zip direct link download not working in IE7 and IE8 - internet-explorer-7

Zip file direct link download not working in IE7 and IE8
Examlple: http://beta-ffconeworld.fairfactories.org/Uploads/documents/docfiles/122_test.zip
$ curl -I http://beta-ffconeworld.fairfactories.org/Uploads/documents/docfiles/122_test.zip
HTTP/1.1 200 OK
Date: Fri, 15 Jul 2011 10:58:46 GMT
Server: Apache/2.2.16 (Amazon)
Last-Modified: Fri, 15 Jul 2011 10:09:11 GMT
ETag: "7cc4-8565-4a818d74be4db"
Accept-Ranges: bytes
Content-Length: 34149
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/zip

I ran into a similar issue once and solved it by disabling gzip compression in apache for the particular file extension or directory.
In my case apache was trying to compress a file that was already compressed thus corrupting it. We added
SetEnvIfNoCase Request_URI \.(?:zip)$ no-gzip dont-vary
into httpd/conf/extra/httpd-deflate.conf and all was well.

Works fine on my machine.
Check your security settings. In IE7, this is Tools -> Internet Options -> Security -> Custom Level... in the list it's possible to disable file downloads, or enable them to download without prompt.

Related

How to Hide Server/Software Version from Apache Zeppelin/Any Related Web-App?

Any ideas/suggestions on how to hide software/server version from Apache Zeppelin? We hired an information security company to perform an external pen-testing in our servers and one of the issues raised was to hide all the software versions being disclosed on application headers/errors messages.
So for example if I execute this command from a terminal:
curl -I -k https://localhost:8181/
It will give this result
HTTP/1.1 200 OK Date: Thu, 16 Jul 2020 03:37:42 GMT Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE Date: Thursday, July 16, 2020 1:37:42 PM AEST Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE Date: Thursday, July 16, 2020 1:37:42 PM AEST Content-Type: text/html Last-Modified: Thu, 08 Jun 2017 09:18:50 GMT Accept-Ranges: bytes Content-Length: 3657 Server: Jetty(9.2.15.v20160210)
How can I hide the Server: Jetty(9.2.15.v20160210) or is it even possible? I'm trying to search but no luck yet on finding a solution for this. Appreciate any help. Thanks in advance! Cheers.
It's possible in the Zeppelin 0.9.0 (not yet released) - it's implemented as part of the ZEPPELIN-4586 and should be available in the 0.9.0-preview2 soon, or you can compile from source yourself. You can look to the documentation in the meantime

AngularJs html metadata was changed by google storage

I have a plan to change the hosting of my angularJS static app from a S3 bucket to a GCS bucket. But I have some problems with the metadata of the html template files.
I have copied the files with the command gsutil and I have already set all files in the bucket with the public_read permission. Now I can access the index.html file and serve it with text/html content-type, but the template file metadata has been changed by google storage to application/xml and, when accessing it, the status code is 401.
Status Code: 401 Unauthorized
Cache-Control: private, max-age=0
Content-Length: 131
Content-Type: application/xml; charset=UTF-8
Date: Thu, 24 May 2018 03:44:21 GMT
Expires: Thu, 24 May 2018 03:44:21 GMT
Server: UploadServer
WWW-Authenticate: Bearer realm="https://accounts.google.com/"
Sometime it works and sometime it doesn't. What can I do in this situation?

404 Pages and 301 redirect

We built pages like this:
Old URL:
http://www.ifsc-code.co.in/all-india-banks-database/bank-of-india/karnataka/
Please notice, bank of india is the bank name and karnataka is the state name.
New URL:
http://bank-of-india.ifsc-code.co.in/karnataka
There are 45000 old urls all have been set as 301 redirect to new url. Its been 2 months, but still google sees them as 404. Why?
This is how Googlebot fetched the page.
URL: http:/ /www.ifsc-code.co.in/all-india-banks-database/bank-of-india/karnataka/
Date: Thursday, March 29, 2012 1:29:54 PM PDT
Googlebot Type: Web
Download Time (in milliseconds): 168
HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Mar 2012 20:29:54 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.8
Location: http:/ /bank-of-india.ifsc-code.co.in/karnataka
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
Then why does this page shows up in 404 page? The url that links to that page doesn't even exist, which is also a 301 redirect.
Please help.
Because you have to manually mark them as fixed in webmaster tools : Mark crawl error as fixed

GZIP content in Google App Engine using django-nonrel

I have a django-nonrel app running in Google App Engine and am wanting all the content to be gzipped.
I keep reading that GAE automatically gzips the content but when I check the headers using Firefox's web developer toolbar I get the following result:
Via: 1.1 TL-ISA1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Expires: Thu, 09 Dec 2010 12:23:46 GMT
Date: Thu, 09 Dec 2010 12:23:46 GMT
Content-Type: text/html; charset=utf-8
Etag: "463ad22512f09050f76a291c11d9746d"
Server: Google Frontend
Last-Modified: Thu, 09 Dec 2010 12:23:46 GMT
Cache-Control: max-age=0
200 OK
I was expecting to see Content-Encoding: gzip, but since it is not there, my assumption is that the content is not being gzipped as it should.
Am I missing something? For example, do I need to do something extra if I am using django-nonrel?
Just to add, I am new to Web development - so don't be afraid to patronise. Thanks
Gzip should work out of the box, you are probably requesting the page through a proxy.

Google App Engine Set-Cookie fails to use my expiration date

I am trying to set a cookie in my Google App Engine page:
self.response.headers.add_header('Set-Cookie','CookieName=1234; expires:Sun, 31-May-2009 23:59:59 GMT; path=/;')
The expiration date is not showing up in the browser. So it deletes itself at the end of the session.
Here is the output from curl -D:
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Set-Cookie: CookieName=1234; expires:Fri, 01 Jan 2010 11:48:41 GMT
Date: Fri, 08 May 2009 11:57:25 GMT
Server: Google Frontend
Expires: Fri, 08 May 2009 11:57:25 GMT
Transfer-Encoding: chunked
What am I missing?
The problem is you're using "expires:" with a colon. Needs to be "expires=" with an equals.
With a "curl -D somefile" I can check that your cookie comes to the client exactly as specified. Can you check that, and confirm that the issue is with your browser and its settings rather than with the server side?

Resources