The remote server returned a forbidden error (403) while connecting to sharepoint with c #.

I'm trying to get the list items from SharePoint. When I run the following code I get the message "The remote server has returned a forbidden error (403)".

 try
        {
            using (var context = new ClientContext(siteurl + "/_api/lists/GetByTitle('" + documentlibrary + "')/items?$orderby=Id%20desc"))
            {
                context.Credentials = new SharePointOnlineCredentials("username@abcd.com", GetPasswordOfYourSite("password"));
                Web web = context.Web;
                context.Load(web.Lists,
                    lists => lists.Include(list => list.Title,
                        list => list.Id));
                context.ExecuteQuery();
                Console.ForegroundColor = ConsoleColor.White;
                foreach (List list in web.Lists)
                {
                    Console.WriteLine("List title is: " + list.Title);
                }
                Console.WriteLine("");
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine("Error is: " + ex.Message);
        }

When trying to connect, the exception "The remote server returned an error (403) that is forbidden" was displayed.

Could you please give the reasons for this problem? and how can you fix it?

Thank you very much

Apache 2.4 – Error deploying Django web with mod_wsgi (Forbidden: You do not have permission to access / on this server.)

Hi, I am trying to deploy my first Django website with Apache in Centos7

Versions: 
Apache: 2.4.6 
Django: 2.2.6
Python: 3.6.8

My Django project is located in the / srv directory and looks like this:

/srv/
└── MyApp
    ├── apps
    │   └── index
    ├── db.sqlite3
    ├── manage.py
    ├── media
    ├── root
    │   ├── __init__.py
    │   ├── __pycache__
    │   ├── settings.py
    │   ├── urls.py
    │   └── wsgi.py
    ├── static
    │   ├── css
    │   └── images
    └── venv
        ├── bin
        ├── include
        ├── lib
        ├── lib64 -> lib
        ├── pip-selfcheck.json
        └── pyvenv.cfg

Test that I did:

1) I can access my Django website if I:

python manage.py runserver 0.0.0.0:80

2) If I only use Apache, I can see the Apache placeholder website.

3) Following this tutorial (https://www.shellhacks.com/modwsgi-hello-world-example/) I also tried to use mod_wsgi without Django, and was able to get it running (just had to replace the following one ) Make it work):

Allow from all --> Require all granted 
Order allow,deny --> Satisfy Any

My Apache configuration file is in /etc/httpd/conf.d

WSGIScriptAlias / /srv/MyApp/root/wsgi.py
WSGIPythonPath /srv/MyApp


    
        Require all granted
    


WSGIDaemonProcess myapp.com python-home=/srv/MyApp/root/venv python-path=/srv/MyApp
WSGIProcessGroup myapp.com

I'm pretty new to all this and I'm sure it's a little stupid that I'm not setting up properly, but I've been google and testing for over 10 hours now and I can not figure it out.

I hope someone could give me a guide. Thanks in advance.

Data Structures – Forbidden Sequence Dynamic Programming

Given a finite amount $ Omega $I have the following problem. Suppose there is a list of prohibited subsequences $ F subset Omega cup Omega ^ 2 cup Omega ^ 3 dots Omega ^ infty $Although we do not know the contents of the list before, we can query each sequence $ S in Omega ^ i $ to see if $ exists f in F, f subseteq S $, I want to construct a sequence $ S in Omega ^ n $ so that $ f not subseteq S, forall f in F $,

I want to construct all sequences $ S in Omega ^ n $ so that $ f not subset S, forall f in F $,

The approach that I thought best was dynamic programming. We construct iteratively valid sets $ V_k: = {S in Omega_k: f not subset S, forall f in F, | f | <k } $by adding each subsequence of $ s in V_1 cup dots V_ {k-1}, forall s subsetneq S $and then remove all $ S in F $ with queries. My question is how to build most efficiently $ V_k $? A simple way would be to take $ V_ {k-1} $ and then add each element $ Omega $ in the end, and then some additional queries, but is there a better way?

