Carbon_Fibre Posted July 24, 2012 Share Posted July 24, 2012 Hello I have an OSC 2.2 RC2A site installed. I'm using the Products URL field to link to pdf manuals located in another folder. Since I installed the add-ons suggested on this page (http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-oscommerce-22-site/) i.e. Security Pro, Site Monitor, IP Trap and Anti-XSS as well as copied the .htaccess files from OSC 2.3 and copied them to this site. But after this website, visitors are unable view these pdf documents. When clicked, the link directs back to index.php instead of the pdf document. (Note from the backend admin, if you view the product and click on the link, it works.) I've tested it on another installation without the add-ons and that works. Obviously, something is blocking the pdf document from being opened and kicking it back to the home page. I have removed the Anti-XSS, but that didn't help. Does anyone have any ideas which of the above add-ons it could be? Thanks in advance :) Link to comment Share on other sites More sharing options...
♥FWR Media Posted July 24, 2012 Share Posted July 24, 2012 @@Carbon_Fibre Could be Security Pro but you haven't mentioned the link that is created so I can't make a definate judgement. If I remember correctly the products url creates a redirection, this may introduce characters in the querystring which are not allowed by security Pro. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
burt Posted July 24, 2012 Share Posted July 24, 2012 you need to exclude redirect.php from security pro Link to comment Share on other sites More sharing options...
Carbon_Fibre Posted July 24, 2012 Author Share Posted July 24, 2012 you need to exclude redirect.php from security pro You are right. It works now. Thank you so much :thumbsup: Link to comment Share on other sites More sharing options...
Carbon_Fibre Posted July 24, 2012 Author Share Posted July 24, 2012 @@Carbon_Fibre Could be Security Pro but you haven't mentioned the link that is created so I can't make a definate judgement. If I remember correctly the products url creates a redirection, this may introduce characters in the querystring which are not allowed by security Pro. Thanks for the reply. Yes it is Security Pro. I followed Burt's suggestion Link to comment Share on other sites More sharing options...
Carbon_Fibre Posted July 24, 2012 Author Share Posted July 24, 2012 How do I edit the thread title? To add RESOLVED Link to comment Share on other sites More sharing options...
♥FWR Media Posted July 24, 2012 Share Posted July 24, 2012 @@Carbon_Fibre Ok .. please bear in mind however that I don't recommend file exclusions unless they are absolutely necessary ( payment modules, shipping modules etc ). redirect.php is now not protected .. it is trivial to simply create a link to the PDF files leaving security intact rather than excluding. in my opinion redirect.php has the potential to be particulary dangerous .. instead of sending a URL via querystring it should have been a simple numeric key as an identifier. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Carbon_Fibre Posted July 24, 2012 Author Share Posted July 24, 2012 @@Carbon_Fibre Ok .. please bear in mind however that I don't recommend file exclusions unless they are absolutely necessary ( payment modules, shipping modules etc ). redirect.php is now not protected .. it is trivial to simply create a link to the PDF files leaving security intact rather than excluding. in my opinion redirect.php has the potential to be particulary dangerous .. instead of sending a URL via querystring it should have been a simple numeric key as an identifier. Okay noted. That makes sense. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.