This guide explains how to import external data (files, folders, etc.) into your kDrive using the WebDAV protocol.

Preamble

• Refer to this other guide if you are looking for information on how to copy specific data from one kDrive to another when your user has access to both kDrive accounts.

Import external data via WebDAV

To access the import tool, where the data needs to be imported:

1. Click here to access the Web app kDrive Infomaniak (online service kdrive.infomaniak.com).
2. Click on the Settings icon ‍ at the top right.
3. Check or select the kDrive in question from the dropdown menu on the left sidebar.
4. Click on General in the left sidebar.
5. Click on Import external data:
   
6. Click the blue Start button.
7. Click on WebDAV.
8. Fill in the required information based on the source (especially the WebDAV address you have - obtained from the source).
9. Select the destination kDrive and the desired location to store the imported data.
10. Click on Start:
    

Example: copy data from an external kDrive to the Organization

To import a kDrive that would be outside of the Organization in which your destination kDrive is located, you must enter the following information at point 9 above (your credentials will be used exclusively to import your data; they will be immediately deleted at the end of the process):

• Username: email address to log in to the Infomaniak user account
• Password: application password if two-factor authentication is enabled or‍ the one from your Infomaniak user account if you have not enabled 2FA
• Entry point: direct access to kDrive (refer to this other guide regarding the kDrive ID for the connection URL)
  • It is possible to choose a subfolder as the source folder, by combining the kDrive ID and the desired folder by entering for example https://IDkDrive.connect.kdrive.infomaniak.com/My/Subfolder or https://IDkDrive.connect.kdrive.infomaniak.com/MykDrive/My/Subfolder

This guide explains how to protect your website and its visitors from malicious exploitation of MIME-Type sniffing.

Preamble

• MIME-Type sniffing, or MIME type detection, is a technique used by web browsers to determine the content type of a resource when the MIME type provided by the server is ambiguous, missing, or incorrect.
• While this can sometimes improve the user experience by making content accessible despite server configuration errors, this feature also introduces significant security vulnerabilities:
  • When a browser performs MIME-Type sniffing, it can interpret a text file as an executable script, thus opening the door to cross-site scripting (XSS) attacks; for example, a file intended to be treated as plain text could be interpreted as JavaScript, allowing an attacker to execute malicious code on the user's browser.
• By disabling MIME-Type sniffing, you protect visitors against the unauthorized execution of malicious scripts and also enhance the overall security of your website by reducing potential attack vectors.

Disable MIME-Type sniffing

To protect users and web applications from this type of vulnerability, it is possible to disable automatic resource type detection via the .htaccess file of your sites in order to instruct the browser to strictly rely on the MIME type specified by the server without attempting to guess it.

By placing the code below in your .htaccess file, you ensure that MIME-Type sniffing is disabled as long as the mod_headers module (which allows adding the header below) is enabled on your Apache server:

1. Open the .htaccess file for the relevant site from the FTP Manager or an FTP software/client.

2. Add the following code:

   <IfModule mod_headers.c>
       Header always set X-Content-Type-Options "nosniff"
   </IfModule>

3. Save the .htaccess file.

SafeMode, or secure mode, is a security measure that restricts certain server functionalities to prevent potential attacks.

It was abandoned starting with PHP 5.3.0 as it was considered ineffective in ensuring security and could cause compatibility issues with certain applications.

Infomaniak used the open_basedir constraints for its old hosting plans, which are no longer activated on current offers.

This guide details the creation of a GIT repository both on your Web Hosting and on your Cloud Server Infomaniak.

Preamble

• GIT and GITHub are available by default on the two aforementioned supports.
• For additional help, contact a partner or launch a free tender — also discover the role of the host.

Creation of the GIT repository

Setting up on the server:

• The GIT repository is located at /git_depot
• The site is located in the folder /web/[projet] (on your FTP server)

Commands to enter:

cd
mkdir git_depot
cd git_depot/
git init --bare [projet].git
cd [projet].git
git update-server-info

Sending the local repository to the server

To do on the local machine:

git init
git remote add origin ssh://user@[xxxxx].ftp.infomaniak.com:/home/clients/[123465789]/git_depot/[projet].git
git status
git add .
git commit -a -m "init"
git push --set-upstream origin master
git push

Cloning the site to the server directory

To do on the server:

cd
cd web
rm -r [projet]/
git clone /home/clients/[123465789]/git_depot/[projet].git [projet]/

The CGID module for Apache has been disabled on Infomaniak's shared web hosting offers.

If necessary, you should consider switching to a **Cloud Server** if you are currently on shared web hosting. This can be done seamlessly: refer to **this other guide** for more information.

This guide explains how to replace, within an Infomaniak Web hosting, the address of a site currently a subdomain (https://dev.domain.xyz for example) with the main domain (https://domain.xyz).

