IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [url-redirection]

URL redirection is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection, or URL forwarding, is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection can be set-up on a web server handling web requests, attached to web application's response headers and handled by a user-agent, or handled through a client-side script.

222 questions
282
votes
3 answers

How did "tech-supportcenter" phishers trick Google?

Related: Is the Web browser status bar always trustable? How can Google search change the location in a URL tooltip? I've always thought you can "hover" over a link to see where it really goes, until today. A coworker (working from home) searched…
browly
  • 2,100
  • 2
  • 12
  • 21
102
votes
5 answers

Can I safely preview a short link?

There are a lot of different URL shorteners out there, like Bitly or TinyURL. Besides their main purpose of shortening a link, they also: obfuscate the actual URL collect statistics about the usage of the short link From the obfuscation, at least…
stackprotector
  • 1,621
  • 3
  • 6
  • 15
77
votes
4 answers

What is the purpose of (ab)using the redirect page of my website for dubious URLs?

My website has a redirect page with the format https://my.site/redirect?deeplink=https://foo.bar&... The redirect is implemented in Javascript, so when you request the site, you get a 200 and some HTML + JS, not a 30X. I recently started to notice…
Kirill Rakhman
  • 833
  • 1
  • 6
  • 9
68
votes
7 answers

Trying to make a Django-based site use HTTPS-only, not sure if it's secure?

The EFF recommends using HTTPS everywhere on your site, and I'm sure this site would agree. When I asked a question about using Django to implement HTTPS on my login page, that was certainly the response I got :) So I'm trying to do just that. I…
John C
  • 1,207
  • 2
  • 11
  • 15
49
votes
6 answers

Site is being redirected to Viagra store; all the usual suspects turn up nothing

I have a client's site (http://changewise.biz) being redirected to a Viagra store (mywifeishappy.com). We've gone through all the usual suspects but cannot find the culprit that's causing the redirection: First thing we checked all the .htaccess…
Lew
  • 591
  • 1
  • 4
  • 6
48
votes
4 answers

Is URL rewriting in e-mail a sound security practice?

Our work e-mail server has started rewriting links in incoming mail through a redirecting gateway, for "security reasons": if I receive an e-mail containing a link to https://security.stackexchange.com, the link gets rewritten…
Federico Poloni
  • 829
  • 9
  • 15
43
votes
7 answers

Is suggesting a correct url in a 404 page bad practice?

I'm currently writing a web application, and my client asked me if it would be possible to suggest a valid URL to the user when they accidentally write a typo in the URL bar, an example of this would go like this: Bob navigates to…
Paradoxis
  • 892
  • 7
  • 15
35
votes
3 answers

How are spammers using LinkedIn "http://linkedin.com/slink?code=..." URLs?

I was sent this kind of link from presumably compromised Skype account, via a skype message (do not click unless you have a sandbox or something to protect you): https://www.linkedin.com/slink?code=e4ig_yU#56287=myskypeusername Where the…
Petri
  • 451
  • 1
  • 4
  • 6
31
votes
3 answers

Should domains which only make redirects (aka tiny urls) be encrypted (https)?

For this question I will use the following domains: example.com - an online shop exmpl.com - a domain which is used for sharing items. exmpl.com will be used for redirects (e.g. http://exmpl.com/foo will redirect to…
Ionică Bizău
  • 813
  • 2
  • 10
  • 15
27
votes
4 answers

Why do compromised web sites often take you through multiple URL redirections?

Quoted form my course instructor's lecture: The following are the stages of a typical web attack: The victim visits a legitimate web site that has been compromised. The compromised web site redirects the victim to another site that is running…
again
  • 974
  • 8
  • 23
26
votes
4 answers

Does HTTP redirect to HTTPS automatically?

When we enter an URL in a browser, it uses HTTP by default but if the server only support HTTPS, does the traffic redirect to https automatically without the user noticing? Am I right? If wrong, please correct me.
kst
  • 279
  • 1
  • 3
  • 5
26
votes
3 answers

Bypassing HTTP to HTTPS cached 301 redirect to use SSLstrip

I'm doing some pen. tests on a HTTPS (443) server that does not have HSTS implemented (no HSTS headers on response and the address is not on Chrome HSTS preload list). The problem is that in my scenario the user has visited the web site before, so…
Bruno
  • 361
  • 3
  • 5
22
votes
3 answers

URL Shortening - How to verify if it is a non-malicious URL?

Again, I must mention that I have just started to learn about security. So, please bear with my newbie questions. If I receive a shortened URL from somewhere, say in an my-email or in a social media post, how do I verify if it is a legitimate site…
FirstName LastName
  • 1,489
  • 4
  • 19
  • 28
21
votes
4 answers

Testing clean urls with sqlmap

Is it possible to test for SQL injection vulnerabilities with using sqlmap with a url that is using mod rewrite (or something like it) to make the urls clean? I know how to test my sites that have urls like: http://mysite.com/?id=1 But what about my…
chadgh
  • 319
  • 1
  • 2
  • 4
15
votes
2 answers

Is an HTTP 301 redirect to HTTPS, insecure?

For a website, I force a 301 redirect from http://login.example.com to https://login.example.com using a .htaccess file. As I read in this question this still imposes a security threat. I'm wondering how this still poses a threat. Could anyone…
Jortiexx
  • 153
  • 1
  • 4
1
2 3
14 15