http_referer empty on aws - amazon-web-services

I'm trying to access the http_referer in a bitnami wordpress install on aws. It's returning an empty string even tho I'm loading the page from another page in the site, not by directly entering the url.
Same code worked before I moved the site to AWS.
Am I missing something?

The Bitnami WordPress Cloud Image doesn't block or strips the HTTP_REFERER. Apache and PHP are not configured to modify it.
I recommend you to take a look to the next SO case:
In what cases will HTTP_REFERER be empty
There you'll find a bunch of possible reasons why it could be empty. The problem could be related with your browser or the Firewall configuration on your Server.

Related

Redirect wrong URL/path DigitalOcean Spaces

I'm using Digital Ocean Spaces CDN to host a static website, so far so good, if I it my index.html everything is working as expected.
The problem I'm facing now, is that if the user hit any path which that is not index.html it gets back an Access Denied error.
I've looked inside the Digital Ocean Spaces CDN Settings and found nothing about redirecting on wrong url/path
Is there a way I could achieve that?
I would need a service like cloudflare in front of my CDN?
Sorry, but looking around on the web got me nowhere so far.
You need to check a couple of things:
You need to make all HTML files public
Enable File Listing
DO Spaces does not support static page hosting (if someone visits your domain, you cant make redirection from "/" to "/index.html". IMO that's big no no. If you want free static hosting, just use https://www.netlify.com/ or git hosts (Github and Gitlab).

How to do URL masking with Django?

On a Django 1.9 project I need to redirect:
https://example.com/app/
to
https://examplebucket.s3.amazonaws.com/app/index.html
But I need https://examplce.com/app/ to be still visible on the browser address bar...
I know this must be possible in theory with Django because the previous team working on this project did a setup to serve the /static/ media files from an S3 bucket. And if I access those static files via https://example.com/static/app/index.html, they are served from the S3 bucket but the browser address bar still shows the original url I input.
I'm deploying an Ionic Browser project and I want the files (including the index) to be served from the S3 but the url needs to be user friendly, thats the reason.
The old (dirty) way of doing this is frame-based forwarding.
You set up an iframe on a page in /app/ which points at the real app, letting the url stay the same.
It's not considered a good practice because of security issues (can't be sure where you are typing credentials into), and bookmarking issues (url is always the same so can't bookmark inner pages).
Another alternative is to set up a proxy script that just takes the url, turns that into the equivalent aws url, downloads it and then returns it. This would break the benefits of your cloud hosting if it has multiple regions... it would always be passed through the bottleneck of your server.

Force Webpage to be Inaccessible on AWS EC2

I have a website that is being hosted in an AWS EC2 instance. I am using AWS RHEL (the default EC2 option).
Currently, my hosted site (on the instance) is located at: /var/www/public_html/gitRepoName/index.html.
Lets say I have 3 webpages in the directory gitRepoName. So, that would be index.html, aboutMe.html, and adminPage.html. How can I configure the instance such that nobody can manually type in myUrl.com/adminPage.html and get the admin page as a result?
In other words, how do I make sure that my individual webpages can only be accessed via clicking proper href tags I made, and they cannot be accessed by hard-typing in a link. Please comment with any questions.
Thanks in advance for the help!
This is something you have to build on the web page and not on the ec2 itself.You can use php script to get the HTTP_REFERER and check the value is equal to "myUrl.com/index.html"
The code in adminPage would be something like below:
<?php
$ref=$_SERVER['HTTP_REFERER'];
if ($ref!="myUrl.com/index.html")
{
......redirect to index.html
}
?>
I have mentioned the php example since you have not mentioned what script language you are using.If you are using HTML/Javascript then try with document.referrer property in HTML dom.

Run fuel php app in AWS EC2 instance

I have a fuel php application created by one of my friend.Now I want to run it on aws EC2 instance(ubuntu).I can run the application using apache2 and its index page is loading.After facebook connect from index page it is supposed to show my fb friends list. But it is showing a 404 error POST http://ec2xxxxcompute.amazonaws.com/ajax/auth/facebook not found
I can see a get_facebook() method inside controller(/ajax/auth.php).But it is not catching the method.My top level understanding is i need some url mapping in server level.
Can anyone help me to run the app.Any suggestion will be highly appreciated as a biginner
Are any other URL's loading, or only the index page? If that is the case, it might be a rewriting issue.
Is the default .htaccess file still included in the /public folder? Or did your friend change it?
You may not actually be calling your php code at all. Don't you need something like :
http://ec2xxxxcompute.amazonaws.com/ajax/auth.php/facebook

Django, from php to Django

I have a website done with Django, that was previously done with PHP and CodeIgniter. I've moved the website to Webfaction, changed the DNS and all other configurations, but now my email is full of errors like this:
Error (EXTERNAL IP): /index.php/main/leer/7497
I don't know why the Django app is looking for pages from the PHP app, specially since the PHP app was in another host.
Are those URLs from your old site? That's probably a case of people having stale bookmarks, trying to navigate to them, and getting 404s. You might want to consider catching those, and redirecting to the new URL with response code 302.
I can't imagine those errors are caused by Django (except in the sense that the reports are from Django reporting 404s, which it does for free).
I agree with above. Just want to add you should use django.contrib.redirects to move the redirects.
You can read more about it here