Javascript Server Specific Firewall Issue

By razz2 ·
I have been asked to research a javascript issues that appears to be
server specific. There are 2 sites in this issue.

The scenario is that a client has a web site (Site A) with flash content.
Part of that content display is done through the use of .js file includes
from the .php pages such as <script language="JavaScript"
type="text/javascript" src="includes/namehere.js"></script>. This
site is theirs, hosted on SBC, and displays fine in their building behind
a Watchguard firewall. PHP Version is 4.4.8 on a FreeBSD Apache.

They are designing a similar site (Site B) for a Non-Profit group they
belong too. It too has Flash content and is implemented with virtually
identical code and .js files. It is hosted at a separate, 3rd party,
hosting company. However the Watchguard blocks the Flash display as
unsafe content application/javascript. PHP Version is 5.2.4 and
Apache is Linux.

Any of the 2 sites uploaded to the SBC server work, and any of the 2
uploaded to the 3rd party host fail. If the .js extension is removed
from the include files and their references in the .php files when the
site is on host B it works fine.

So, the question is what config setting on Apache or in php.ini would
cause the same code to be seen differently by the same firewall? And,
would be affected by removing the .js extension?

Thanks for the time in advance,


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

There have been many changes in PHP5....

by ThumbsUp2 In reply to Javascript Server Specifi ...

.... far too many to list here, but namely Register Globals is off by default. Have you run PHPInfo on each server to see what is different between the two?

Check out the FAQs at the PHP web site.

Collapse -


by razz2 In reply to There have been many chan ...

Hi ThumbsUp2,

Thanks for the input.

Yeah, First thing I did was have him upload a phpinfo doc to each
so I could see the differences in the configs. Nothing jumped
out. I mean, of course, there are the standard default changes in
PHP 5 and as you said there are to many to list. I will look
through them each in more detail but was hoping someone
might have an idea to save the time. Register Globals just doesn't
seem to fit the symptoms. Again, it seems to be serving the .js
files differently and removing the extension makes it work fine.
Never thought of it as I really wanted to know the cause for my
reference, but I guess I could tell them to leave it without the .js
unless there is any issue I am unaware of with that. Any
experience with that? Mostly I just prefer being standard across
sites so having the extension makes sense.

I just looked through again and nothing in there really appears
likely to cause a .js include to be seen as safe content coming
from one site/host and as unsafe content from the other by the
same firewall.

I am obviously not familiar with all the ini settings (Gee does it
show;-)) and their meanings but the same code should fail with
or without the .js if it was Globals or something like that I would

Anyway, thanks again for your time and if you have any other
ideas I am open.

Related Discussions

Related Forums