webserver – WindowsTechs.com

Which external vulnerabilities remain for a web server secured with mTLS?

Posted on November 12, 2024 by IamNaN

Scenario:
A web server with a web app for remote staff.
The web server is behind a reverse proxy (traefik)
The web server has a host based firewall configured to allow connections only from the proxy on the designated port. Those connectio… Continue reading Which external vulnerabilities remain for a web server secured with mTLS?→

Posted on November 5, 2024 by Lance Pollard

It is recommended to do this often in web apps:
import { NextResponse } from ‘next/server’
import type { NextRequest } from ‘next/server’

Posted on November 4, 2024 by Andy W

We currently have a linux/apache/sql webserver that has API access for our app in the meta store(Quest 2 & 3).
when manually type in the address on chrome (desktop computer) I get the proper API responce from our server its just a 4 di… Continue reading Web Server API returns Hacked webpage when Unity Project makes API call→

Posted on October 30, 2024 by Jun

I’m kind of new to networking. Suppose that all my VLANs have access to the web server and authoritative DNS server but only VLAN 40 has access to the Internet while VLANs 10, 20 and 30 do not have access to the outside Internet. Will this… Continue reading DNS – DMZ or Internal Zone & Firewall Clarifications [migrated]→

Posted on September 27, 2024 by Akhil Akkapelli

I’m hosting a website on a free hosting provider server that uses PHP for OTP-based authentication. Here’s how it works:

If an unregistered IP address visits the site, it shows an "Unauthorized" message.

Posted on September 26, 2024 by test

I want to identify the devices currently connected to my web server. How is this done and what are the tools used to do this?

Posted on September 16, 2024 by user3099225

I have recently bought a hosting and hosted my php site, but after hosting site was not loading and showing a round loading image. I thought my files were infected, so I checked on console and I got this error – mixed content error, reques… Continue reading My hosting has no content, but shows error – requested an insecure script ‘http://cdn.jsinit.directfwd.com/sk-jspark_init.php→

Posted on September 14, 2024 by archygriswald

In my webserver log files I sometimes find such entries:
185.30.14.116 [2024-09-14T07:56:57+02:00] 400 | HOST-HDR "185.30.14.116" | SRV _:80" | URI "/"
So there is a request from 185.30.14.116 that my default serve… Continue reading What is the sense of the client’s IP in a Host header?→

Posted on September 2, 2024 by Innodesign

When I click on a Google image thumbnail to view a larger preview, I understand that the image is hotlinked from the hosting site.
In this case, when I view the hotlinked Google preview image, is my IP address recorded by the original site… Continue reading When viewing a hotlinked Google image preview, is the IP address of Google’s server recorded on the original site?→

Posted on July 18, 2024 by Rudra Das

I’m currently testing the search feature on a website, and I’ve encountered an interesting behavior. The site displays the search query in the page itself, even if it’s an XSS payload (although it doesn’t trigger any XSS). Here are the det… Continue reading Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]→