Preamble

• The operations in brief:
  1. We start with a site created and accessible via the URL of the main domain dev.domain.xyz.
  2. We add an alias domain.xyz.
  3. We swap the two types (the main domain becomes an alias and the alias becomes the main domain).
  4. We remove the old name dev.domain.xyz.
• Note that the site remains in the original folder on the server; the name of this location may be in the form /sites/dev.domain.xyz but this has absolutely no impact on the live site.
• Also, familiarize yourself with the last chapter of this other guide.

The operations in detail

To switch from a site with a subdomain address "dev.domain.xyz" to a direct address "domain.xyz":

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question.
3. Click on the chevron ‍ to expand the Domains section of this site:
4. Click on the button Add a domain:
   
5. Add the desired new name, check the corresponding boxes.
6. Click on the button to Confirm:
   
7. Once the addition is complete, click on the action menu ⋮ located to the right of the relevant item.
8. Choose to set the item as the primary domain:
   
9. Confirm the operation to proceed with the domain swap.

This guide concerns the compatibility between Infomaniak hosting and the C# language / .NET framework along with the Mono implementation.

Technologies for software development

To use the C# language and the .NET framework, with the Mono implementation, to develop software applications that can be deployed and run on different platforms, outside the Windows ecosystem, consider offers such as:

• VPS Cloud / VPS Lite
• Jelastic Cloud
• Public Cloud

This portability and flexibility offered by these multiplatform software development technologies implies that a shared web hosting will not be compatible.

This guide concerns the MySQL Query Cache which, when activated, stores the results of already executed queries in memory.

Preamble

• MySQL Query Cache speeds up subsequent identical queries by avoiding re-execution.
• This can improve the overall performance of the database server by reducing the load and decreasing the response time for frequent queries.

query_cache_type ON or OFF?

On shared Web Hosting (therefore excluding Cloud Server) MySQL Query Cache is neither enabled nor can be enabled.

On Serveur Cloud, enable MySQL Query Cache via Fast Installer.

This guide covers data protection regulations in Switzerland and Europe and the measures taken by Infomaniak to secure your customer data and data within Web Hosting and Mail Services.

Understanding the difference between data security and data confidentiality

Data security aims to prevent any unauthorized access to your information. It relies on measures such as encryption, firewalls, or VPNs. A security breach can have disastrous consequences: imagine if a hacker steals your entire customer database and demands a ransom to recover it. This type of attack – ransomware – can paralyze a company overnight.

Data confidentiality concerns who can access your information and how it is used. Even if your data is secure against hacking, it can be collected, analyzed, and resold… legally.

Example: you carefully store your customers' information, but unbeknownst to you, a service you use shares – anonymously – this data with third parties. Result? Your competitors can obtain valuable analyses of your market and target your own customers without ever needing to hack.

LPD & GDPR

In Switzerland, the LPD (Federal Data Protection Act) and nLPD (for the "new Law" in effect since September 2023) protect the confidentiality of residents by regulating the collection and processing of personal data by organizations.

On the other hand, the GDPR (General Data Protection Regulation) of the EU, in effect since May 2018, influences global companies processing the data of European residents, including in Switzerland. While the LPD applies to the data of Swiss residents, the GDPR concerns that of EU residents. Swiss companies managing European data must comply with the GDPR requirements, including the designation of a Data Protection Officer and the conduct of Impact Assessments in case of risky processing.

Your role as an Infomaniak Client

Regarding the hosted data that belongs to you and if this concerns the personal data of your visitors, contacts, and customers, it is your responsibility to ensure compliance.

When processing this personal data, it is important to inform users about how and why the data is being processed. This is usually done through a privacy policy/statement, a DPA.

Agreement between data controller and processor

A DPA (Data Processing Agreement), known in German as AVV (Auftragsverarbeitungsvertrag), in Italian as ATD (Accordo di Trattamento dei Dati), and in Spanish as CTA (Contrato de Tratamiento de Datos), translates to Data Processing Agreement or Personal Data Processing Contract.

This is a mandatory contract provided by the GDPR between a data controller and a processor. It defines the purpose, duration, and nature of the processing, as well as the obligations and security measures. Its objective is to protect the personal data entrusted to a service provider.

This GDPR certificate (in PDF format) can be generated and downloaded from the Manager (accessible to organization users who are owners or administrators):

1. Click here to access DPA management on the Infomaniak Manager (need help?).
2. Click on the Generate button to download the custom PDF document:
   

Here are some tips on this subject:

It is crucial to differentiate between the security of the infrastructures where your data is hosted and the management and implementation of your data on your side. As a host, Infomaniak acts as a subcontractor for your GDPR obligations. In this context, its privacy policies and cookie usage, as well as its terms and conditions, provide the necessary guarantees regarding its compliance as a subcontractor.

