04-08-2022, 06:12 AM
(This post was last modified: 04-08-2022, 07:07 AM by jeroen.rottink.)
(04-08-2022, 05:44 AM)Alexandre Machado Wrote: Jeroen,
to have a proper idea of what really appears on that log you need to test from another machine in a network environment.
It will always show everything when running from localhost. That's by design.
If you are running from localhost, you have always access to everything. No need to hide anything in that case
Hi Alexandre,
I did. See my third post yesterday. Also the remark about changing the host header field value.
My solution in those cases.
Code:
// RemoteAddr := WebApplication.Request.RemoteAddr;
// if not IsLocalHost(RemoteAddr) ...
function TIWServerController.IsLocalHost(const AIP: string): boolean;
begin
// https://serverfault.com/questions/411658/can-localhost-be-spoofed
// https://stackoverflow.com/questions/40189084/what-is-ipv6-for-localhost-and-0-0-0-0
Result := SameText(AIP, '127.0.0.1') or SameText(AIP, '0:0:0:0:0:0:0:1');
end;(04-07-2022, 04:35 PM)joelcc Wrote: if you really want to hide everything from the user then change the following 2 templates.
iwServerError.html
IWError.html
and maybe IWException.html
You can still log the real error.
Hi joelcc,
Thanks. I didn't think about that.
When would IWServerError.html be used. I can't find a reference to that.
On GitHub some demo's showing the usage https://github.com/Atozed/IntraWeb/tree/...Exceptions
https://www.atozed.com/2008/01/20080915a-en/