Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

bind-address mysql multiple, sanibleone xxxx, ftp://192.168.100.100/, www.xxxcon, which comes first ob_start or session, wwwxxx/58/2010, xxxxdup, xxxxdup, mailx informatii, should producers of software-based services, such as atms, be held liable for economic injuries suffered when their systems fail?

Links

XODOX
Impressum

#1: XBitHack and .htaccess

Posted on 2008-04-21 00:31:07 by Marten Kemp

I have a .htaccess file within which is XBitHack on.
index.html has the x bit set.
The following:
<h3>Apache thinks your IP address is (
<script type="text/javascript">
var userIP="<!--#echo var="REMOTE_ADDR" -->";
document.write(userIP);
</script>
)

doesn't work.

I'm using apache2 from Debian etch.

Am I missing something?

--
-- Marten Kemp
(Fix name and ISP to reply)

Report this message

#2: Re: XBitHack and .htaccess

Posted on 2008-04-21 08:44:42 by unknown

Post removed (X-No-Archive: yes)

Report this message

#3: Re: XBitHack and .htaccess

Posted on 2008-04-21 14:27:33 by Marten Kemp

Davide Bianchi wrote:
> On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>> <h3>Apache thinks your IP address is (
>> <script type="text/javascript">
>> var userIP="<!--#echo var="REMOTE_ADDR" -->";
>
> Javascript is executed on the client, not on the server, the
> client doesn't have the 'REMOTE_ADDR' variable set.
> This has nothing to do with apache.

This is a Server Side Include that's executed by Apache
(http://enthusiasts.dyn-o-saur.com/manual/howto/ssi.html).

I got the code from one of the many Javascript sites.

--
-- Marten Kemp
(Fix name and ISP to reply)

Report this message

#4: Re: XBitHack and .htaccess

Posted on 2008-04-21 20:19:20 by spam

"Marten Kemp" <marten.kemp@thisplanet-link.net> wrote in message
news:fui17l$bi$1@aioe.org...
> Davide Bianchi wrote:
> > On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
> >> <h3>Apache thinks your IP address is (
> >> <script type="text/javascript">
> >> var userIP="<!--#echo var="REMOTE_ADDR" -->";
> >
> > Javascript is executed on the client, not on the server, the
> > client doesn't have the 'REMOTE_ADDR' variable set.
> > This has nothing to do with apache.
>
> This is a Server Side Include that's executed by Apache
> (http://enthusiasts.dyn-o-saur.com/manual/howto/ssi.html).
>
> I got the code from one of the many Javascript sites.

Javascript is CLIENT executed. Where you got it from won't change that.

Report this message

#5: Re: XBitHack and .htaccess

Posted on 2008-04-21 20:52:29 by Felix Saphir

Marten Kemp wrote:
> Davide Bianchi wrote:
>> On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>>> <h3>Apache thinks your IP address is (
>>> <script type="text/javascript">
>>> var userIP="<!--#echo var="REMOTE_ADDR" -->";
>>
>> Javascript is executed on the client, not on the server, the
>> client doesn't have the 'REMOTE_ADDR' variable set.
>> This has nothing to do with apache.
>
> This is a Server Side Include that's executed by Apache
> (http://enthusiasts.dyn-o-saur.com/manual/howto/ssi.html).
>
> I got the code from one of the many Javascript sites.

So why would you use JavaScript in the first place? What's wrong with
| <h3>Apache thinks your IP address is <!--#echo var="REMOTE_ADDR"-->
? Or do I miss something? Is mod_include installed? Did you set
"Options" in .htaccess?

Felix

Report this message

#6: Re: XBitHack and .htaccess

Posted on 2008-04-21 22:58:58 by Kees Nuyt

On Mon, 21 Apr 2008 08:27:33 -0400, Marten Kemp
<marten.kemp@thisplanet-link.net> wrote:

>Davide Bianchi wrote:
>> On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>>> <h3>Apache thinks your IP address is (
>>> <script type="text/javascript">
>>> var userIP="<!--#echo var="REMOTE_ADDR" -->";
>>
>> Javascript is executed on the client, not on the server, the
>> client doesn't have the 'REMOTE_ADDR' variable set.
>> This has nothing to do with apache.
>
>This is a Server Side Include that's executed by Apache

I agree, and the syntax appears to be correct.

>(http://enthusiasts.dyn-o-saur.com/manual/howto/ssi.html).
>I got the code from one of the many Javascript sites.

Are server side includes enabled in httpd.conf?
Does it work without XBitHack when the file has the
correct extension to trigger server side includes
(usually .shtml) ?

By the way, you don't need any javascript here, the
phrase:
<h3>Apache thinks your IP address
is (<!--#echo var="REMOTE_ADDR" -->)</h3>
would work as well. Ok, I guess your script would do
more than that, but simplification can help you zoom in
on the problem.
--
( Kees
)
c[_] I used to have an open mind but my brains kept falling out. (#77)

Report this message

#7: Re: XBitHack and .htaccess

Posted on 2008-04-22 01:03:54 by Marten Kemp

Marten Kemp wrote:
> Davide Bianchi wrote:
>> On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>>> <h3>Apache thinks your IP address is (
>>> <script type="text/javascript">
>>> var userIP="<!--#echo var="REMOTE_ADDR" -->";
>>
>> Javascript is executed on the client, not on the server, the
>> client doesn't have the 'REMOTE_ADDR' variable set.
>> This has nothing to do with apache.
>
> This is a Server Side Include that's executed by Apache
> (http://enthusiasts.dyn-o-saur.com/manual/howto/ssi.html).
>
> I got the code from one of the many Javascript sites.

