I have a web application that makes file conversion. I've checked usage statistics today and I realized 20-30 files uploaded and converted every second from the same ip. I checked the browser's header info (I wrote every request's http header info to my database) and found this:
Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko)
I think someone is using my web service in an iOS application for converting files. How can I know which application is this or how can I stop this?
If it's your own form, you may use a captcha but this may create problems if you or any of your allowed customers want to use it by using a an application instead of using web view. (I'm not sure if you have such a case). My basic solution would be adding basic authentication to the page on web server level (IIS, etc...)...
Related
I have a webpage written in AngularJS that needs to be turned into an image and sent as an email once a week to clients. The webpage is on S3 and my backend server is written partly in Rails and partly in Node. Any ideas how to do this?
You can use something like PhantomJS (or based on Phantom CasperJS) - this is library like Selenium, headless browser. Possible to create screenshots with different device resolution and User-Agent. http://phantomjs.org/screen-capture.html
We're having a unique issue that is affecting a small handful of users from around the world. Nothing connects them aside from the fact they are all using Chrome for iOS.
Intermittently, users will login to our application (https://www.mousehuntgame.com) and appear to be "someone else". This issue cropped up recently during a period when no new code had been pushed to the site.
Of course the first thing we checked was that our authentication was not bugged or that the user's hash (stored in either cookies or a PHP session) was not crossing connections somewhere. The issue is not in the authentication system, and it only affects users using Chrome for iOS. The same users using Safari no longer see the issue.
We have the following PHP headers being sent to prevent caching:
header("Cache-Control: no-cache, no-store, max-age=0, must-revalidate, private");
header("Pragma: no-cache");
The "target users" that these users "turn into" are not yet confirmed to be also using Chrome. The solution for them to simply stop using the browser is not an option as others who continue to use Chrome can still gain access to these accounts.
Can Chrome be somehow caching cookies and "sharing" them across users? Could this be a DNS issue where it sees a mobile user agent and in order to save loading time it retrieves cached information and hands it off without further checking who the user is? This is a stretch, I know, but it's been a strange issue and we're grasping at straws now.
I work on the Chrome Data Compression proxy.
I'd be very surprised if the Chrome proxy were at fault here, since we respect standard caching headers. That said, there could be a bug. If you can try to reproduce with and without the proxy that would be helpful. Another way to test is to open the page in an Incognito tab (which does not use the proxy).
(Edited)
I looked at some of the headers we are seeing from your site, and they include things like
Cache-Control: max-age=2592000
which means these responses are publicly cacheable for 30 days. I see a wide range of caching headers from many different URLs on the site, suggesting that your caching rules aren't being applied as widely as you thought; but of course I don't know the structure of the site and whether that would lead to the problem you are describing.
Feel free to reach out (email is fine too) and I'm happy to help debug if you still think this is a problem on our end.
I've been doing some research and I think I know the answer already, but I'm wondering if there's any means by which you can get a device's screen size and pixel density without the use of javascript or relying on CSS3 media queries.
Essentially, I'm looking into what it would take to get the screen resolution and pixel density so that the server could decide which image to server in a URI request.
So far I've not found anything that says this is even possible but I thought hey, why not ask?
I don't agree entirely with the above correct answer. Realistically this answer is correct in many cases...but theoretically it is not. Often requests made to a web server contain a User-Agent field which could, in theory, be used to discern information about device screen resolutions and properties.
Web requests do not pass through the client first. They pass to the server, which then serves a page to the client so the server gets the request first...Ruby on Rails, for example, receives a request through an action controller to a resource and then serves a page to the response.
Look at an example UA parser such as : https://github.com/visionmedia/user-agent
A sample user agent being sent by my computer is:
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like enter code here`Gecko) Chrome/17.0.963.83 Safari/535.11
I think it is eminently possible to make a good guess what my screen resolution (DPI etc) is given that information via a server. You would, of course, need a table of device information to reference.
For mobile devices it gets even easier. If the User-Agent is a mobile safari for iPad:
Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10
You can know with strong certainty what the screen resolution is on the server. You can even know the height and width of the browser with that info. I suspect the same is true with many mobile devices such as Android or Win Mo.
So in summation, I agree its impractical to do this but I also disagree.
I believe Facebook has undertaken a major project cataloging devices and screen resolutions and made it open source because they faced similar issues when creating the facebook mobile app e.g. they had to catalog all the discrepancies between all mobile browser renderers so they could tailor the client app to every individual case. Perhaps that project might have the necessary information to do this...in theory.
Ruby runs on the server side--without getting info from the client, it has no way of knowing any client capabilities.
