1. Right click on the Windows icon. Select menu Run.
2. Input command: mmc
3. In MMC, click on menu File->Add/Remove Snap-in...
4. Select Certificates in the snap-ins list; Click on the Add button. "Certificates - Current User" will be added in the "Selected snap-ins" list. Click on the OK button.
5. In the left panel, expand "Certificates - Current User"; Right click on "Trusted Root Certification Authorities"; Select "All Tasks->Import...".
6. Use the Import Wizard to browse and select the certificate to import.
Note: Only add the CA if you absolutely trust it.
Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts
Friday, November 8, 2019
Monday, November 4, 2019
Some curl command options
To access a web page:
$ curl http://www.google.com
If the web server does not provide a trusted certificate, or it is using a self-signed certificate, we can accept the it by using the -k option:
$ curl -k http://www.google.com
To turn on verbose mode:
$ curl -v -k http://www.google.com
To use HTTP 1.0:
$ curl -v -k http://www.google.com --http1.0
To remove the "Host:..." header:
$ curl -v -k http://www.google.com --http1.0 -H 'Host:'
To remove more headers:
$ curl -v -k http://www.google.com --http1.0 -H 'Host:' -H 'User-Agent:' -H 'Accept:'
$ curl http://www.google.com
If the web server does not provide a trusted certificate, or it is using a self-signed certificate, we can accept the it by using the -k option:
$ curl -k http://www.google.com
To turn on verbose mode:
$ curl -v -k http://www.google.com
To use HTTP 1.0:
$ curl -v -k http://www.google.com --http1.0
To remove the "Host:..." header:
$ curl -v -k http://www.google.com --http1.0 -H 'Host:'
To remove more headers:
$ curl -v -k http://www.google.com --http1.0 -H 'Host:' -H 'User-Agent:' -H 'Accept:'
Friday, November 1, 2019
IIS web application to reject HTTP requests without a Host header
Step 1:
Download and install the URL Rewrite module (https://www.iis.net/downloads/microsoft/url-rewrite).
Step 2:
Add the rewrite rule in the web.config for the web application:
<system.webServer>
......
<rewrite>
<rules>
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="*.*" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
</system.webServer>
Now, any HTTP requests without a "Host:..." header will get a connection reset.
Download and install the URL Rewrite module (https://www.iis.net/downloads/microsoft/url-rewrite).
Step 2:
Add the rewrite rule in the web.config for the web application:
<system.webServer>
......
<rewrite>
<rules>
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="*.*" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
</system.webServer>
Now, any HTTP requests without a "Host:..." header will get a connection reset.
Thursday, June 13, 2019
ASP.NET: Xml control loading a XML string in a safe way
In the .aspx file:
<asp:Xml id="xml1" runat="server" />
In the .aspx.cs file:
XmlSchema schema = new XmlSchema();
XmlSchemaElement elementRoot = new XmlSchemaElement();
schema.Items.Add(elementRoot);
elementRoot.Name = "root";
XmlReaderSettings settings = new XmlReaderSettings();
settings.Schemas.Add(schema);
settings.ValidationType = ValidationType.Schema;
settings.DtdProcessing = DtdProcessing.Prohibit; // to prevent XXE attack.
StringReader sr = new StringReader(xmlInString);
XmlReader reader = XmlReader.Create(sr, settings);
xml1.Document.XmlResolver = null; // to prevent XXE attack.
xml1.Document.Load(reader);
Note: the schema generated has only the root element (as below). If xmlInString contains any type of children elements, it will be validated as good.
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="root"/>
</xs:schema>
Since Xml.Document is an obsolete property, for the above example, we should use another property DocumentContent. If Schema validation is not needed, we have a much simpler code:
xml1.DocumentContent = xmlInString;
<asp:Xml id="xml1" runat="server" />
In the .aspx.cs file:
XmlSchema schema = new XmlSchema();
XmlSchemaElement elementRoot = new XmlSchemaElement();
schema.Items.Add(elementRoot);
elementRoot.Name = "root";
XmlReaderSettings settings = new XmlReaderSettings();
settings.Schemas.Add(schema);
settings.ValidationType = ValidationType.Schema;
settings.DtdProcessing = DtdProcessing.Prohibit; // to prevent XXE attack.
StringReader sr = new StringReader(xmlInString);
XmlReader reader = XmlReader.Create(sr, settings);
xml1.Document.XmlResolver = null; // to prevent XXE attack.
xml1.Document.Load(reader);
Note: the schema generated has only the root element (as below). If xmlInString contains any type of children elements, it will be validated as good.
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="root"/>
</xs:schema>
Since Xml.Document is an obsolete property, for the above example, we should use another property DocumentContent. If Schema validation is not needed, we have a much simpler code:
xml1.DocumentContent = xmlInString;
Wednesday, June 12, 2019
ASP.NET: Cross site scripting attack and HtmlEncode
To prevent the Cross Site Scripting (XSS) attack, we should use System.Web.HttpUtility.HtmlEncode() to encode a string before sending it in a response if the string is from an untrusted source.
System.Web.HttpUtility.HtmlEncode will encode these characters:
Character Encoded
< <
> >
" "
& &
' ' (.Net 4.0 Only)
System.Web.HttpUtility.HtmlEncode will encode these characters:
Character Encoded
< <
> >
" "
& &
' ' (.Net 4.0 Only)
Saturday, June 8, 2019
Google Docs - spreadsheet - insert chart on another sheet (updated)
To insert a chart for your spreadsheet data, you can highlight the wanted cells and select menu Insert|Chart. The new chart will be put somewhere on the same sheet of the data.
If you click on the chart, a vertical ellipsis icon will be shown at the top right corner.
By selecting its menu Move to own sheet..., you can move the chart to another sheet. The chart will have its own sheet and it will fill the whole new sheet.
This may not be what you want. Sometimes, you want a chart sheet which contains several charts representing data from other sheets. To do that, you can add a new sheet first by clicking the Add Sheet button at the bottom-left corner.
Select the new sheet. Insert a new chart by menu Insert|Chart. Double click on the new blank chart to show the Chart editor as the right sidebar. In the Chart editor sidebar, you need to manually input what data you want to use. If the data are from Sheet1, you need to add Sheet1! right before the cells range.
Now you have a chart for the data from Sheet1. You can add more charts for the data from different sheets in this way, so that you can have a single "chart sheet" for the whole document.
If you click on the chart, a vertical ellipsis icon will be shown at the top right corner.
Click on the ellipsis icon and choose the "Move to own sheet..." option:
By selecting its menu Move to own sheet..., you can move the chart to another sheet. The chart will have its own sheet and it will fill the whole new sheet.
This may not be what you want. Sometimes, you want a chart sheet which contains several charts representing data from other sheets. To do that, you can add a new sheet first by clicking the Add Sheet button at the bottom-left corner.
Select the new sheet. Insert a new chart by menu Insert|Chart. Double click on the new blank chart to show the Chart editor as the right sidebar. In the Chart editor sidebar, you need to manually input what data you want to use. If the data are from Sheet1, you need to add Sheet1! right before the cells range.
Now you have a chart for the data from Sheet1. You can add more charts for the data from different sheets in this way, so that you can have a single "chart sheet" for the whole document.
Subscribe to:
Posts (Atom)
Posts