In addition, there are elegant ways to use incomplete valid sentences $ I_k subseteq V_k $where if $ I_ {k + 1}: = {S in Omega ^ {k + 1} setminus F: s in I ^ 1 cup dots I ^ k, forall s subsetneq S } $ Is it empty, can we try to expand everything without having to start from the beginning?

iis – Error (403): Forbidden

As a background, I'm mainly an embedded developer and was hired to make a simple change to one of our company's web applications. The application is an ASP.NET application (originally developed with Visual Studio 2010) running on Windows Server 2012. I am trying to modify / debug the code on my local Windows 10 computer with Visual Studio 2017.

When I try to run the application locally on Visual Studio 2017, Visual Studio displays a message that debugging on the Web server can not be started. The remote server returned an error: (403) Forbidden. "

I have tried several things, such as For example, grant IIS_USR and Network Service permissions to my path. The following is logged in C: inetpub logs LogFiles W3SVC1:

2019-10-15 15:07:14 :: 1 DEBUG /ECNAD/DebugAttach.aspx – 80 – :: 1 – – 403 0 0 1249
2019-10-15 15:15:46 :: 1 DEBUG /ECNAD/DebugAttach.aspx – 80 – :: 1 – – 403 0 0 39

I would be very happy to receive any help to run this web application locally.

Thank you in advance.

Sampling of a uniform distribution of fixed-size strings containing no forbidden substrings

Suppose the alphabet is $ {a, b } $and you have a forbidden word $ aa $, Suppose we try to generate a word of length 3. The first two letters are evenly distributed $ ab, ba, bb $, Therefore, the first letter has the following distribution: $ a $ with probability $ 1/3 $. $ b $ with probability $ 2/3 $, In contrast, the allowed words
$$
aba, abb, bab, bba, bbb.
$$

So the first letter should have the distribution $ a $ with probability $ 2/5 $. $ b $ with probability $ 3/5 $,


Here is an algorithm that works. Create a DFA (or UFA) for your language. For every state $ q $With dynamic programming, you can count how many words are long $ m $ are accepted when the machine is restarted $ q $, Let us denote this $ c (q, m) $,

The correct distribution of the first letter $ sigma_1 $ from a word of length $ n $ is in the language
$$
Pr ( sigma_1 = sigma) = frac {c ( delta (q_0, sigma), n-1)} {c (q_0, n)}.
$$

Quite generally in the face of the first $ ell $ letters $ sigma_1 ldots sigma_ ell $The following letter has the distribution
$$
Pr ( sigma_ { ell + 1} = sigma mid sigma_1 ldots sigma_ ell) = frac {c ( delta (q_0, sigma_1 ldots sigma_ ell sigma), n – ell-1)} {c ( delta (q_0, sigma_1 ldots sigma_ ell), n- ell)}.
$$

If you ignore the cost of arithmetic, you can roughly implement this scheme $ O (| Q | n) $, Where $ Q $ is the set of states or in $ O (| Sigma | n ^ 2) $, (The former assuming that $ | Q | = Omega (| Sigma |) $.)

As an example, consider the above counter example. We construct a two-state DFA (we can omit the sink state to get a UFA) $ q_0, q_1 $, The transition function is $ Delta (q_0, a) = q_1 $. $ Delta (q_0, b) = q_0 $. $ Delta (q_1, b) = q_0 $, The relevant values ​​of $ c $ are
$$
begin {array} {c | cc}
n & c (q_0, n) & c (q_1, n) \ hline
0 & 1 & 1 \
1 & 2 & 1 \
2 & 3 & 2 \
3 & 5 & 3
end {array}
$$

These are calculated by the repetitions $ c (q_0, n) = c (q_0, n-1) + c (q_1, n-1) $ and $ c (q_1, n) = c (q_0, n-1) $with basic housing $ c (q, 0) = 1 $,

Since $ Delta (q_0, a) = q_1 $ and $ Delta (q_0, b) = q_0 $we see that (eg $ n = 3 $) $ Pr ( sigma_1 = a) = c (q_1,2) / c (q_0,3) = 2/5 $ and $ Pr ( sigma_1 = b) = c (q_0,2) / c (q_0,3) = 3/5 $,

The results of the web application pen test include a file from a forbidden directory that is not even used or referenced

Brute force Scanner

Many automatic scanners bypass locked directory listings by looking for "bruteforce" files. This means that they are looking for additional files whose names are similar to those of the existing files (ie. filename.js1 and files that are not referenced at all (aka secret.txt). If you happen to have a file whose name is on the bruteforced list and which is in an accessible directory, it will be found, regardless of whether the "directory listing" is enabled or not

It's worth noting that hackers do the same, so this is a real problem. If something is in a publicly accessible directory, you should generally think that it is found. So if you do not want it to be public, you need to keep it away from public directories – disabling the directory list offers very little security.

