Home
Search results “Nginx options method not allowed”
Avoiding the "405 Method Not Allowed" Error in Flask
 
03:54
405 Method Not Allowed is a common error that beginners get while using Flask. In this video, I'll talk about why it happens and how to prevent it.
Views: 16477 Pretty Printed
CORS access control allow origin [SOLVED]
 
08:42
No access-control-allow-origin-header is present on required resource. Origin is therefore not allowed access Following is the solution to above problem. Copy code given in following link to your Web.Config of your file in System.WebServer tag https://amolwabale.blogspot.in/2017/06/cors-access-control-allow-origin-header.html
Views: 104668 Code Bandit
Solution of no access control allow origin error using forward proxy and NGINX
 
10:14
Commands and configuration text https://github.com/valeednaveed/nginx-configuration-for-cors
Views: 427 Blunt Dagger
NGINX - HTTP Protocol POST Header Trace
 
14:40
NGINX - HTTP Protocol POST Header Trace In this video you will learn about POST Method, Header, and Trace Method
Views: 2389 Learning Center
NGINX - HTTP Protocol Option and Response
 
15:39
Understanding HTTP Protocol Option and Response in nginx.
Views: 1643 Learning Center
Introduction to Frame-busting, X-Frame-Options HTTP Header and Click-Jacking
 
03:50
Author: Jeremy Druin Twitter: @webpwnized Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized! Description: Using Mutillidae, we contrast JavaScript frame busting code and the X-FRAME-OPTIONS header. The two methods are compared on a site being framed. The site is framed inside of an iframe tag and the two methods prevent the site from appearing in the iframe. These two methods are useful in helping with cross site framing and click-jacking. Mutillidae is a free web application with vulnerabilities added on purpose to give security enthusiast and developers an application to practice various attacks and defenses. It is a free download on Sourceforge. Updates on Mutillidae are tweeted at @webpwnized. The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
Views: 23232 webpwnized
How to Fix CORS Issues with Native HTTP Calls
 
13:31
Checkout my Ionic Academy: https://ionicacademy.com/ The training platform for everything Ionic! ############################# Want to read instead of watch? Here's the full tutorial: https://ionicacademy.com/fix-cors-issues-native-http Want more tutorials? Here you go! https://devdactic.com/ Just getting started? Take my 7 Day Ionic Crash Course: https://ionicacademy.com/ionic-crash-course/ ############################# You can also find me... on http://instagram.com/simongrimm_ on https://twitter.com/schlimmson on https://www.facebook.com/devdactic #############################
Views: 1732 Simon Grimm
Ud897 L5 A05 L CORS
 
01:30
Check out all of Udacity's courses at https://www.udacity.com/courses
Views: 450 Udacity
Apache Secure Tutorial: Hide HTTP Header and Disable Directory Listing
 
04:33
This is one of the basic secuirty hardening and first steps, by default server will show the OS information and Apache version in the footer whenever a page not found or any other requests replies. One of the first steps when you start securing your Apache server is to disable the directory browsing, you don't want anyone to browse your file and know the structure. Other Apache Hardening Tutorials: 1- Secure Apache Web Server - Use SSLScan and Disable Ciphers: https://goo.gl/mb7pYz 2- Apache Secure Tutorial: Hide HTTP Header and Disable Directory Listing: https://goo.gl/VqcLrG 3- Apache Hardening Tutorial: Disable HTTP Trace / Cross Site Method https://goo.gl/KJnbDS Disable Server Response Header vi /etc/httpd/conf/httpd.conf Add ServerTokens Prod Save Restart Apache service httpd restart "RHEL/CentOS 6 and earlier versions" systemctl restart httpd "RHEL/CentOS 7 and earlier versions" Disable Apache Trailing Footer vi /etc/httpd/conf/httpd.conf Add ServerSignature Off Save Restart Apache service httpd restart "RHEL/CentOS 6 and earlier versions" systemctl restart httpd "RHEL/CentOS 7 and earlier versions" n this example i will disable browsing for /var/www/html/dotsway folder. vi /etc/httpd/conf/httpd.com Add below to the directory part Options -Indexes Save Restart Apache service httpd restart OR systemctl restart httpd
Views: 3632 dotsway
HTTP Method - TRACE
 
01:47
Java Source Code here: http://ramj2ee.blogspot.in/2014/03/http-method-trace.html HTTP Method - TRACE. JavaEE Tutorials and Sample code - Click here : http://ramj2ee.blogspot.in/
Views: 8623 Ram N
Configure a proxy for your API calls with Angular CLI
 
03:46
During development, you often end up in the situation where you have your backend API server running at one address (i.e. localhost:3000) while your frontend development server runs on another (i.e. localhost:4200). In this video we will learn how to configure your Angular CLI setup to get the best development experience, by proxying your API calls to the correct backend server.
Views: 66868 Juri Strumpflohner
Client IP in NGINX reverse proxy
 
08:25
Learn how to use Host, X-Forwarded-For and X-Real-IP headers in a smart way to pass client information through NGINX proxy. ------------------ Deploying Node playlist: https://www.youtube.com/playlist?list=PLQlWzK5tU-gDyxC1JTpyC2avvJlt3hrIh
Views: 6882 Juriy Bura
CORS quick explaination and demo [CORS error solved]
 
03:30
This video explains about CORS. and shows a small demo on it provides solution to developers who are experiencing cors-errors CODE : https://github.com/Shivakishore14/CORS-demo
Views: 27965 Code Freaks
HTTP Protocol with method | PUT, GET, DELETE, POST, HEAD, OPTIONS, TRACE | Part -1
 
