Forum

Hi Hugo,

Few more queries:

1. A) I want Hiawatha to allow ONLY my CGI programs a1.exe and a2.exe; placed anywhere in wwwroot folder say, either at C:/wwwroot or C:/wwwroot/cgi-bin or C:/wwwroot/cgi-bin/test_folder etc?. and
B) As of now I?m able to load a.conf to browser; which I don?t want to let happen.

In short, Hiawatha should recognize only a1, a2 and reject any request for any file of any extension; placed anywhere in wwwroot.

Can this be handled?



2. I have used AccessList option and it is working fine. But my concern is, suppose, I have ?n? number of systems in LAN with IP?s as (say, 1.2.*.*)
then should I mention each IP in the AccessList??? I can?t use <deny 1.2.*.*> as my machine IP also would be of the same pattern.

So can we have something on the lines of ?deny request?s from all IP?s except host?????

1a) try adding "Match .* DenyAccess" to the bottom of your toolkit rule.
1b) sounds like bad application design. Configuration files should NEVER be placed inside the webroot directory....

2 You could do something like: AccessList = deny 1.2.3.4, allow 1.2.0.0/16, deny all. This is all described in the manualpage and the F.A.Q. I don't mind helping you, but please read those documents first before posting questions on the forum.

1a) Doesn?t work? trying with some other patterns, will update you?

1b) I expected such a reply from you asking me to read Manual Pages?and that is what I have been doing from past few days and I did it today also?To tell you I have spent almost 3-4 hours to make this AccessList feature work for me and tried all possible things; and when it din?t work I posted message to you for help??

To my surprise: AccessList = allow <My machine IP address>, deny all; has solved my problem!!!!!

And believe me that was the first thing I tried in AccessList in the past few hours and it did not work at all!!!!!!!!!!!!

Now, that?s weird??

Are you not forgetting to restart the webserver after you make a change to the configuration file?

I'm obviously restarting it, Hugo?

Anyways...working on 1a) issue. Please get back if you get any solution?

URL REWRITE USED:

UseToolkit = a1

UrlToolkit {

ToolkitID = a1

Call a2

RequestURI exists Return

Match /*.conf DenyAccess

Match /a1(.*) Rewrite /a1.exe$1



}

UrlToolkit

{

ToolkitID = a2

RequestURI exists Return

Match /a2(.*) Rewrite /a2.exe$1

}



Tested in wigwam and following is the output:

url: /cgi-bin/test/a.conf

old: <403 Forbidden>



But, if I restart the server and access the URL http://localhost:5656/cgi-bin/test/a.conf, it loads the conf file in the browser!!!!



What is going wrong?? Again, how can I block any other exe file from getting executed by the server apart from a1 and a2??

In the above URL rewrite added line <Match /*.exe DenyAccess> after <Match /*.conf DenyAccess>.

When tested in wigwam, giving input as /cgi-bin/test/ExamDiff.exe, the result is as follows:



url: /cgi-bin/test/ExamDiff.exe

old: <403 Forbidden>



But again, when I access the URL, http://localhost:5656/cgi-bin/test/ExamDiff.exe it is allowing its execution!!!!!!

Note: I placed the ExamDiff.exe (you can try with any other exe also) at C:/wwwroot/cgi-bin/test.



What is going wrong? Why am I not getting <403-Forbidden> error page in browser???

I cleared the cache and restarted the server, but still the issue persists?

This configuration works for me:

UrlToolkit {
    ToolkitID = a12
    Match /a.conf DenyAccess
    RequestURI exists Return
    Match /a1(.*) Rewrite /a1.exe$1
    Match /a2(.*) Rewrite /a2.exe$1
}

Note that the DenyAccess must come before the RequestURI line.

Hi Hugo,


Thanks a lot for your inputs?.Finally?.the problem is solved.

I am very very very very happy with HIAWATHA now?

It?s just responding the way I want!!!!!!!!!!!!!!

No junk and bulk Config settings, I need not be a pro at the things, easy to understand, simple and straight forward!!!!

I have used the following URL rewrite:

UseToolkit = a1
UrlToolkit {
    ToolkitID = a1
    Match / Skip 1
    Match /.* DenyAccess     
    Match /a1 Skip 2
    Match /a2 Skip 1
    Match /.* DenyAccess 
    Match /*.conf DenyAccess     
    Call a2
    RequestURI exists Return
    Match /a1(.*) Rewrite /a1.exe$1 
}

UrlToolkit {
    ToolkitID = a2
    RequestURI exists Return
    Match /a2(.*) Rewrite /a2.exe$1 
}

With this; server does the following things:

1. Serves request having a1 in them
2. Serves request having a2 in them
3. Serves request http://localhost:5656
4. Denies all other request?s????.