Infomaniak's Role

Like companies that work with user data, Infomaniak must comply with the LPD and because among these users there are European citizens, the GDPR as well:

• the data privacy policy details the data that Infomaniak retains to provide and execute its services
• the policy related to the protection of your personal data describes Infomaniak's commitments as a subcontractor that hosts all of your data, including personal data

This guide is about "browscap.ini", a configuration file used by the PHP library "browscap" that contains information about web browsers and their characteristics, such as their name, version, compatible operating systems, browsing capabilities, etc.

File information

The file "browscap.ini" reflects the latest information on web browsers. It can be used with PHP scripts that require the "browscap" library.

phpinfo indicates where the browscap.ini file is located, namely:

/opt/php/lib/php/browscap.ini

You can retrieve the content of the file yourself via a PHP script, for example:

<?php
header("Content-type: text/plain");
print file_get_contents("/opt/php/lib/php/browscap.ini");
?>

Note that the "browscap" library is no longer widely used and that many developers prefer other solutions for browser detection, such as the native PHP function "get_browser()".

This guide explains how to enable PHP-FPM status to, for example, debug a slow site at the PHP level.

Preamble

• PHP-FPM status allows you to monitor in real-time the scripts that are executed as well as their execution time.
• This operation is only possible on Serveur Cloud.

Enable PHP-FPM status

To activate PHP-FPM on a site, contact Infomaniak support from an email address listed on your user account to authenticate your request.

In your request, please specify the source IP address that should be authorized.

Once PHP-FPM status is activated, the following URL links will display the necessary information:

• https://domain.xyz/fpm-status?json&full
• https://domain.xyz/fpm-status?html&full
• https://domain.xyz/fpm-status?xml&full

Warning: if your site contains rewrite rules including the path /fpm-status, you will likely need to make an exception for it.

This guide concerns the redirection of web traffic to a specific port, including when using a dedicated IP and a specific web application (such as Node or Varnish for example).

Prerequisites

• Add a site to your hosting.
• Install HAProxy on the Cloud Server.

Redirect web traffic to a specific port

By default, on Serveur Cloud, web traffic is sent to Apache. To send requests to a Node script or another service (provided it "listens" on a port between 4000 and 4009), you need to go through HAProxy.

This applies notably to servers Express, Socket.IO, Meteor.js, Nuxt.js, Django, Flask, Ruby on Rails, even possibly Java (J2E), etc.

For this, you must ensure that the service is listening on a port between 4000 and 4009 (especially with server.listen(4000) for Express or a basic HTTP Node server, but depending on the type of project by other means, a configuration file, in the code or otherwise) and on all interfaces (0.0.0.0).

It will also be necessary to configure HAProxy as in the example below:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Fast installer in the left sidebar.
4. Click on the action menu ⋮ located to the right of HAProxy.
5. Click on Configure:
   
6. Choose the desired information and save:
   
    

Retrieving the source IP of a request

When you redirect web traffic to your web application, the way requests are processed changes, and the request is first received by a reverse proxy (local to the server) which then forwards the request to the chosen port. Thus, due to the request forwarding, the methods usually used to retrieve the visitor's IP will return the IP of the reverse proxy instead of the visitor's.

In these cases, to retrieve the real source IP of the visitor, you need to consult an HTTP header named X-Forwarded-For, which will contain the source IPs accumulated during each redirection. This header will therefore contain last the original IP address of the client, allowing the real visitor to be identified.

Warning: It is important to note that HTTP headers can be manipulated, which presents security risks. To minimize these risks, it is recommended to verify that the request comes from a reliable server before trusting the content of the X-Forwarded-For header. This verification may involve ensuring that the request was transmitted by a trusted intermediary server, identified by a pre-established list of IP addresses. In the case where the site uses a dedicated IP, the trusted servers are:

• 83.166.133.15
• 83.166.133.17
• 83.166.133.16
• 84.16.92.5
• 84.16.92.43
• 10.2.32.255
• 10.2.34.164

The PHP extension JavaScript_Object_Notation is available. It is useful for processing JSON data in your PHP web applications, whether to exchange data with web services, store configurations, or communicate with front-end applications written in JavaScript.

This guide explains how to modify an existing Web Hosting plan to, for example, host additional websites if the maximum site quota is reached, or to obtain a more recent hosting solution to benefit from the latest versions of PHP & MySQL.

Modify the Web hosting offer to…

… order additional websites, disk space, or IPs

To access the Web hosting configurator:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click on the action menu ⋮ located to the right of the relevant item.
3. Click on Modify the offer:
    
   
    
4. Increase the values you wish to modify.
5. Click on the Next button to proceed to the payment for the changes made to the hosting:
   

… switch to a more recent server

To get a hosting solution on a more recent server and thus benefit from the latest versions of PHP & MySQL, you can either…

• … refer to this other guide and follow the indicated procedure to the end:
  
• … refer to this other guide and follow the procedure indicated until point 4 then click the button to update:
  
  • If no information banner is displayed, it means you already have a recent hosting offer.