Thanks to all who replied. It works after a combination of
mod-includes, Option +Includes, renaming index.html to .shtml
and specifying DirectoryIndex index.shtml index.html.

Oh, and I used
> <h3>Apache thinks your IP address is (<!--#echo var="REMOTE_ADDR" -->)</h3>
too. I'll use Javascript later to query a mySQL database
of blacklisted ip addresses.


--
-- Marten Kemp
(Fix name and ISP to reply)

Report this message

#8: Re: XBitHack and .htaccess

Posted on 2008-04-22 07:08:29 by Felix Saphir

Marten Kemp wrote:
> Marten Kemp wrote:
>> Davide Bianchi wrote:
>>> On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>>>> [SSI]
> Oh, and I used
>> <h3>Apache thinks your IP address is (<!--#echo var="REMOTE_ADDR"
>> -->)</h3>
> too. I'll use Javascript later to query a mySQL database
> of blacklisted ip addresses.

Good to hear, that SSI finally works for you. But now your making me
curious: You're querying a database from JavaScript? For security
reasons? Doesn't sound like a good idea ...

Felix

Report this message

#9: Re: XBitHack and .htaccess

Posted on 2008-04-22 15:10:35 by Marten Kemp

Felix Saphir wrote:
> Marten Kemp wrote:
>> Marten Kemp wrote:
>>> Davide Bianchi wrote:
>>>> On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>>>>> [SSI]
>> Oh, and I used
>>> <h3>Apache thinks your IP address is (<!--#echo var="REMOTE_ADDR"
>>> -->)</h3>
>> too. I'll use Javascript later to query a mySQL database
>> of blacklisted ip addresses.
>
> Good to hear, that SSI finally works for you. But now your making me
> curious: You're querying a database from JavaScript? For security
> reasons? Doesn't sound like a good idea ...

Or maybe some Other Tool like PHP (which I haven't figured out
yet.) Like the IP address, it's an exercise in "how can I do that?"

I finally was able to link to the test version of the site by the
simple expedient of smbmounting the Winderz folders as /var/www/test.
Can't quite create a .htaccess file there, though.

This whole thing is a learning environment that's looking more
like a Rube Goldberg contraption every day.<grin>
Go take a look at http://enthusiasts.dyn-o-saur.com
--
-- Marten Kemp
(Fix name and ISP to reply)

Report this message

#10: Re: XBitHack and .htaccess

Posted on 2008-04-22 20:37:46 by Felix Saphir

Marten Kemp wrote:
> Felix Saphir wrote:
>> Good to hear, that SSI finally works for you. But now your making me
>> curious: You're querying a database from JavaScript? For security
>> reasons? Doesn't sound like a good idea ...
>
> Or maybe some Other Tool like PHP (which I haven't figured out
> yet.) Like the IP address, it's an exercise in "how can I do that?"

Hmm, too bad, if you don't use JavaScript for security measures, it will
be more difficult to hack the site ... ;-) No, seriously, it's good to
think about stuff, have fun!

> I finally was able to link to the test version of the site by the
> simple expedient of smbmounting the Winderz folders as /var/www/test.
> Can't quite create a .htaccess file there, though.

Huh? Never tried to do that, but *creating* the file (touch, ...)
shouldn't impose any problem. Windows might not like the idea of an
"empty" filename.

> This whole thing is a learning environment that's looking more
> like a Rube Goldberg contraption every day.<grin>
> Go take a look at http://enthusiasts.dyn-o-saur.com

I will!

Regards,
Felix

Report this message

#11: Re: XBitHack and .htaccess

Posted on 2008-04-22 21:04:53 by Kees Nuyt

On Mon, 21 Apr 2008 11:19:20 -0700, "D. Stussy"
<spam@bde-arc.ampr.org> wrote:

>"Marten Kemp" <marten.kemp@thisplanet-link.net> wrote in message
>news:fui17l$bi$1@aioe.org...
>> Davide Bianchi wrote:
>> > On 2008-04-20, Marten Kemp <marten.kemp@thisplanet-link.net> wrote:
>> >> <h3>Apache thinks your IP address is (
>> >> <script type="text/javascript">
>> >> var userIP="<!--#echo var="REMOTE_ADDR" -->";
>> >
>> > Javascript is executed on the client, not on the server, the
>> > client doesn't have the 'REMOTE_ADDR' variable set.
>> > This has nothing to do with apache.
>>
>> This is a Server Side Include that's executed by Apache
>> (http://enthusiasts.dyn-o-saur.com/manual/howto/ssi.html).
>>
>> I got the code from one of the many Javascript sites.
>
>Javascript is CLIENT executed. Where you got it from won't change that.

Look closer.
<!--#echo var="REMOTE_ADDR" -->
indeed is an SSI expression.
Marten's question is valid.
--
( Kees
)
c[_] Suburbia: where they tear out the trees & then name streets after them. (#78)

Report this message