11:57
Follow me on FaceBook: https://www.facebook.com/TechTalkDebu Instagram: next_d_paul and LinkedIn : https://www.linkedin.com/in/debu-paul-2817a5121/ if you like my video, please subscribe to my channel and share the video The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. There are three basic features that make HTTP a simple but powerful protocol: HTTP is connectionless , HTTP is media independent , HTTP is stateless The HTTP protocol is a request/response protocol based on the client/server based architecture where web browsers, robots and search engines, etc. act like HTTP clients, and the Web server acts as a server. By Default request method of the http protocol is GET. whenever we visit any websites we call with GET method. HTTP Method : GET - The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data. POST - A POST request is used to send data to the server, for example, customer information, file upload, etc. using HTML forms. PUT - Replaces all the current representations of the target resource with the uploaded content. DELETE - Removes all the current representations of the target resource given by URI. CONNECT - Establishes a tunnel to the server identified by a given URI. OPTIONS - Describe the communication options for the target resource. TRACE - Performs a message loop back test along with the path to the target resource. HEAD - Same as GET, but it transfers the status line and the header section only. HTTP OPTIONS introduce in HTTP 1.1 ( earlier HTTP version was HTTP 1.0 ) Sample Server side Code : @OPTIONS @Produces(MediaType.APPLICATION_JSON) @Path("/") public Response optionsForBookResource() { return Response.status(200) .header("Allow","POST, PUT, GET") .header("Content-Type", MediaType.APPLICATION_JSON) .header("Content-Length", "0") .build(); } Thanks & Regards, Debu Paul
Views: 111 TechTalk Debu
Angular 6 Tutorial 13: Configure Proxy for API calls
 
06:33
This tutorial shows you how to configure a proxy for API calls in Angular to avoid CORS problem associated with it. Full Series: http://bit.ly/angular6 GitHub: https://github.com/mehulmpt/angular6-youtube My ES8 Book: http://bit.ly/learn-es2017 Amazon link: http://amzn.to/2BoW5am
Views: 37968 codedamn
[Solved] CORS problems and No Access-Control-Allow-Origin header errors with Ionic
 
02:26
Fixed CORS problems and No Access-Control-Allow-Origin header errors with Ionic. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. Add these 3 line code in your header. header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST'); header("Access-Control-Allow-Headers: X-Requested-With");
Views: 1893 Web Host Guru
How to Setup SSL with NGINX
 
03:38
This video shows the basics of setting up SSL with NGINX and shows how you can force traffic from port 80 HTTP to port 443 HTTPS. https://www.nginx.com/blog/nginx-ssl/
Views: 12879 NGINX, Inc
Hacking Using HTTP Methods
 
02:27
Hacking Using HTTP PUT and DELETE Method.... Here i Used a Very Flexible Tool Called BurpSuite to Send HTTP Request to Server... There is Also automated Python Script for PUT called "PUT.py"
Views: 45198 Vizay Soni
How to Fix the 403 Forbidden Error in WordPress
 
06:32
The 403 Forbidden error is one of the more annoying errors that can crop up on a WordPress site. The 403 Forbidden error is shown when your server permissions are not allowing you to visit a specific page. This can seem like a daunting error to fix but we're here to show you some of the ways you can fix the 403 forbidden error in WordPress. Of the posibilities that could cause this would be one of your plugins causing this error. To fix this we will use FTP, if you do not know how to use FTP you would want to take a look at our article: http://www.wpbeginner.com/beginners-guide/how-to-use-ftp-to-upload-files-to-wordpress-for-beginners/ With FTP connected to your site you will want to rename your plugins folder to anything other than plugins to force the plugins to deactivate and once you log in you will be able to set the folder name back to plugins to return the deactivated plugins to your site. If your issue was not from your plugins the next possibility would be your .htaccess file. If you do not see the file, ensure that you are displaying hidden and/or dot files in the FTP you are using to access your files. Rename the .htaccess and that shoudl allow you to visit the site if it was an issue with the .htaccess file. Our final recommendation will be to edit the file permissions in case a plugin or your hosting provider changed the permissions. If you do not feel confident in attempting this step we would recommend reaching out to your hosting provider. Text version of this tutorial http://www.wpbeginner.com/wp-tutorials/how-to-fix-the-403-forbidden-error-in-wordpress/ If you liked this video, then please Like and consider subscribing to our channel for more WordPress videos. Check us out on Facebook https://www.facebook.com/wpbeginner Follow us on Twitter http://twitter.com/wpbeginner Checkout our website for more WordPress Tutorials http://www.wpbeginner.com
Solving "Access-Control-Allow-Origin" in localhost NodeJS + Express
 
02:03
bypassing the "Access-Control-Allow-Origin" error when accessing your Node JS app locally. Just paste this code in your app.js: app.use(function(req, res, next) { res.header('Access-Control-Allow-Origin', "*"); res.header('Access-Control-Allow-Methods','GET,PUT,POST,DELETE'); res.header('Access-Control-Allow-Headers', 'Content-Type'); next(); })
Views: 54878 Clint Gh
CORS | Laravel + Angular 2 / Vue.js 2
 
09:02
Learn how to use Laravel and Angular 2 or Vue.js 2 together. This videos explains how you can enable CORS to allow your Angular 2 app to access your backend. The full source code can be found in the following Github repo (choose the right branch!): https://github.com/mschwarzmueller/laravel-ng2-vue Want to dive deeper into Laravel, Angular 2 or Vue.js 2? Consider diving into my courses on Udemy and Pluralsight: Angular 2 - The Complete Guide: https://www.udemy.com/the-complete-guide-to-angular-2/?couponCode=YOUTUBE_2 Vue.js 2 - The Complete Guide: https://www.udemy.com/vuejs-2-the-complete-guide/?couponCode=YOUTUBE_VUE Laravel - The Basics: https://www.pluralsight.com/courses/laravel-php-framework-getting-started-the-basics Laravel - Models & Data: https://www.pluralsight.com/courses/laravel-php-framework-getting-started-models-data Building a RESTful API with Laravel: https://www.pluralsight.com/courses/php-laravel-restful-web-services Want to get some 1-on-1 coaching with experienced developers? Have a look at Savvy: https://www.savvy.is/?ref=9fee2b (Discount Code 9fee2b) You can follow me on Twitter (@maxedapps), Facebook (https://www.facebook.com/academindchannel/) or visit our Website (https://www.academind.com). See you in the videos!
Views: 26922 Academind
403 Forbidden
 
