on server by going to Sitecore start menu -> All Application ->File explorer . Download file using File explorer make your changes and upload it back, make sure you check override existing file when you upload. Also make sure you upload file to delivery server once you test your changes, typically you will be accessing Sitecore using Authoring Server so instance you are accessing might not be same as CD server.
You could right-click in your browser to figure out where your css is coming from relative to the server root. Although not completely fool-proof, this method may give you a quick answer.
According to documentation for sitecore 6.2, style sheet location is determined by the developer so it could be anywhere that the developer has chosen.
Take a look at this answer for more details.
You should also be wary of how code gets built and deployed. Most Sitecore developers have very specific methodologies for how they include code (including front end) in their solutions.
Make sure you're aware of any deployment methodologies your developer used, so that your work doesn't get overwritten in a future deployment.
Did they use a source control management solution (like Git or TFS)? Did they use an automated tool to do deployments (like Octopus Deploy)?
If you can find main CSS file in physical location, you can update the file with new CSS styles.
If you want to add your own CSS as an additional CSS style, you might need to create a new template for css link and use that template when you create new page with your own CSS.
Just for future reference, by default the location of the used css files is described in Sitecore.config like this:
<!-- WEB SITE STYLESHEET
CSS file for HTML content of Sitecore database.
The file pointed to by WebStylesheet setting is automatically included in Html and Rich Text fields.
By using it, you can make the content of HTML fields look the same as the actual Web Site
-->
<setting name="WebStylesheet" value="/default.css"/>
Paths are relative to the root of your sitecore installation, you can find default.css in the root of the sitecore application on the webserver.
In Chrome Browser, Inspect element and select source tab
and open required css file and make changes.
Do You know elegant way to make site temporarily unavailable?
Any configuration or settings for this?
In IIS you can put a app_offline.htm
http://weblogs.asp.net/scottgu/archive/2005/10/06/426755.aspx
In others web servers check the manual or use a script to rename the index to a backup name and then rename the offline page to index and vice versa...
You could also create an 'inactive' file, the 'inactive' file will be checked for existence when pages are loading. If the content is found then you can abort logic.
E.g. in php you would include the following line (via an include inter alia)
<?php if(file_exists('/path/to/OffLine.file')) die('The Application is currently Offline! Please try again in a few minutes...'); ?>
If you wanted this # the box level you would add the function to the PHP.ini... see http://uk.php.net/manual/en/ini.core.php#ini.auto-prepend-file
To set a PHP.ini per site see https://serverfault.com/questions/34078/how-do-i-set-up-per-site-php-ini-files-on-a-lamp-server-using-namevirtualhosts
The same is obviously possible in other languages.
I have a particular script which does some patching and actually creates this file for me... see Custom app_offline.htm file during publish
Actually, there is a mechanism already to do it, out of the box.
You can find a post about it here.
Basically you have to include an App_Offline.htm in the root of your site, and IIS will bring down the site until that file is removed.
The document root of my website is directly the server webroot (public_html), and not in a separate subdirectory. This creates a problem for me, because my local website is in a project folder (which is required by my editor, NetBeans), which means that href links to stylesheets need to be of the form:
/projectfolder/stylesheets/stylesheet.css
But on the server, since the website is directly in the webroot, the href url would have to be:
/stylesheets/stylesheet.css
When I asked my host about this, they said I would have to refactor my project to change all the stylesheet links. But I don't know; it seems kind of funny to have to refactor (then "unrefactor") the local website every time I want to upload it to the server. Any other solutions out there?
You don't have to use absolute paths to your stylesheets. Use relative paths instead. Then it won't matter where your files are hosted, so long as they stay in the same positions relative to each other.
I'm working locally on a WordPress site for a client. The client keeps their install of wordpress in the server root, but because I have more than one client, I like to install everything in a client folder, like localhost/client. Normally it's a simple matter to add a rewrite rule to .htaccess, setting the rewrite base to be /client/. But today it's not working at all. Even if I put nonsense in the rewrite rule, the site works (which it should not, if the rewrite rules are in effect). The images references are still looking for root at localhost/, instead of localhost/client/, which means they are broken.
I looked into WordPress's documentation and found it has something called WP_rewrite, and there is a place to set parameters for it in wp-includes/rewrite.php). I set the root parameter to client/ but that doesn't seem to have any effect either.
One last thing: there is an .htaccess file in localhost/client/, and another one in localhost/client/wp/. I have them both set to RewriteBase = /client/, but I've tried just about every other sensible combination--no change.
So my question is: does WordPress do something else that would make the rewrite rules I set in .htaccess not work?
I'd recommend a small change to your local environment for a more flexible solution. Use virtual hosts. If you're running WAMP/MAMP, this tool is readily available to you. It allows you run a directory within your localhost as its own site, which you can access using a local-only URL of your choosing. I have my sites set up as sitename.local, for instance, so they all live in their own happy little ecosystem. Highly recommended.
Yes it does, you have to make some steps that will change entries in db before you move it to subfolder.
Here are detailed info:
http://codex.wordpress.org/Moving_WordPress#Moving_WordPress_Within_Your_Site
What you need to do:
copy everything as it is setup on your clients server i.e. in root folder
do the steps in above url, important are 4. & 5.; step 10. actually just go to permalink settings and click on "Save" button (or "Update" I do not remember how it says)
Now you can work :)
Are you modifying only theme or what?
is there anyway to do a #include with a file listed as an absolute path?
i am trying to include files from other websites (outsite the root of the sight that wants to include it)
any other suggestions?
You can only include files from your server, these may technically be outside your website if the Allow Parent Paths option is enabled or if you can use a virtual include to point to another virtual directory on your server.
There is no way to include files from websites outside of your server or sites on your server that your application does not have permissions to access.
Another way to go is to create a directory below the root folder of your website, then making that folder a symbolic link to the folder where the file you want to include is located. Now there is no way to create symbolic links in Windows out of the box, you need Microsoft Sysinternals Junction for that.
<!--#include file="c:\boot.ini"-->
There is a setting in IIS for allowing includes to parent paths, check that if the above doesn't work.
You can do it, using XMLHTTP and the VBscript Execute statement.
I wouldn't recommend it though as it creates substantial security risks.
A few links to get you started:
https://web.archive.org/web/20211020135215/https://www.4guysfromrolla.com/webtech/042602-1.shtml
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vsstmexecute.asp
https://web.archive.org/web/20210927184623/http://www.4guysfromrolla.com/webtech/110100-1.shtml
It is a very high security risk, because someone can inject code into your app. Take your precautions.
One tip: the page you need to load from another server needs to have an extension different from .asp because if not the other server is going to send it already executed. It seems clear but I forgot it the first time!