Submitted by ╰☆往事如风 on 2009, March 18, 12:44 PM
因为sablogx不能全站加密。手动hack的话比较痛苦,就想到了用空间提供的.htaccess 来做下限制和认证。
认证很简单.htaccess代码如下:
AuthType Basic
AuthName "Locked for mood"
AuthUserFile /***/***/***/***/***.***
Require valid-user
其中AuthUserFile指向服务器上存放密码的文件。可以用
htpasswd -c filename username 生成
主要是自定义错误页面碰到了一点问题。因为全站加密,而自定义的错误页面也在该加密目录下,默认情况下如果认证失败,会跳转到401页面,这时候401的那个页面也会要求认证,于是就死循环了。
后面通过设置401页面单独不用认证来解决。
代码如下:
ErrorDocument 401 /note.html
SetEnvIf Request_URI "/note\.html$" allow_all
Order allow,deny
Allow from env=allow_all
Satisfy any
其中 用SetEnvIf给部分的url打上flg,然后设置这部分可以不需要认证。
参考:
http://www.htaccesselite.com/setenvif-examples-vt141.html
Linux学习 | 评论:1
| 阅读:15354
Submitted by ╰☆往事如风 on 2009, March 18, 12:20 PM
继续更新。
Release Note: 根据官方的一贯传统,暂未更新。。。目前最新的说明是20090211的
URL:http://www.acunetix.com/support/build-history.htm
安装程序名:2009_03_17_02_webvulnscan6.exe
下载地址:hhttp://www.namipan.com/d/2009_03_17_02_webvulnscan6.exe/32930158ba8640253c5eeb280fc503487c7bfe0880c0db00
或
http://www.acunetix.com/download/fullverv6/2009_03_17_02_webvulnscan6.exe(需要用户名密码,旧版程序里有。)
Patch:web.vulnerability.scanner.6.0.0.3028-patch.zip
使用方式:复制到安装目录后执行。
逆向工程 | 评论:9
| 阅读:16439
Submitted by ╰☆往事如风 on 2009, February 17, 12:59 AM
继续更新。
release note:
- CSA engine now supposrts jQuery and Yahoo! UI JavaScripts libraries
- Added component in scanner to search for links in HTML comments and Flash (SWF) strings
- Created an ASL.1 parser which can parse X509 Certificates
- Improved Crawler; improved Wivet coverage to 94%
- Added more JBoss configuration tests
- Added more Tomcat tests
- Added more web server configuration checks for server path, internal IP and username/password disclosure
- Improved RSS/Atom parses
- Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix
Bug Fixes:
- Reporter now filters very long knowledge base items
- Fixed SSL3, TLS1 parsing issues
- Fix in Crawler to handle better query variable in start URL's
安装程序名:2009_02_11_01_webvulnscan6.exe
下载地址:http://www.namipan.com/d/2009_02_11_01_webvulnscan6.exe/5f4dcd983232913075c1bdbcff8abf508562116190c0db00
或
http://www.acunetix.com/download/fullverv6/2009_02_11_01_webvulnscan6.exe(需要用户名密码,旧版程序里有。)
Patch:web.vulnerability.scanner.6.0.0.3013-patch.rar
使用方式:复制到安装目录后执行。
逆向工程 | 评论:5
| 阅读:14541
Submitted by ╰☆往事如风 on 2009, February 15, 2:07 PM
Security by XSLT Transform
» 阅读全文
编程技术 | 评论:2
| 阅读:18230
Submitted by ╰☆往事如风 on 2009, February 11, 3:10 PM
受不了Outlook的巨慢的查找了。
折腾了一会,
终于借助WLToolbar用上了索引了。爽。
» 阅读全文
杂七杂八 | 评论:1
| 阅读:12693
Submitted by ╰☆往事如风 on 2009, February 10, 6:10 PM
最近每月一次的服务器log备份比较郁闷。今天终于写了个脚本来实现,用crontab来调用。解脱了。
废话不说了。直接上代码。
» 阅读全文
编程技术 | 评论:3
| 阅读:12973
Submitted by ╰☆往事如风 on 2009, January 21, 10:26 AM
杂七杂八 | 评论:1
| 阅读:11745