04:33
A 403 Forbidden error is a particular type of error that occurs when trying to access a URL. There are a couple of possible causes to an HTTP 403 error, and we'll take a look at those along with the possible resolutions. Get more answers to technical questions at http://www.helpdesk-blog.com If you'd like to learn more about Help Desk Premier, please visit us at http://www.help-desk-software.com 403 Forbidden Errors -- Finding and Fixing the Source A 403 Forbidden error is a particular type of error that occurs when trying to access a URL. If you're seeing a 403 Forbidden error, there are two possible causes. It could be due to a removal of file permission, or restriction of access based on the IP address of the user. The second possible cause is accidental misconfiguration of the webserver. As mentioned, a lack of proper permission access to the file or resource can cause 403 forbidden error. This will result in a 403 error, sometimes combined with a 404 file not found error stating the following message: "Forbidden You don't have permission to access /asd.html on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request." However, the title of the web page will display a 403 Forbidden error. To fix a http 403 error, you should set proper permissions for a folder or a file. Normal file permission is 644 and folder permission is 755. File/folder permissions can be set using variety of ways. In Windows Web Hosting, it's simply set using IIS. Open Internet Information Service Manager: Select the relevant website or folder, and set the necessary permissions via "Edit Permissions". However, if you are using shared hosting, you may not be able to access the IIS Manager or the Apache configuration file to set file/folder permissions. In this case, permissions can be easily set using FileZilla FTP client, or through the cPanel interface f or the particular web resource. You can download the FileZilla FTP client from the URL below: http://filezilla-project.org/download.php?type=client Install it and run. Then access the web resource using your FTP details in the area marked as (1). Right click and select the file or folder for which you intend to change permission, and select the "File Permissions ..." option in the area marked as (2). Next let's look at how to fix the permission of a folder which generates a 403 error. The rectified permission value will be 755. If you are having an issue with file permission, you should set the file's permission value to 644 instead of 755. If the cause of the 403 error is restricted access based on IP address, you will see a message somewhat similar this: "Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while typing an ErrorDocument to handle the request. " If you have cPanel access, check whether you have properly configured the IP Deny Manager. It may be that you have added your own IP range accidentally. If so, click on IP Deny Manager and remove any unnecessary IP deny lists. If it is an Apache server, you can do this by editing ".htaccess" file. To edit the .htaccess file you must have direct access to files in the hosting space, or you may use FTP or SSH. You can download and edit ".htaccess" file using a text editor such as Notepad. In the ".htaccess" file you may see something similar to these lines. Edit or remove deny lists as you wish: Sometimes the ".htaccess" file is not visible in the hosting space, and as such can't be found for viewing or download. If so, you need to enable viewing of hidden files by clicking the "Server" tab and ticking the "force showing hidden files" box in your FileZilla FTP client. To Remove IP restrictions Using IIS 7.5 in Microsoft Windows Server 2008 R2 Select the website or directory in the Internet Information Services Manager and click on "IP Address and Domain Restrictions": Remove unnecessary IP addresses or ranges 403 Forbidden errors can occur if there's no default index page present when directory browsing is denied. For example if you are using IIS 7.5 in Microsoft Windows Server 2008 R2, you will receive something similar to the 403 Forbidden error below, if directory browsing is denied. This error will be 403.14 - directory listing denied. Fix the 403.14 error by either creating an index.html /index.php file, or enabling the directory browsing. To Enable directory browsing Open IIS Manager and select the appropriate web folder/web site , and click on "Directory Browsing": Then click on enable ... Other than above causes, there's one other possible source of a 403 Forbidden error if you are using Apache. It's possible that the error stems from your mod_security rules if directory listings have been disabled in the server using the mod_proxy extension. It may be worth checking those settings if you are using an Apache server.
Views: 451605 Help Desk Premier
Deploying Flask Apps to an Ubuntu Server
 
13:58
If you have an Ubuntu server somewhere out there, I'll show you how to install the tools necessary to run Flask apps. I wouldn't recommend this path, but it's good to know if you're curious. Nginx:http://nginx.org/en/ Gunicorn: http://gunicorn.org/ Web Development Courses: https://prettyprinted.com Flask Cheatsheet: https://prettyprinted.com/flaskcheatsheet Subscribe: http://www.youtube.com/channel/UC-QDfvrRIDB6F0bIO4I4HkQ?sub_confirmation= Twitter: https://twitter.com/pretty_printed Facebook: https://www.facebook.com/prettyprintedtutorials/ Github: https://github.com/prettyprinted Instagram: https://www.instagram.com/pretty_printed Google Plus: https://plus.google.com/+PrettyPrintedTutorials
Views: 39987 Pretty Printed
Connect to localhost apache from another device in the same lan
 
03:36
Connect to localhost apache from another device in the same lan. copy these lines to Directory Options FollowSymLinks AllowOverride None Order deny,allow Allow from all
Views: 69670 Web development
Understanding how CORS works in AWS S3
 
07:30
Understanding how CORS works in AWS S3
Views: 3101 Open Source For Geeks
Server einrichten - X-Frame-Options bei nginx gegen Clickjacking
 
