This guide explains how to import external data (files, folders, etc.) into your kDrive using the WebDAV protocol.

Preamble

• Refer to this other guide if you are looking for information on how to copy specific data from one kDrive to another when your user has access to both kDrives in question.
• Refer to this other guide if you are looking for information about using your kDrive via the WebDAV protocol in the future.

Importing external data via WebDAV

Prerequisites

• Have a kDrive or kSuite offer (WebDAV not required)
• Have sufficient permissions within kDrive or kSuite.
• Do not change your password until the import is complete!

To access the import tool, where the data needs to be imported:

1. Click here to access the Infomaniak kDrive web app (online service ksuite.infomaniak.com/kdrive).
2. Click on the Settings icon ‍ in the top right corner.
3. Check or select the relevant kDrive in the dropdown menu of the left sidebar.
4. Click on General in the left sidebar.
5. Click on Import external data:
   
6. Click the blue Start button:
   
7. Click on WebDAV.
8. Complete the requested information based on the source (including the WebDAV address you have - obtained from the source).
9. Choose the destination kDrive and the desired location to host the imported data.
10. Click on Start:
    

Example: copying data from an external kDrive to the Organization

To import a kDrive that would be outside the Organization in which your destination kDrive is located, you must enter the following information at point 9 above (your credentials will be used exclusively to import your data; they will be immediately deleted at the end of the process):

• Username: email address to log in to the Infomaniak user account
• Password: application password in case of double authentication activated or ‍that of your Infomaniak user account if you have not activated 2FA
• Entry point: the WebDAV login URL with the ID of the source kDrive (starting disk) — refer to this other guide regarding the kDrive ID
  • Example: https://123456.connect.kdrive.infomaniak.com if the ID is “123456” to obtain the entire kDrive; but it is also possible to import only part of it (see below).

Specify the name of a specific subfolder

It is possible to choose a subfolder as a source folder, by combining the kDrive ID and the folder path.

Example for a folder in the shared space of the Organization Folders (= "Common documents"):

• https://IDkDrive.connect.kdrive.infomaniak.com/Common documents/Nom du dossier

Example for a folder/subfolder that would be in personal folders (therefore outside the Organization Folders):

• https://IDkDrive.connect.kdrive.infomaniak.com/Nom du dossier/Nom du sous-dossier

This guide explains how to access the configuration of an Infomaniak Web site to display technical information such as the PHP, Apache version, or the activated PHP extensions and modules.

View the site's technical information

To access the Web site management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product concerned.
3. Click on the Manage button under Advanced Settings:
   
4. Take note of the Web site information under the General, PHP / Apache and PHP Extensions tabs:
   
5. Click on the back arrow in the left sidebar.
6. Click on Databases in the left sidebar to get the MySQL version of the Web hosting:
   

This guide presents the use of MySQL on Infomaniak hosting, particularly the operation of stored procedures.

Preamble

• “Stored procedures” and “stored routines” are not available on a shared web hosting.

Understanding stored procedures and routines

If stored procedures are essential to your project and you are currently using shared hosting, it is advisable to consider a VPS or a dedicated server, which offer more control and resources.

Stored procedures are an effective way to automate tasks and integrate business logic directly into the database. This results in more performant and easier-to-maintain applications.

On a Cloud Server, as soon as the user has administrator rights on the relevant MySQL database, they have the necessary permissions to execute SQL instructions, including the EXECUTE command, used to launch stored procedures already present in the database.

The user also has the required privileges to create new stored procedures. Creating a stored procedure is done via specific SQL syntax defining the instructions to execute, followed by its recording in the database.

Example

DELIMITER //
CREATE PROCEDURE GetUserCount()
BEGIN
    SELECT COUNT(*) AS total_users FROM users;
    -- Returns the total number of users in the table
END //
DELIMITER ;

-- Execute the stored procedure
CALL GetUserCount();

This guide explains how to protect your website and its visitors from malicious exploitation of MIME-Type sniffing.