For something that's impossible it looks like Mobvious does a decent job:
Mobvious detects whether your app / website is being accessed by a
phone, or by a tablet, or by a personal computer. You can then use
this information throughout your app. (E.g. fork your front-end code
with regard to device type. There is a plugin for Ruby on Rails that
helps you with this.)
https://github.com/jistr/mobvious
I had the same problem and solved it using a getter and a setter route for the window height. If the $height variabale is 0 the get_heigt.erb is served, otherwise the index.erb
This is a one user app, so I use a global variable, with different users you would have to keep that info in cookies.
Here the code that matters.
Controller:
get "/" do
if $height == 0
erb :get_height
else
erb :index
end
end
get "/get_height" do
erb :get_height
end
get "/set_height" do
$height = params[:height]
redirect "/"
end
get_height.erb
<script type="text/javascript">
function send_message(message) {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
document.location.reload(true);
}
xhttp.open("GET", "http://localhost:4567/" + message + "?height=" + window.innerHeight, true);
xhttp.send();
}
send_message('set_height');
</script>
You could use Ahoy. The current_visit method contains the following information.
When someone visits your website, Ahoy creates a visit with lots of
useful information.
traffic source - referrer, referring domain, landing page, search
keyword location - country, region, and city technology - browser, OS,
and device type
utm parameters - source, medium, term, content,
campaign
Not sure how realistic would be to build but you could build a database which maps specific device types you can get from user agent in server-side into know screen sizes. It still would not allow things like window size.
I have a iFrame tool, which should get rendered in a other format than my page. So I want to detect requests from iFrame like I can detect them from a iPhone. Is this possible?
Is there a special hint in the request header, that I could use, or could I manually enter one?
Thanks
Markus
When you get a request from an iPhone there will be send a "User Agent"-String like Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3 in the request.user_agent variable. Searching this string for iPhone can tell you that an iPhone is visiting your page.
An iframe is an HTML tag to include other pages within your page (eg. the Facebook like button uses this). This does not have to to anything with a specific browser, all modern browsers support this. You cannot tell on server side whether your page was called within an iframe or not. You can use some JavaScript in the client to find out if your current page is within an iframe and then send a notice to the server.
Best practice would be to add another paramter to your request like ?iframe=1 and use this param within your controller.
A good practice is to add a subdomain for your embeds. Then you can fire requests to the subdomain and evaluate request.host. This also allows for a separation of logic in controllers/views when using multiple subdomains.
Example:
iFrame
<iframe src="embed-subdomain.domain.com" /> instead of <iframe src="domain.com" />
Controller
iframe = request.host.include?("embed-subdomain.domain")
Disclaimer: This can get tricky if you utilize sessions and CNAMEs
I want to write an application in Delphi which filters requested URLs in the OS (not only web browsers) and if it matches - blocks it or changes the URL's content to blank. The problem is - I don't know where to start looking. Could you help me with some informations?
I think you're talking about a DNS service. usually, DNS services live outside, on your router, your ISP, or a 3rd-party like www.openDNS.org
But you could write your own, run it on your PC, and set your internet settings to use that as your DNS server.
I suspect that a lot of malware works like this....
Also, this sort of thing can be done with no programming at all - just edit your hosts file in C:\WINDOWS\system32\drivers\etc\hosts (it's a text file with no extension).
Anything in there should trump.
Also, before you start writing an application to do this, have a look at OpenDNS. If it's an app for personal use, you may find that you don't need it. If it's going to be a commercial offering, this is the bar for usability and usefulness that you need to meet or beat.
http://www.mail-archive.com/delphi-talk#elists.org/msg01558.html - text by Francois PIETTE quoted bellow(in case link will become unavailable):
"There are several way to achieve your goal. The two main I see are:
1) Write a LSP (Layered Service Provider)
2) Write a proxy server
The first is not possible with Delphi (At least I think so. If anyone know
how to write a LSP using Delphi, I would love to get the code).
The second - writing a proxy - is more or less easy with Delphi using ICS
components. See "usermade" link at ICS website (http://www.overbyte.be).
With this option, you have to configure IE to use the proxy: IE Menu / Tools
/ Internet options / Connections / Network parameters / Use a proxy and then
enter the IP address (127.0.0.1 if proxy run on the same computer) and port
number (pick anyone you like, for example 8080). Once IE is configured to
use a proxy, it will send all requests to the proxy. Then the proxy will
make the real request to the target server and return data back to IE. What
is important there is that you get all URL entered in IE or indirectly use
(clicking on links), and you can either really rely them to the target
server or forge and answer your self to say the page access is denied.
At ICS website, on the usermade page, you'll even find a HTTP proxy
component. If you need help with this component and/or the entire ICS,
please use ICS support mailing list (same server as this list). See
"support" link at ICS website for support details."
LE: it seems that this question is possible a duplicate
Using delphi to block websites
use GetExtendedTcpTable api locate if there are any connexions to the remote server you want to block on port 80 if there is a connection use SetTcpEntry to terminate that connexion is pretty simple