04:54
In diesem Tutorial schauen wir uns X-Frame-Options an, die gegen Clickjacking helfen können. ACHTUNG: HK-HOSTING EXISTIERT NICHT MEHR! Die Techniken ab Video 5 sind allerdings immer noch genauso gültig wie immer. Bei Fragen einfach schreiben. ❤❤❤ Früherer Zugang zu Tutorials, Abstimmungen, Live-Events und Downloads ❤❤❤ ❤❤❤ https://www.patreon.com/user?u=5322110 ❤❤❤ ❤❤❤ Keinen Bock auf Patreon? ❤❤❤ ❤❤❤ https://www.paypal.me/TheMorpheus ❤❤❤ 🌍 Website 🌍 https://the-morpheus.de ¯\_(ツ)_/¯ Tritt der Community bei ¯\_(ツ)_/¯ ** https://discord.gg/BnYZ8XS ** ** https://www.reddit.com/r/TheMorpheusTuts/ ** ( ͡° ͜ʖ ͡°) Mehr News? Mehr Code? ℱ https://www.facebook.com/themorpheustutorials 🐦 https://twitter.com/TheMorpheusTuts 🐙 https://github.com/TheMorpheus407/Tutorials Du bestellst bei Amazon? Bestell über mich, kostet dich null und du hilfst mir »-(¯`·.·´¯)-» http://amzn.to/2slBSgH Videowünsche? 🎁 https://docs.google.com/spreadsheets/d/1YPv8fFJOMRyyhUggK8phrx01OoYXZEovwDLdU4D4nkk/edit#gid=0 Fragen? Feedback? Schreib mir! ✉ https://www.patreon.com/user?u=5322110 ✉ https://www.facebook.com/themorpheustutorials ✉ https://discord.gg/BnYZ8XS ✉ [email protected] oder schreib einfach ein Kommentar :)
OWASP DevSlop E02 - Security Headers!
 
56:35
Franziska Bühler and Tanya Janca add security headers to their website, DevSlop.co and continue their DevSecOps learning journey. https://www.owasp.org/index.php/OWASP_DevSlop_Project Security Headers Used: x-frame-options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Websites Shown: https://securityheaders.com/ https://www.hardenize.com/
Views: 488 SheHacksPurple
Ruby on Rails - Techno Devs #1 Rake Cors - Solution for cross origin error
 
11:12
hi Now we are going to see cross-origin error solution in rails 5 let's go create a sample API project Create scaffold Let create simple api request in ajax or javascript So we need to add a gem called rake-cors 0 https://github.com/cyu/rack-cors goto config --- application.rb config.middleware.insert_before 0, Rack::Cors do allow do origins '*' resource '*', headers: :any, methods: [:get, :post, :options] end end [:get, :post, :options] here you can add methods.. That's all Thanks for watching Subscribe us Rack:: Cors provides support for Cross-Origin Resource Sharing for Rack compatible web applications. The CORS spec allows web applications to make cross-domain AJAX calls without using workarounds such as JSONP. See Cross-domain Ajax with Cross-Origin Resource Sharing -~-~~-~~~-~~-~- Please watch: "How to download youtube videos without any software" https://www.youtube.com/watch?v=blbd7Cl7Tu4 -~-~~-~~~-~~-~- Like our Facebook Page: https://www.facebook.com/technoscrap
Views: 46 Techno Devs
How to Create a CSR using MMC
 
05:56
In this tutorial we will guide you through the process of creating a Certificate Signing Request or CSR using Microsoft Management Console (MMC). Scroll down for further details: ********************************************************************* GlobalSign is a WebTrust-certified certificate authority (CA) and provider of Identity Services. Founded in Belgium in 1996, the company offers a diverse range of Identity service solutions. GlobalSign provides PKI and Identity and Access Management services to provide enterprises with a platform to manage internal and external identities for the Internet of Everything. The services allow organizations to deploy secure e-services, manage employee and extended enterprise identities and automate PKI deployments for users, mobile, and machines. #SSL #PKI #IoT ********************************************************************* ✔ We've been a Certificate Authority for over 20 years! 🌎 Visit the link to find out more about GlobalSign: ➪ https://www.globalsign.com/ 🔒 Click below to explore our SSL options: ➪ https://www.globalsign.com/en/ssl/ ☁ Scalable options made available for business and enterprise levels, visit the link below to find out more details: ➪ https://www.globalsign.com/en/enterprise/ ********************************************************************* 👉 Follow our Social Networks and stay connected: ● Facebook - https://www.facebook.com/GlobalSignSSL/ ● Twitter - https://www.twitter.com/globalsign ● Google Plus - https://www.google.com/+globalsign ● LinkedIn - https://www.linkedin.com/company/928855/ *********************************************************************
Views: 2998 GlobalSign
Finding HTTP Headers For HTTP Post
 
01:15
Learn how to use the HTTP post method to post contact forms and more without running a browser at all! In this video I use: https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/ to help me find the details on the post. Once you find the parameters you can do it over and over again with sockets. In my next video I will show you how to submit the data using the parameters found in this video. HTTP headers http chrome example firefox case sensitive accept content-type cache-control no cache referer authentication addon apache accept-language json asp.net android access-control-allow-origin and caching browser basic type body base64 best practices boundary bad request basics check cookie c# connection close charset date download file disable header dnt delimiter filename dump data gzip expires encoding etag extension enable content expiration error utf-8 encrypted over ssl for dummies format static resources force ie get google post compression geolocation godaddy generator host have already been sent html html5 htaccess p3p https how to use set in javascript php iphone iis internet explorer curl image safari java jquery jsp jersey jpg js jax-ws keep-alive timeout key value kerberos live keyboard shortcut koc fetching keep alive what kind of is passed via response list location last modified length link locale limit lookup lowercase max multiple values mime max-age method mobile device detection mozilla mac address nginx naming convention .net new line name never noindex nodejs ntlm online origin order options only opera on os oauth headers_out plugin perl proxy python pdf pragma parameters query string quotes quick reference q quoted ¿live qué es http_query raw headers\u003cb\u003e crlf rfc redirect rest rails ruby refresh r n remote_addr separator status code security syntax set-cookie spec risk sniffer tutorial test prevent timestamp timezone tester tab telnet token user agent unicode username password underscore url uri vs vary viewer view version valid characters soap variables cookies wiki wireshark w3schools w3c wcf web config wordpress with firebug windows x prefix xml forwarded x-ua-compatible x_csize 0 xmlhttprequest x-powered-by x-cache xss yoyo youtube yii your do you where put zip zend zend_soap_client zend_http_client client framework
Views: 12128 Patrick Miles
Server einrichten - X-XSS-Protection bei nginx
 