Preamble

• MIME-Type sniffing, or MIME type detection, is a technique used by web browsers to determine the content type of a resource when the MIME type provided by the server is ambiguous, missing, or incorrect.
• While this can sometimes improve the user experience by making content accessible despite server configuration errors, this feature also introduces significant security vulnerabilities:
  • When a browser performs MIME-Type sniffing, it can interpret a text file as an executable script, thus opening the door to cross-site scripting (XSS) attacks; for example, a file intended to be treated as plain text could be interpreted as JavaScript, allowing an attacker to execute malicious code on the user's browser.
• By disabling MIME-Type sniffing, you protect visitors against the unauthorized execution of malicious scripts and also enhance the overall security of your website by reducing potential attack vectors.

Disable MIME-Type sniffing

To protect users and web applications from this type of vulnerability, it is possible to disable automatic resource type detection via the .htaccess file of your sites in order to instruct the browser to strictly rely on the MIME type specified by the server without attempting to guess it.

By placing the code below in your .htaccess file, you ensure that MIME-Type sniffing is disabled as long as the mod_headers module (which allows adding the header below) is enabled on your Apache server:

1. Open the .htaccess file for the relevant site from the FTP Manager or an FTP software/client.

2. Add the following code:

   <IfModule mod_headers.c>
       Header always set X-Content-Type-Options "nosniff"
   </IfModule>

3. Save the .htaccess file.

The SafeMode, or secure mode, is a protection mechanism that limits certain server functionalities to reduce the risks of malicious exploitation.

This mode was removed as of PHP 5.3.0 as it was deemed ineffective in enhancing security and likely to cause malfunctions with certain applications.

Infomaniak previously used the open_basedir directive on its old hosting offers, but this is no longer applied to current plans.

The CGID module for Apache has been disabled on Infomaniak's shared web hosting offers.

If necessary, you should consider switching to a **Cloud Server** if you are currently on shared web hosting. This can be done seamlessly: refer to **this other guide** for more information.

This guide covers data protection regulations in Switzerland and Europe, and the measures taken by Infomaniak to secure your customer data and data within Web Hosting and Mail Services.

Understanding the difference between data security and data confidentiality

Data security aims to prevent any unauthorized access to your information. It relies on measures such as encryption, firewalls, or VPNs. A security breach can have disastrous consequences: imagine a hacker stealing your entire customer database and demanding a ransom to recover it. This type of attack – ransomware – can paralyze a company overnight.

Data confidentiality concerns who can access your information and how it is used. Even if your data is secure against hacking, it can be collected, analyzed, and resold… legally.

Example: you carefully store your customers' information, but unbeknownst to you, a service you use shares – anonymously – this data with third parties. Result? Your competitors can obtain valuable analyses of your market and target your own customers without ever needing to hack.

LPD & GDPR

In Switzerland, the LPD (Federal Law on Data Protection) and nLPD (for the "new Law" in effect since September 2023) protect the confidentiality of residents by regulating the collection and processing of personal data by organizations.

On the other hand, the GDPR (General Data Protection Regulation) of the EU, in effect since May 2018, influences global companies processing the data of European residents, including in Switzerland. While the LPD applies to the data of Swiss residents, the GDPR concerns that of EU residents. Swiss companies managing European data must comply with the GDPR requirements, including the designation of a Data Protection Officer and the conduct of Impact Assessments in case of risky processing.

Your role as an Infomaniak Client

Regarding the hosted data that belongs to you — and especially if it contains personal data of your visitors, contacts, or customers — it is your responsibility to ensure its compliance.

When processing this personal data, it is essential to inform users about the purpose and methods of this processing. This is usually done through a privacy policy or a data processing agreement (DPA).

Agreement between data controller and processor

A DPA (Data Processing Agreement), known in German as AVV (Auftragsverarbeitungsvertrag), in Italian as ATD (Accordo di Trattamento dei Dati), and in Spanish as CTA (Contrato de Tratamiento de Datos), translates to Data Processing Agreement or Personal Data Processing Contract.