Real weaknesses

In the end, this does not seem to be a big problem (and probably is not), but leaving backups of javascript files in public directories is generally a bad idea. When it comes to XSS, an attacker generally has the most success if he can exploit a javascript file hosted on the same domain. This is because this provides the opportunity to bypass a CSP or other "security firewalls". If an older Javascript file contains a vulnerability that was fixed in a later release, and an attacker has found a way to force the user's browser to load the older Javascript file, it may be linked to a more malicious vulnerability. This may seem far-fetched, but how many of the worst security holes happen when many small vulnerabilities are grouped together into one larger one?

tl / dr: If something is hosted by your website but has none
Reason to be there, then it is a liability. Kill it with prejudice.

xampp – How do I solve 403 Forbidden Error in Apache?

I work server side and had a problem. I use XAMPP and Apache server in my server. First I buy a static IP and open the port for everyone.

I can succeed if: "http: // {StaticIP} / api / NewsJson", But if I try "https: // {StaticIP} / api / NewsJson"I take 403 errors in the browser. I search and find a few solutions.

First, I change the line "xampp apache conf extra httpd-xampp" Folder. I change the locally granted change requires all granted.

ScriptAlias /php-cgi/ "C:/xampp/php/"

    AllowOverride None
    Options None
    Require all granted
    
          Require all granted
    



    
        SetHandler cgi-script
    
    
        SetHandler None
    



    
        Require all granted
        
            php_admin_flag safe_mode off
        
    
    AllowOverride AuthConfig



    Alias /licenses "C:/xampp/licenses/"
    
        Options +Indexes
        
            DirectoryIndexTextColor  "#000000"
            DirectoryIndexBGColor "#f8e8a0"
            DirectoryIndexLinkColor "#bb3902"
            DirectoryIndexVLinkColor "#bb3902"
            DirectoryIndexALinkColor "#bb3902"
        
    Require all granted
        ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
   

    Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
    
        AllowOverride AuthConfig
    Require all granted
        ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
    

    Alias /webalizer "C:/xampp/webalizer/"
    
        
            
                php_admin_flag safe_mode off
            
        
        AllowOverride AuthConfig
    Require all granted
        ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
    

Then I add this line "xampp apache conf extra httpd-vhosts" Folder.


    DocumentRoot "C:/xampp/htdocs/api/NewsJson"
    ServerName 192.168.*.** (My Server IP)
    
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    

And I change mine ".Htaccess" Folder.

RewriteEngine On
RewriteRule NewsJson.html$ NewsJson.php (L)

If I change it, I have Apache closed and reopened. But I still take 403 banned errors. What can I solve this problem?

kubernetes – Forbidden to empty users "" cubic

That's the command

kubectl --namespace=somenamespace   exec -it test sh
Error from server (Forbidden): pods "test" is forbidden: User "" cannot create resource 

There's my kube config

  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      env:
      - name: AWS_PROFILE
        value: "test" # refers to aws profile test located in ~/.aws/config,
      command: aws-iam-authenticator
      args:
      - "token"
      - "-i"
      - "qa"

aws config is

(profile test)
role_arn = arn:aws:iam::66776776:role/AssumeRoleReadOnly
source_profile = sso
region = us-east-1

I do not understand why the user is empty "" and I have received a forbidden error

linux – Replaces Python for function checking for forbidden characters

I have "blackbox" with the following python function code (without permission to change it):

def exec_ping():
    forbidden = ('&', ';', '-', '`', '||', '|')
    command = input('Enter an IP: ')
    for i in forbidden:
        if i in command:
            print('Invalid characters')
            exit()
    os.system('ping ' + command)

I would like to execute this function with the following command input:

-c 1 localhost; whoami;

For this command to execute:

ping -c 1 localhost; whoami;

How can I bypass the check for forbidden characters? Can I use other characters / encodings?