1. Is it technically correct and good to go with? (Should be!!! as it works more than fine for me?)
2. Can we achieve the same behavior in lesser number of lines??

I find it so weird that the rules which work for me don't work for you.... About your solution: if it works, its oke. But.... the following line is strange:

Match / Skip 1

Since every URL starts with a slash, this rule always matches. So, it will always skip the next line.....

Can you give some information about your OS?

Oh yes, you are correct!!

I wanted server to serve only this particular request http://localhost:5656; other than requests for a1 and a2.

For this I added the two lines:

Match / Skip 1

Match /.* DenyAccess

It loaded the homepage after this and earlier it was giving 403-Forbidden error?May be I did not clear the cache and was mistaken.

I have removed these two lines; can you suggest some solution for this???



My machine OS details are: Microsoft Windows XP Professional Version 2002 Service Pack 2. Do these details suffice??



A new problem?.

I?m testing Hiawatha on Vista machine; Machine details are: Windows Vista Enterprise, Copyright 2007 Microsoft Corporation, Service Pack 1

I?m using the all the files same as the one my machine; for Hiawatha.

It?s throwing 403-Forbidden error for all requests except http://localhost:5656.

Do we have any changes specific to Vista? I suppose not?

Anyways I am not completely through with testing it; I should check behavior in wigwam too. Anyways, I?ll update you again...

Hiawatha was originally designed for Linux (Unix). The Windows version works via Cygwin. I guess it's not that solid as I thought it was. I shall do some more Windows testing myself.....

Hi Hugo,

Hiawatha is working on Vista too?It is working the same way as it is working on XP?.Sigh of relief from my end?

The only problem was with folder access rights and permissions. I granted full rights to folders Hiawatha and wwwroot and it started working fine?



You did not reply to my question above as ?How can I make Hiawatha server request for homepage (http://localhost:5656/) using the URL toolkit minus the lines <Match / Skip 1> and <Match /.* DenyAccess> I mentioned in the posts above?

First, don't use a question mark after every sentence, please. Now I don't know whether you are asking a question or just giving information. It's very confusing.

Since Vista is a very crappy OS, I don't give any guarantee that Hiawatha will work on it. I don't use Vista, so I can't test anything on it. You are on your own on that platform.

My problem with your URL rewriting problem is that I don't know why my rules are not working for you. I've tested them on several XP machines and they work al fine here. Since I'm not behind your computer, I can't see what is going wrong...

Hi Hugo,

Hiawatha is working on Vista too?It is working the same way as it is working on XP?.Sigh of relief from my end?

The only problem was with folder access rights and permissions. I granted full rights to folders Hiawatha and wwwroot and it started working fine?



You did not reply to my question above as ?How can I make Hiawatha server request for homepage (http://localhost:5656/) using the URL toolkit minus the lines <Match / Skip 1> and <Match /.* DenyAccess> I mentioned in the posts above?

I?m not using ANY QUESTION MARK WITHOUT PURPOSE in the messages?I have been through my GRAMMAR classes, Hugo!!!

Whenever I use apostrophes or single/double inverted comma, three dots in a row etc?this happens!!!! I had to analyze this after seeing your harsh reply. Hope you remember that in one of my posts every time a smiley was getting introduced and you fixed it as well, so in such cases fault is not at my end!!!!

The other time you asked me to send posts in a single message, that again was not my problem because the website did not let me do it?posting lengthy messages always showed a ?Message seen as spam? error. So I would break them up in chunks and post; that?s weird but I REALLY DID FACE THIS PROBLEM ? and now on top of it I?m completely not able to post in the forum at all.

Having given my OS details too, even I do not know what?s wrong. I believe; OS is not location specific!!!

For sure, there will again be some question marks inserted after this message is posted!!!

Relax mister, I wasn't using any strong language. So there is no need to feel offended. My reply was far from harsh.

Hey Hugo,

It?s ok!! No issues and hard feelings; take care

<a href=http://cranskidsteer.info/grulla+goods+furniture+store+new+holland+pa.html>goods furniture store new holland pa</a> good forum buddy keep it up.