IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [url-redirection]

URL redirection is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection, or URL forwarding, is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection can be set-up on a web server handling web requests, attached to web application's response headers and handled by a user-agent, or handled through a client-side script.

222 questions
0
votes
1 answer

How to find PHP filename and ID of the URL?

.htaccess is now a very common URL rewrite to make it SEO friendly and cover the database IDs. What are the ways to explore php file on the server given to URL via .htaccess? Example : The URL is www.domain.com/news/56. I expect to find…
Jack
  • 1
0
votes
1 answer

Security Considerations To Account for When Redirecting From Microservice to Another

I am evaluating the above service design where I want to have mechanism to pass a user through multiple microservices. In this simple example, the user goes through a sign-up process and once done, the user is redirected to another microservice…
Mojo
  • 111
  • 3
0
votes
1 answer

Referer value reflected in location response?

I found a login form on a website that redirects you regardless if the insert credentials are correct or wrong (302 redirect). I noticed that the value of the header Referer: is sent to header Location: in response. So for example, if Referer is…
Dees Peeleey
  • 1
0
votes
2 answers

What was the point of Implicit Grant Flow in OAuth 2.0?

I've read a lot about Implicit Grant Flow and when it should be used, but I can't wrap my head around a use case for where it would have made sense over the Authentication Code Grant Flow before PKCEs were a recommended option. Here is what I know…
johnnyodonnell
  • 153
  • 5
0
votes
2 answers

How does someone know i clicked a link in an email? URL spoofing? JSON?

How do hackers/scammers know that I clicked a link? Why is my personal info in the url redirect link? Is this info then being stored in a database and the hacker/scammer knows that because this specific link was clicked it must have been me? I…
BetweenBeltSizes95
  • 13
  • 1
0
votes
2 answers

Is there any security reason for re-directing to the main/mobile page after login?

Scenario: User searches for something and gets a link to a sub-page on a site, proceeds to go there, but is asked to sign-up/login - they do so, only then once they are logged in, they are redirected to the main page or the "mobile" version of the…
user2813274
  • 2,051
  • 2
  • 13
  • 18
0
votes
1 answer

Semantic URL Attack Mitigation

I want to know what is the best approach for preventing URL Jumping / URL Tampering Attacks Example updateprofile.php?uid=1 I can change to updateprofile.php?uid=2 I can update the second user's profile without logging in into his or her…
Cash-
  • 57
  • 4
  • 10
0
votes
1 answer

Client HTTPS request redirection attack

Assume a Mam in the Middle that wants to redirect a client's HTTPS (Secure HTTPS) request from a.com to b.com. The MitM can not impersonate neither a.com nor b.com. The MitM does not have to use a TLS certificate to let the client encrypts the…
user9371654
  • 469
  • 1
  • 6
  • 15
0
votes
0 answers

Apache - Adding Redirect to sub-directory V/S changing DocumentRoot

I want to understand security implications of changing DocumentRoot in Apache to an installed website versus adding a RewriteRule. The reason I ask this, I have a website that is installed under /var/www/html/website/. I initially changed the…
Parth Maniar
  • 349
  • 1
  • 10
0
votes
1 answer

Is this redirect on my website dangerous?

I have this URL that I sometimes use to redirect my users. It looks like: https://mywebsite.com/?redirectTo= However, I'm checking if the domain part of the parameter ends with: google.com mydomains.com and some other domains I consider valid. So.…
Stephen H. Anderson
  • 111
  • 3
0
votes
1 answer

Send a redirect after HTTPS certificate rejection

I would like to create a chain of HTTPS 302 redirects to a series of domains (for research purposes). I want also to make sure that I can do a redirect if one of the certificates in my chain has been rejected. That is I would like the following…
QPTR
  • 257
  • 2
  • 7
0
votes
1 answer

why does google.com redirect if URL contains /amp followed by a schemeless domain name and optional resource?

Google recently announced a 'quiz' - more of a tutorial - on identifying phishing email: https://phishingquiz.withgoogle.com It includes a sample URL: https://google.com/amp/tinyurl.com/y7u8ewlr When followed this is converted into:…
philcolbourn
  • 269
  • 2
  • 8
0
votes
1 answer

Suspicious Redirect to malicious website

While using a 3rd party platform my company is working with (e.g. platform.com) the following issue appeared. I clicked on a button in order to locally download an excel sheet (report) that was supposed to redirect me first to…
fargo01
  • 45
  • 1
  • 6
0
votes
1 answer

"Go" subdomains with empty redirect url?

I've tested a lot of websites, and I've found that many sites have a "go.example.com" subdomain that returns the following error message: 404 Not Found The redirect url is empty This message makes me think that you can somehow add a…
Jack
  • 471
  • 2
  • 6
  • 18
0
votes
1 answer

Redirection using HTTP meta tag

I've created a small project, where I scan a 1000+ sites for TLS implementation, including Does a https site exist Does the site redirect from http to https Various other info about the cert Surprisingly, when I first ran the scan, a lot of sites…
keithRozario
  • 3,571
  • 2
  • 12
  • 24
1 2 3
14 15