HTML Removing Referers On Links And Resources

HTML Removing Referers On Links And Resources

There are many ways to achieve this now in 2018 and pretty much any modern browser will support the various methods that I will be listing below.

    1. Setting the noreferrer in your <a> tag
      <a href="example.com" rel="noreferrer">link</a>
    2. Setting the meta name=’referrer’
      <meta name="referrer" content="no-referrer">

      There are a few options instead of no-referrer (which may prevent POSTs).never,always,origin,default

    3. Ensure your site is browsed over HTTPS
      When your site is ran over HTTPS, referer is not set as part of a security feature.
    4. Use a Data URL (‘data:’)
      <a href='data:text/html;charset=utf-8, <html><meta http-equiv="refresh" content="0;URL=&#39;http://www.example.com/&#39;"></html>'>Link</a>

       

 

Enjoyed the content ? Share it with your friends !

Lockdown port to specific ip address using iptables

Lockdown port to specific ip address using iptables

For good security measure, it is crucial that you lockdown your services (or daemons) that are open for everyone to connect(e.g SSH, VNC) to yourself, or a set group of users.

It is very simple to do so. First, you may wish to check the rules of your iptables using

sudo iptables -S

If you have rules in the INPUT table in place already, and wish to flush(clear) them,

sudo iptables -F INPUT

Now to lockdown the service, in this case

iptables -I INPUT -p tcp -s <your ip> --dport <your port> -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport <your port> -j DROP

So if I wish to lockdown my ssh at port 2201,

iptables -I INPUT -p tcp -s 107.256.256.256 --dport 2201 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 2201 -j DROP

Note: If you port forwarded, you will need to allow localhost(127.0.0.1) in place of <your ip>

Enjoyed the content ? Share it with your friends !

Setting Up Virtual Hosts For XAMPP On Windows

Setting Up Virtual Hosts For XAMPP On Windows

There are many uses for setting up virtual hosts. For example, it can neatly segregate multiple projects that are being developed concurrently. In some cases, it helps to create a development environment that is closer to production. For example, by using virtual hosts, you are able to mimic having domains and subdomains.

HOW TO SETUP

For this tutorial, we will be looking to add a virtual host with the domain name web.devenv. You can, of course replace this name with anything you like, but for the sake of being consistent throughout the tutorial, I will stick with web.devenv

First, you will need to find your hosts file which by default on any Windows version should be at C:\Windows\System32\drivers\etc
Second, edit the hosts file and add in the following lines

127.0.0.1 web.devenv
127.0.0.1 www.web.devenv

Third, find a file called httpd-vhosts.conf in your XAMPP directory. By default, it should be at C:\xampp\apache\conf\extra
Fourth, edit the file and append the following to the end(or bottom) of the file. I will explain relevant fields below.

<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot "C:/dev/php"
        ServerName web.devenv
        ServerAlias www.web.devenv
        ErrorLog "C:/dev/web/logs/test.dev_error_log"
        CustomLog "C:/dev/web/logs/test.dev_access_log" common
        
        <Directory "C:/dev/web">
            Allow from all
            Require all granted  
        </Directory>
</VirtualHost>

DocumentRoot is the root directory where apache will look for files. So in this case, if you would to browse to http://web.devenv/index.php, apache tries to look for a file at the path C:/dev/php/index.php.

ServerName is the domain name that you can use to access. It can be anything, even localhost

ServerAlias is just an alias for ServerName. It can be ww1.web.devenv or ww2.web.devenv and so on

ErrorLog is the path where apache errors will be written to. The directory must exists, otherwise apache will not start. In the above example, C:/dev/web/logs/ must exist (the file however, does not need to exist)

CustomLog is the path where custom logs will be written to. Similarly, the directory must exists, otherwise apache will not start. In the above example, C:/dev/web/logs/ must exist (the file however, does not need to exist)

 

Enjoyed the content ? Share it with your friends !

PHP SQLite3 Check For Constraint Violation

PHP SQLite3 Check For Constraint Violation

Sometimes we may need to use a constraint in our database design (e.g UNIQUE constraint) and want to be able to handle when such violations occur for logging purposes or others.

The PHP library for SQLite3 provides a way for us to know the last error that happened – its error code and message using SQLite3::lastErrorCode and SQLite3::lastErrorMsg

From SQLite documentation on the error code list here, you can see that SQLITE_CONSTRAINT error code is 19. So to check for a constraint violation, it will look something like this

// $this->db is the SQLite3 object / class instance
$last_error_code = $this->db->lastErrorCode();
$last_error_msg  = $this->db->lastErrorMsg();
if( $this->db->lastErrorCode() == self::SQLITE3_CONSTRAINT ) {	
    // Handle CONSTRAINT violations here
}

However, the SQLite3 library for PHP does not provide a way for us to get extended error code (or at least, i’m unable to find it from their documentation page here). Hence, to check for exactly which constraint was violated (e.g UNIQUE), you will have to check the SQLite3::lastErrorMsg instead.

$last_error_msg  = $this->db->lastErrorMsg();
if( strstr($last_error_msg, 'UNIQUE') ) {
   //UNIQUE CONSTRAINT VIOLATION ...
}

 

Enjoyed the content ? Share it with your friends !