03:34
In diesem Tutorial schauen wir uns den X-XSS-Protection-header an. ACHTUNG: HK-HOSTING EXISTIERT NICHT MEHR! Die Techniken ab Video 5 sind allerdings immer noch genauso gültig wie immer. Bei Fragen einfach schreiben. ❤❤❤ Früherer Zugang zu Tutorials, Abstimmungen, Live-Events und Downloads ❤❤❤ ❤❤❤ https://www.patreon.com/user?u=5322110 ❤❤❤ ❤❤❤ Keinen Bock auf Patreon? ❤❤❤ ❤❤❤ https://www.paypal.me/TheMorpheus ❤❤❤ 🌍 Website 🌍 https://the-morpheus.de ¯\_(ツ)_/¯ Tritt der Community bei ¯\_(ツ)_/¯ ** https://discord.gg/BnYZ8XS ** ** https://www.reddit.com/r/TheMorpheusTuts/ ** ( ͡° ͜ʖ ͡°) Mehr News? Mehr Code? ℱ https://www.facebook.com/themorpheustutorials 🐦 https://twitter.com/TheMorpheusTuts 🐙 https://github.com/TheMorpheus407/Tutorials Du bestellst bei Amazon? Bestell über mich, kostet dich null und du hilfst mir »-(¯`·.·´¯)-» http://amzn.to/2slBSgH Videowünsche? 🎁 https://docs.google.com/spreadsheets/d/1YPv8fFJOMRyyhUggK8phrx01OoYXZEovwDLdU4D4nkk/edit#gid=0 Fragen? Feedback? Schreib mir! ✉ https://www.patreon.com/user?u=5322110 ✉ https://www.facebook.com/themorpheustutorials ✉ https://discord.gg/BnYZ8XS ✉ [email protected] oder schreib einfach ein Kommentar :)
Custom Header DroidinjecT For OpenVPN
 
11:49
http-proxy 128.199.83.73 80 http-proxy-retry http-proxy-option VERSION '1.0' http-proxy-option CUSTOM-HEADER Host line.naver.jp http-proxy-option CUSTOM-HEADER X-Online-Host m.facebook.com http-proxy-option CUSTOM-HEADER X-OpenVPN-Agent openvpn-2.2.2-ost http-proxy-option CUSTOM-HEADER Connection Keep-Alive http-proxy-option AGENT 'Mozilla/5.0 (Linux; Android 5.1.1; Nexus 5 Build/LMY48B; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/43.0.2357.65 Mobile Safari/537.36' Try: DroidInjecT For OpenVPN https://goo.gl/7ZioZV Supported: https://www.facebook.com/radioimzers https://www.facebook.com/groups/DroidInjecT.For.SSH.VPN
X frame options
 
00:54
Views: 969 Abe Nunez
Ionic Mobile Apps | S1P24 | HttpClientModule so we can do HTTP Requests
 
03:52
In this series we will look at some Basics of making Mobile Apps using the Ionic Framework. The main goal of this series will be to make and deploy a Android and iPhone application. We will use a simple REST API for getting data and we will also talk about storing data on a phone. We will talk about how to view our app in an Emulator and on a physical device. And properly a lot more, hope you enjoy it.. :) To get the code for each of the videos in this series goes to: https://github.com/EASV/ionic_starter Important Links: Download Webstorm: https://www.jetbrains.com/webstorm/download Suggestion Guide to Setup Webstorm (watch first 10 min.): https://www.youtube.com/watch?v=upgjCMHGpwo Angular.io: https://ionicframework.com/ NodeJS: https://nodejs.org/en/ ..more to come...
Views: 316 Lars Bilde
Introduction to Cache-Control and Pragma no-cache Headers
 
04:28
Author: Jeremy Druin Twitter: @webpwnized Description: Using Mutillidae, we look at cache-control headers for HTTP 1.0 and HTTP 1.1. Mutillidae is a free web application with vulnerabilities added on purpose to give security enthusiast and developers an application to practice various attacks and defenses. It is a free download on Sourceforge. Updates on Mutillidae are tweeted at @webpwnized. Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized! The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
Views: 11540 webpwnized
Cross-Site Scripting Explained - Part 6: HTTPOnly Cookies
 
04:07
Author: Jeremy Druin Twitter: @webpwnized Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized! Description: Using Mutillidae, we look at the effect HTTPOnly cookies have when a page is infected with a cross site script. The demonstration is primarily targetted at developers who wish to understand better why it is a good idea to set cookies with the HTTPOnly flag. A better solution would be to have all cookies be HTTPOnly unless the developer overrides. Mutillidae is a free web application with vulnerabilities added on purpose to give security enthusiast and developers an application to practice various attacks and defenses. It is a free download on Sourceforge. Updates on Mutillidae are tweeted at @webpwnized. The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
Views: 18399 webpwnized
Building a Angular4+ Web App | S4P44 | Testing fix of CORS locally and pushing solution to Azure
 
03:06
This is the fourth series in a course of five series about building 2 Tier Web Applications. All previous series in this full course will be linked below as playlists. The first series about C# Basics: https://www.youtube.com/playlist?list=PL8jcXf-CLpxpN2bB-MJ1xm_TSWRsCpu_l The second series about C# and software architecture: https://www.youtube.com/watch?v=4C-A-NOTc3g&list=PL8jcXf-CLpxrVWNlN42J_ve_JJKuZMv61 The Third Series was about making a REST API in .net Core: https://www.youtube.com/playlist?list=PL8jcXf-CLpxqNy7VsWPoZmigZZ6E6WKri This is part of the Fourth Series about making an Angular Web Application: https://www.youtube.com/playlist?list=PL8jcXf-CLpxpVgGzlbFkNibX4o_-QJwPG The overall goal of the course is to learn how to build Distributed Software Systems and also how to code a fully featured Web Application with the newest technology (Late 2017). We will be using .Net Cores (C#) Web API as a Rest API on the Backend Tier, Angular4+ (Typescript) as the Frontend Tier and we will persist our data in an MSSQL database using the Entity Framework. In the end, we will build a fully featured web application where we will address most of the issues that arise when developing a real-world web application. To get the code for each of the videos in this series goes to: https://github.com/EASV/CustomersApp Important Links: Download Webstorm: https://www.jetbrains.com/webstorm/download Setup Webstorm: https://www.youtube.com/watch?v=upgjCMHGpwo Angular.io: https://angular.io/ NodeJS: https://nodejs.org/en/ CORS - .net Core https://docs.microsoft.com/en-us/aspnet/core/security/cors ..more to come...
Views: 378 Lars Bilde
Prevent Click Jaking Attack of your Apache web server
 