It is a mandatory contract provided by the GDPR between a data controller and a processor. It defines the purpose, duration, and nature of the processing, as well as the obligations and security measures. Its goal is to protect the personal data entrusted to a service provider.

This GDPR certificate (in PDF format) can be generated and downloaded from the Manager (accessible to organization users who are owners or administrators):

1. Click here to access DPA management on the Infomaniak Manager (need help?).
2. Click the Generate button to download the customized PDF document:
   

Here are some tips on this subject:

It is crucial to differentiate between the security of the infrastructures where your data is hosted and the management and implementation of your data on your side. As a host, Infomaniak acts as a subcontractor for your GDPR-related obligations. In this context, its privacy policies and cookie usage, as well as its terms and conditions, provide the necessary guarantees regarding its compliance as a subcontractor.

Infomaniak's role

Like companies that work with user data, Infomaniak must comply with the LPD and, because some of these users are European citizens, the GDPR as well:

• the data privacy policy details the data that Infomaniak retains to provide and execute its services
• the policy related to the protection of your personal data describes Infomaniak's commitments as a subcontractor that hosts all of your data, including personal data

This guide explains how to replace, within an Infomaniak Web hosting, the address of a site currently a subdomain (https://dev.domain.xyz for example) with the main domain (https://domain.xyz).

Preamble

• The operations in brief:
  1. We start with a site created and accessible via the URL of the main domain dev.domain.xyz.
  2. We add an alias domain.xyz.
  3. We swap the two types (the main domain becomes an alias and the alias becomes the main domain).
  4. We remove the old name dev.domain.xyz.
• Note that the site remains in the original folder on the server; the name of this location may be in the form /sites/dev.domain.xyz but this has absolutely no impact on the live site.
• Also, familiarize yourself with the last chapter of this other guide.

The operations in detail

To switch from a site with a subdomain address "dev.domain.xyz" to a direct address "domain.xyz":

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question.
3. Click on the chevron ‍ to expand the Domains section of this site:
4. Click on the button Add a domain:
   
5. Add the desired new name, check the corresponding boxes.
6. Click on the button to Confirm:
   
7. Once the addition is complete, click on the action menu ⋮ located to the right of the relevant item.
8. Choose to set the item as the primary domain:
   
9. Confirm the operation to proceed with the domain swap.

This guide covers the execution of the C# language and the .NET framework via the Mono implementation on Infomaniak hosting.

Technologies for software development

To use the C# language and the .NET framework with the Mono implementation, in order to develop software applications that can be deployed and executed on multiple platforms, outside the Windows environment, it is recommended to opt for solutions such as:

• VPS Cloud / VPS Lite
• Jelastic Cloud
• Public Cloud

The flexibility and portability offered by these multi-platform environments mean that a shared web hosting does not allow the execution of projects based on C#, .NET or Mono.

This guide concerns the MySQL Query Cache which, when activated, stores the results of already executed queries in memory.

Preamble

• MySQL Query Cache speeds up subsequent identical queries by avoiding re-execution.
• This can improve the overall performance of the database server by reducing the load and decreasing the response time for frequent queries.

query_cache_type ON or OFF?

On shared Web Hosting (therefore excluding Cloud Server) MySQL Query Cache is neither enabled nor can be enabled.

On Serveur Cloud, enable MySQL Query Cache via Fast Installer.

This guide is about "browscap.ini", a configuration file used by the PHP library "browscap" that contains information about web browsers and their characteristics, such as their name, version, compatible operating systems, browsing capabilities, etc.

File information

The file "browscap.ini" reflects the latest information on web browsers. It can be used with PHP scripts that require the "browscap" library.

phpinfo indicates where the browscap.ini file is located, namely:

/opt/php/lib/php/browscap.ini

You can retrieve the content of the file yourself via a PHP script, for example:

<?php
header("Content-type: text/plain");
print file_get_contents("/opt/php/lib/php/browscap.ini");
?>

Note that the "browscap" library is no longer widely used and that many developers prefer other solutions for browser detection, such as the native PHP function "get_browser()".