This guide details how to save data from your web hosts (shared or Cloud Server) using Acronis on Swiss Backup, the backup solution in an independent Swiss cloud.

Preamble

• This is a backup solution that allows you to automate the backup of your files if the backups offered by Infomaniak no longer meet your availability or security needs.
• It is also possible to back up other types of data.
• Backups are generally performed every 24 hours, depending on the Cloud Agent's workload.
• It is not possible to exclude files from the backup: all files will be backed up, which may generate warnings as some system files are protected and inaccessible to the client; this is quite normal and common to all hosts.
• Make your life easier! If needed, local partners referenced by Infomaniak can handle these procedures. Launch a free call for tenders. They handle everything, freeing you from technical details.

Creating the backup space

Prerequisites

• Have a Swiss Backup Infomaniak space with an available device quota (minimum 1) for a Acronis website backup:
  
• If necessary, increase the device quota according to your needs.
• Add the device to the Infomaniak Manager to receive the login credentials.
• Be aware of the Acronis documentation on this subject: backup / restoration
• Use a web host.
• Know the information of the FTP+SSH user account:
  
• Know the information of the MyQSL/MariaDB user account which must have maximum permissions (read/write/admin) on all databases and tables you wish to back up:
  

To configure the backup of a website with Acronis:

1. Click here to access the Acronis Console with the credentials obtained after adding the device (need help?).
2. Click the add device button to add a Website type device:
   
3. Enter the information regarding the FTP type data:
   1. specify a name/description
   2. specify the FTP host
   3. leave port 22
   4. specify the FTP+SSH username
   5. specify the FTP+SSH account password
4. Click the Next button:
   
5. Enter the information regarding the MySQL/MariaDB databases:
   1. select the radio button corresponding to SSH
   2. specify the MySQL/mariaDB host
   3. leave port 3306
   4. specify the MySQL/mariaDB username
   5. specify the password of the MySQL/mariaDB account
6. Click the Next button (or Skip if there is no data of this type to back up):
   

Backup website data

Once the backup is configured and created, you will find it under Sites in the left sidebar:
Click on the name of your backup to configure its recurrence, and start a first copy immediately if necessary.

Access and restore saved files

Refer to this other guide if you are looking for information about restoring (partial or complete) your data.

This guide explains how to rename a Web hosting present in the Infomaniak Manager within your Organization.

Preamble

• A Web hosting service is, schematically, the storage space reserved for hosting one or several of your websites.
• By default, your Infomaniak hosting takes the name of the first site you add to this hosting:
  • You own the domain name "domaine.xyz" and want a site with this domain name…
  • You purchase a web hosting that will be automatically named "domaine.xyz" even if you later add a second site "toto.com".
• The hosting can be renamed with a more generic name like "My Websites" to better reflect its actual content.
• This renaming is intended to improve the readability/understanding of the products listed in your Manager and has no impact whatsoever on the web addresses: refer to this other guide to act on the domain name.

Renaming a Web Hosting

To access the web hosting in order to change the name:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the Manage button.
4. Click on Edit name:
   
5. Enter the desired name.
6. Click on Save.

This guide concerns the ODBC functions of PHP.

Open Database Connectivity functions

These are the functions used to interact with databases via the ODBC (Open Database Connectivity) interface, a standard for accessing data sources uniformly. Here are a few examples of using the ODBC functions of PHP:

• Being able to read data from an external database and display it on your website
• Insert or modify data in an external database
• Perform complex queries on an external database

The hosting platform for your sites *perso.ch, *.users.ch, *.geneva-link.ch is evolving and this guide presents the procedure to follow to connect to your FTP space.

Change of login credentials

The current hosting platform uses a prefix for your FTP username. It is in the following format: "persoch_"

So, if your username was infomaniak, you will now need to use the following user to connect via FTP: persoch_infomaniak. 

This guide details the specific rules to follow when creating a user password with mysqli_connect() that contains the “dollar” character $ on the Infomaniak platforms.

Preamble

• If you get the error message "Access denied for user" when using mysqli_connect(), and your database user password contains a $ sign, the issue may be due to the way strings work in PHP.
• The issue may also occur with mail scripts.

Rules to follow

When the special character $ is used in a user password and is followed by any character other than a number, the variable name is not valid and the substitution does not occur correctly.

Here are some solutions to fix this:

• Enclose the password in single quotes: '$******'
• Ensure that a number directly follows the dollar: "$2*****"
• Use a backslash to "escape" the dollar sign in the password: “\$****”