02:29
To remove Click jacking attack There are three settings for X-Frame-Options: 1. SAMEORIGIN: This setting will allow page to be displayed in frame on the same origin as the page itself. 2. DENY: This setting will prevent a page displaying in a frame or iframe. 3. ALLOW-FROM uri: This setting will allow page to be displayed only on the specified origin. Implement in Apache, IBM HTTP Server Add following line in Apache Web Server’s httpd.conf file Header always append X-Frame-Options SAMEORIGIN OR Implement in shared web hosting If your website is hosted on shared web hosting then you won’t have permission to modify httpd.conf. However, you can implement this by adding following line in .htaccess file. Header always append X-Frame-Options SAMEORIGIN Now you may check using https://tools.geekflare.com/web-tools/x-frame-options-test Success.
Views: 2253 Web illusion
Installing and Configuring Web Server in Linux  -Step by Step Method
 
59:11
Apache is the Web Server most frequently used on the Internet today. This tutorial covers its installation and and configuration in Red Hat Linux 6.0 and 7.0. The CD-ROM distribution includes an Apache package, but you can also download Apache for free. • Installing Apache Mount the CD-ROM 1 and install the package for apache. The package will automatically create all the directories for you besides installing the software. The document root will be placed in /home/httpd in 6.0 and in /var/www in 7.0. The server root will be located in /etc/httpd. The path to the apache program will be /usr/sbin/httpd. • Configuring Apache in 6.0 Apache comes with the three configuration files mentioned above already with basic configuration information. Your job will be to tailor these configuration files to your needs. In this tutorial we will only deal with some basic features you need or may be interested in adding to your Web server. 1. httpd.conf: this is the configuration file related to the server in itself. Open the file httpd.conf in Kedit or any other text editor like Pico or Emacs. You are supposed to find the line ServerNameand enter the FQDN of your machine, and also find the line ServerAdmin and enter your e-mail address. The server comes configured to run in standalone mode, to listen in port 80, with user and group nobody privileges (low level of permissions for security reasons), and you don't need to change these options. 2. access.conf: this is the configuration file related to access to directories and services in the Web server. Again, open the file access.conf in a text editor. Look for the section that starts with and look for the Options line and change it to allow Server Side Includes, but disabling scripts to be run from a Web page, as follows: Options Indexes Includes FollowSymLinks IncludesNOEXEC. This will allow the dynamic dating of your changes, the dynamic display of time and date in your pages, but will prevent scripts to be run outside of your cgi-bin directory. For example, will be displayed as Saturday July 22, 2017 -- 01:59 PM As an additional security measure you may also change the section starting with so that the Options line be commented out as follows: # Options ExecCGI. This will not prevent you to run CGI programs in cgi-bin, but rather it will prevent the command exec to be used even in the cgi-bin directory. 3. srm.conf: this is the configuration file related to the location of the document root, directory infornation formatting, user directories, etc. Once more, open the file srm.conf in a text editor. If you want to change the location of the document root, look for the line DocumentRoot /home/httpd/html and change it to a new location, but do not forget to move its three sub-directories (html, cgi-bin and icons) to the new location, but there is no need for it. You may wish, however, to change the default user Web directory to www . Look for the line UserDir and change it to UserDir www . Files placed in the user accounts in this directory are displayed in the web when /~username is used after the server name (e.g. ubmail.ubalt.edu/~abento). You may also want to add index.htm to the list of files that may be index files to a Web directory. In order to do so, look for the line DirectoryIndex and change it to DirectoryIndex index.html index.shtml index.htm Check that your cgi-bin directory is properly identified as follows: ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ . If you moved your document root path change this line accordingly. If you want your CGI script files to be identified with .cgi be sure that the line AddHandler cgi-script .cgi is not commented out (market with in * in front). To complete the installation of server side includes be sure that the following two lines are present: AddType text/html .shtml AddHandler server-parsed .shtml Finally, to make your Web server support image maps be sure that the following line exists: AddHandler imap-file map • Configuring Apache in 7.0 Apache in 7.0 comes with the same three configuration files, but only httpd.conf needs to be configured, changed, by you. The other two are considered obsolete and should not be changed.
Views: 16073 Skill Institution
500 Internal Server Error | .htaccess, Test and Configure
 