This guide explains how to enable PHP-FPM status to, for example, debug a slow site at the PHP level.

Preamble

• PHP-FPM status allows you to monitor in real-time the scripts that are executed as well as their execution time.
• This operation is only possible on Serveur Cloud.

Enable PHP-FPM status

To activate PHP-FPM on a site, contact Infomaniak support from an email address listed on your user account to authenticate your request.

In your request, please specify the source IP address that should be authorized.

Once PHP-FPM status is activated, the following URL links will display the necessary information:

• https://domain.xyz/fpm-status?json&full
• https://domain.xyz/fpm-status?html&full
• https://domain.xyz/fpm-status?xml&full

Warning: if your site contains rewrite rules including the path /fpm-status, you will likely need to make an exception for it.

This guide concerns the redirection of web traffic to a specific port, including when using a dedicated IP and a specific web application (such as Node or Varnish for example).

Prerequisites

• Add a site to your hosting.
• Install HAProxy on the Cloud Server.

Redirect web traffic to a specific port

By default, on Serveur Cloud, web traffic is sent to Apache. To send requests to a Node script or another service (provided it "listens" on a port between 4000 and 4009), you need to go through HAProxy.

This applies notably to servers Express, Socket.IO, Meteor.js, Nuxt.js, Django, Flask, Ruby on Rails, even possibly Java (J2E), etc.

For this, you must ensure that the service is listening on a port between 4000 and 4009 (especially with server.listen(4000) for Express or a basic HTTP Node server, but depending on the type of project by other means, a configuration file, in the code or otherwise) and on all interfaces (0.0.0.0).

It will also be necessary to configure HAProxy as in the example below:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Fast installer in the left sidebar.
4. Click on the action menu ⋮ located to the right of HAProxy.
5. Click on Configure:
   
6. Choose the desired information and save:
   
    

Retrieving the source IP of a request

When you redirect web traffic to your web application, the way requests are processed changes, and the request is first received by a reverse proxy (local to the server) which then forwards the request to the chosen port. Thus, due to the request forwarding, the methods usually used to retrieve the visitor's IP will return the IP of the reverse proxy instead of the visitor's.

In these cases, to retrieve the real source IP of the visitor, you need to consult an HTTP header named X-Forwarded-For, which will contain the source IPs accumulated during each redirection. This header will therefore contain last the original IP address of the client, allowing the real visitor to be identified.

Warning: It is important to note that HTTP headers can be manipulated, which presents security risks. To minimize these risks, it is recommended to verify that the request comes from a reliable server before trusting the content of the X-Forwarded-For header. This verification may involve ensuring that the request was transmitted by a trusted intermediary server, identified by a pre-established list of IP addresses. In the case where the site uses a dedicated IP, the trusted servers are:

• 83.166.133.15
• 83.166.133.17
• 83.166.133.16
• 84.16.92.5
• 84.16.92.43
• 10.2.32.255
• 10.2.34.164

The PHP extension JavaScript_Object_Notation is available. It is useful for processing JSON data in your PHP web applications, whether to exchange data with web services, store configurations, or communicate with front-end applications written in JavaScript.

This guide explains how to modify an existing Web Hosting plan to, for example, host additional websites if the maximum site quota is reached, or to obtain a more recent hosting solution to benefit from the latest versions of PHP & MySQL.

Modify the Web hosting offer to…

… order additional websites, disk space, or IPs

To access the Web hosting configurator:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click on the action menu ⋮ located to the right of the relevant item.
3. Click on Modify the offer:
    
   
    
4. Increase the values you wish to modify.
5. Click on the Next button to proceed to the payment for the changes made to the hosting:
   

… switch to a more recent server

To get a hosting solution on a more recent server and thus benefit from the latest versions of PHP & MySQL, you can either…

• … refer to this other guide and follow the indicated procedure to the end:
  
• … refer to this other guide and follow the procedure indicated until point 4 then click the button to update:
  
  • If no information banner is displayed, it means you already have a recent hosting offer.