06:05
.htaccess | Configuring and Testing Custom Error Responses | 500 Internal Server Error page example Author: Dmytro Dzyubak http://www.dzyubak.com intro and outro music by Dmytro Dzyubak Transcript Configuring and testing customized 500 Internal Server Error page using .htaccess file. Testing the custom 500 error page is actually trickier then one might think! Because usually we won't be able to trigger it neither with PHP code nor with the error intentionally made in the .htaccess file itself. The foregoing behaviour will be demonstrated in the examples that follow. But let's first look at the contents of our DocumentRoot. What concerns us is an .htaccess file, 500.html, buggy.cgi, buggy.php and hello.cgi. "500 page" header centrally-aligned is what we eventually want to achieve showing up in our browser. So as I've already mentioned, we won't be able to trigger the output of this 500.html file with PHP code. For example, we can throw an exception (then open buggy.php to see the result) or introduce a fatal error directly (saving the document, refreshing the page) or send a raw 500 HTTP header (save the file, refresh). All these lines produce a blank page instead. We can confirm it by viewing the source. In fact, it is possible to trigger 500 status code, but not the custom 500.html page. Screwing up the .htaccess file itself, for example, with a double slash comment not valid in Apache produces a "generic error response" instead, but not our custom one that we need for testing our configuration. However, we can intentionally generate an error by using the CGI script. Actually, CGI script can be implemented in PHP, but that's usually not the case, so let's not overcomplicate this stuff. For CGI program to be executed properly by the server: enable the CGI module and restart the Apache. This procedure varies depending on the OS you use. For example, on Debian Linux these commands look like this. Elevate privileges with sudo (or just might be a root user). This (a2enmod) stands for Apache 2 enable module CGI. And CGI stands for common gateway interface. After that restart the Apache with "sudo service apache2 restart". Add the following lines to the .htaccess file. This line (Options +ExecCGI) specifies that CGI execution is permitted. And this one (AddHandler cgi-script .cgi) makes any file containing the .cgi extension to be treated as a CGI program. The CGI script has some garbage text that produces an error. Make the script executable (chmod 755 buggy.cgi) and "ls -l" to ensure that the changes have been applied. The following output shows that executable bit has been set on the buggy.cgi file. Now we access our buggy.cgi script. (I type buggy.cgi and hit Enter.) Ultimately we can see that our custom 500.html file is served when we have some problems with the server. And just in case you've been wondering how a valid CGI script might look like, here I've added hello.cgi script. Navigating to hello.cgi gives the following output. like / subscribe :-)
Views: 13094 dzyubak
PERFECT LITTLE HOME SERVER [Raspberry Pi 3] PART 4 - Pydio DROPBOX REPLACEMENT
 
30:11
► Follow me on: • Twitter: https://twitter.com/salkohd • Google PLUS: https://goo.gl/OZQPwN • Facebook: https://www.facebook.com/salkohd ► This video explains how to install Pydio on Raspberry Pi running Raspbian Linux. This is the 3rd video from the series, previous videos: - Part 3: https://goo.gl/LP7ts9 - PART 2: https://goo.gl/gJXgX0 - PART 1: https://goo.gl/tFoiWo ► Commands used in video: - Generate the certificate & key pair: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt - Generate the Diffie-Helman group: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 THIS WILL TAKE A LONG TIME! - Uncomment /var/www/html/pydio/conf/bootstrap_conf.php //$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions"; - Add an A record in BIND, pointing to your Raspberry Pi server (remember to use an external IP if you are planning to use Pydio outside your home network) NGINX pydio vhost file: ----------------------------------------------------- server { server_name pydio.salkohd.com; listen 80; rewrite ^ https://$server_name$request_uri? permanent; } server { server_name pydio.salkohd.com; root /var/www/html/pydio; index index.php; listen 443 ssl; keepalive_requests 10; keepalive_timeout 60 60; access_log /var/log/nginx/access_pydio6_log; error_log /var/log/nginx/error_pydio6_log; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; client_max_body_size 15M; client_body_buffer_size 128k; rewrite ^/dashboard|^/settings|^/welcome|^/ws- /index.php last; if ( !-e $request_filename ) { # WebDAV Rewrites rewrite ^/shares /dav.php last; # Sync client rewrite ^/api /rest.php last; # External users rewrite ^/user ./index.php?get_action=user_access_point last; # Public shares rewrite ^/data/public/([a-zA-Z0-9_-]+)\.php$ /data/public/share.php?hash=$1?; } rewrite ^/data/public/([a-zA-Z0-9_-]+)--([a-z]+)$ /data/public/share.php?hash=$1&lang=$2?; rewrite ^/data/public/([a-zA-Z0-9_-]+)$ /data/public/share.php?hash=$1?; # Prevent Clickjacking add_header X-Frame-Options "SAMEORIGIN"; # Only allow these request methods and do not accept DELETE, SEARCH and other methods if ( $request_method !~ ^(GET|HEAD|POST|PROPFIND|OPTIONS)$ ) { return 444; } location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) { deny all; } # Enables PHP location ~ \.php$ { # for ^/(index|plugins) request_uri should be changed set $request_url $request_uri; if ( $uri ~ ^/(index|plugins) ) { set $request_url /; } include fastcgi.conf; fastcgi_param REQUEST_URI $request_url; try_files $uri =404; fastcgi_pass unix:/var/run/php5-fpm.sock; } # Enables Caching location ~* \.(ico|css|js)$ { expires 7d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } } ----------------------------------------------------- ► MUSIC: Outro Music by Marley & Speo NCS (No Copyright Sounds) https://www.youtube.com/watch?v=AUEdtwct0ac Follow Speo: http://soundcloud.com/speomusic http://facebook.com/speomusic http://twitter.com/speomusic Follow Morley: https://soundcloud.com/romely https://www.youtube.com/user/TheMorleyMusic ► Subscribe for more videos like this!
Views: 3991 Salko
How To Secure Nginx with Let's Encrypt on Ubuntu 16.04
 
05:41
Let’s Encrypt is a new Certificate Authority. It’s free, automated, and open, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, letsencrypt, that attempts to automate most (if not all) of the required steps. You must own or control the registered domain name that you wish to use the certificate with and you need to have Nginx installed to. Commands: sudo apt-get update sudo apt-get -y install git sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt sudo nano /etc/nginx/sites-available/default -------- location ~ /.well-known { allow all; } -------- sudo nginx -t sudo systemctl reload nginx cd /opt/letsencrypt ./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d nipone.com -d www.nipone.com sudo ls -l /etc/letsencrypt/live/your_domain_name sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 sudo nano /etc/nginx/snippets/ssl-example.com.conf --------------- ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; --------------- sudo nano /etc/nginx/snippets/ssl-params.conf --------------- # from https://cipherli.st/ # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_dhparam /etc/ssl/certs/dhparam.pem; ------------- sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak sudo nano /etc/nginx/sites-available/default ------------ server { listen 80 default_server; listen [::]:80 default_server; server_name example.com www.example.com; return 301 https://$server_name$request_uri; } server { # SSL configuration listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-example.com.conf; include snippets/ssl-params.conf; ------------- sudo systemctl restart nginx ============== In a web browser: https://www.ssllabs.com/ssltest/analyze.html?d=example.com ============== /opt/letsencrypt/letsencrypt-auto renew sudo crontab -e -------------Here you have Brackets please don't just copy paste you must replace those big brackets with normal one ---------------- 30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log 35 2 * * 1 /bin/systemctl reload nginx ------------- cd /opt/letsencrypt sudo git pull _____________________________________ Music by Joakim Karud https://soundcloud.com/joakimkarud You can always Deploy an SSD cloud server in 55 seconds with Digitalocean. Anyone how use this link will receive $10 in hosting credit immediately after unlocking their account by adding a valid payment method. Sign Up with this link https://m.do.co/c/7b9082af029f
Views: 3183 NixInPix
How To Fix 400 Bad Request Error in Seconds - Chrome FireFox IE
 
03:43
This video will show you how to fix the 400 Bad Request error message. http://thewiseaffiliate.com/tutorials/fix-400-bad-request-error I've personally had this error occur a few times while working on my wordpress blog. From my understanding it's related to corrupt cookies or something. Or perhaps corrupt files on my computer, either way the only fix that works for me is deleting the website cookie. This video will show you how to fix the 400 bad request error in Chrome, FireFox and an old version of Internet Explorer.
Views: 338504 Craig Smith
Mock Servers - Fake All the Things! - Atlassian Summit 2016
 
37:31
Peggy Kuo Senior Developer, Atlassian Nowadays we all seem to be working with small independent services that need to talk with numerous other services. This is a problem because when developing your service, you need to have a working environment—but bringing up all your dependencies is often not an option. In this talk, I will take you through our journey of creating a mock server to increase dev speed, and how it allowed us to write better tests.
Views: 1547 Atlassian
pRPC: unary gRPC on AppEngine, in browser, with OAuth 2.0
 
43:46
gRPC is the new standard Google RPC framework for external and internal developers, however ATM: - not supported by Classic GAE yet - cannot sent a request in browser - no support for oauth 2.0 on the server-side pRPC allows you to write gRPC-compatible code and solve these problems at the same time. protocol, client, server: https://godoc.org/github.com/luci/luci-go/grpc/prpc cproto: go get -u github.com/luci/luci-go/grpc/cmd/cproto rpc tool: go get -u github.com/luci/luci-go/grpc/cmd/rpc RPC Explorer: https://github.com/luci/luci-go/tree/master/server/static/rpcexplorer svcmux: go get -u github.com/luci/luci-go/grpc/cmd/svcmux svcdec: go get -u github.com/luci/luci-go/grpc/cmd/svcdec
Views: 1272 Nodir Turakulov
How can I set up HTTP to HTTPS redirections on ELB using Apache backend servers?
 
05:05
Find more details in the AWS Knowledge Center: https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/ Avani, an AWS Cloud Support Engineer, shows you how to set up HTTP to HTTPS redirection on ELB using Apache backend servers.
Views: 18259 Amazon Web Services
Disable Weak Ciphers (RC4 & TripleDES) Windows Server 2012
 
06:12
This video is following on from the previous one (Disabling SSLv3 and TLS v1.0), which can be found here - https://www.youtube.com/watch?v=Yuvq3TtrKPI&t=2s The video covers removing support for RC4 and TripleDES ciphers, as well as removing support for the weaker exchange algorithm 'Diffie-Hellman'.
Views: 5982 Phr33fall
Classifying Your API Traffic with Distil
 
03:05
In this tutorial video, you'll learn how to use the Traffic Classifications report to view all of the request types that have been accessing APIs across your entire account. NOTE: This doesn’t include browser-related information, such as browser type or cookies, as seen in the web security reports. API request traffic is classified as: Abusive – Requests have violated rules and/or are manually blocked via your access control list (ACL). Neutral – Requests are passing through without having violated any rules. Whitelist – Requests have been manually allowed via your ACL. Accessing the Traffic Classification Report Follow these steps to access the Traffic Classification report: 1. Log in to the Distil Networks portal. 2. Click API Security on the banner menu. 3. Click Reports on the left panel menu. 4. Click Traffic Classifications. Reviewing the Traffic Classifications Report The Traffic Classifications Report includes: Filter by domain – Show traffic classification data for a specific domain associated with your account. Date Filter – Specific date range highlighted by the Traffic Classifications Report. Breakdown of classifications – Number of requests associated with each of the three client classifications—abusive, neutral, and whitelist. Daily API Requests – The lower portion of the display provides a color-coded graphical representation of the requests to your APIs: Red: Abusive Blue: Neutral Green: Whitelist Click the Abusive Clients classification to view the Summary of Violations table. It displays a breakdown of all malicious IP addresses targeting your API and features several viewing options: Date Filter – Select a specific date range to view. Violation Filter – Click to view specific violation categories. Choices include All Violation Categories, Blacklisted, Token Management, and Rate Limiting. Violation – Violation triggered by abusive requests. Category – Category associated with the violation. Total Requests – Total number of requests associated with the violation. Top 5 Violations by No. of Requests – This portion of the display offers a graphical representation of the top violations associated with abusive requests. Top 10 IPs by Abusive Requests – Displays a tabular view of most abusive IP addresses targeting your APIs. Select any record from the Summary of Violations table to single out IP addresses that are most harmful to your APIs. Blacklisting IPs via the Traffic Classification Report Once you have identified a troublesome IP address(es) from the Traffic Classifications Report, you can use Access Controls to blacklist them and stop future attempts: Select an IP to open the Access Controls dialog box. NOTE: You can optionally select a Domain and Security Setting Rule to target the settings to a specific domain. Do not make a selection if you wish to blacklist the IP from all of your protected API domains. Click Blacklist. Click Select Above to save the settings and blacklist the IP address from future attempts. NOTE: You can also whitelist any IP address using the Access List Options. Whitelisted IPs will never be blocked despite any traps they may trigger. This option can be especially useful to allow internal tool access, such as automation test tools, which can be mistaken as malicious bots. To do so, follow the steps above, but click Whitelist in step 2.
Views: 137 Distil Networks