This guide details how to save data from your web hosts (shared or Cloud Server) using Acronis on Swiss Backup, the backup solution in an independent Swiss cloud.

Preamble

• This is a backup solution that allows you to automate the backup of your files if the backups offered by Infomaniak no longer meet your availability or security needs.
• It is also possible to back up other types of data.
• Backups are generally performed every 24 hours, depending on the Cloud Agent's workload.
• It is not possible to exclude files from the backup: all files will be backed up, which may generate warnings as some system files are protected and inaccessible to the client; this is quite normal and common to all hosts.
• Make your life easier! If needed, local partners referenced by Infomaniak can handle these procedures. Launch a free call for tenders. They handle everything, freeing you from technical details.

Creating the backup space

Prerequisites

• Have a Swiss Backup Infomaniak space with an available device quota (minimum 1) for a Acronis website backup:
  
• If necessary, increase the device quota according to your needs.
• Add the device to the Infomaniak Manager to receive the login credentials.
• Be aware of the Acronis documentation on this subject: backup / restoration
• Use a web host.
• Know the information of the FTP+SSH user account:
  
• Know the information of the MyQSL/MariaDB user account which must have maximum permissions (read/write/admin) on all databases and tables you wish to back up:
  

To configure the backup of a website with Acronis:

1. Click here to access the Acronis Console with the credentials obtained after adding the device (need help?).
2. Click the add device button to add a Website type device:
   
3. Enter the information regarding the FTP type data:
   1. specify a name/description
   2. specify the FTP host
   3. leave port 22
   4. specify the FTP+SSH username
   5. specify the FTP+SSH account password
4. Click the Next button:
   
5. Enter the information regarding the MySQL/MariaDB databases:
   1. select the radio button corresponding to SSH
   2. specify the MySQL/mariaDB host
   3. leave port 3306
   4. specify the MySQL/mariaDB username
   5. specify the password of the MySQL/mariaDB account
6. Click the Next button (or Skip if there is no data of this type to back up):
   

Backup website data

Once the backup is configured and created, you will find it under Sites in the left sidebar:
Click on the name of your backup to configure its recurrence, and start a first copy immediately if necessary.

Access and restore saved files

Refer to this other guide if you are looking for information about restoring (partial or complete) your data.

This guide explains how to rename a Web hosting present in the Infomaniak Manager within your Organization.

Preamble

• A Web hosting service is, schematically, the storage space reserved for hosting one or several of your websites.
• By default, your Infomaniak hosting takes the name of the first site you add to this hosting:
  • You own the domain name "domaine.xyz" and want a site with this domain name…
  • You purchase a web hosting that will be automatically named "domaine.xyz" even if you later add a second site "toto.com".
• The hosting can be renamed with a more generic name like "My Websites" to better reflect its actual content.
• This renaming is intended to improve the readability/understanding of the products listed in your Manager and has no impact whatsoever on the web addresses: refer to this other guide to act on the domain name.

Renaming a Web Hosting

To access the web hosting in order to change the name:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the Manage button.
4. Click on Edit name:
   
5. Enter the desired name.
6. Click on Save.

This guide concerns the ODBC functions of PHP.

Open Database Connectivity functions

These are the functions used to interact with databases via the ODBC (Open Database Connectivity) interface, a standard for accessing data sources uniformly. Here are a few examples of using the ODBC functions of PHP:

• Being able to read data from an external database and display it on your website
• Insert or modify data in an external database
• Perform complex queries on an external database

The hosting platform for your sites *perso.ch, *.users.ch, *.geneva-link.ch is evolving and this guide presents the procedure to follow to connect to your FTP space.

Change of login credentials

The current hosting platform uses a prefix for your FTP username. It is in the following format: "persoch_"

So, if your username was infomaniak, you will now need to use the following user to connect via FTP: persoch_infomaniak.