IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [url-redirection]

URL redirection is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection, or URL forwarding, is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection can be set-up on a web server handling web requests, attached to web application's response headers and handled by a user-agent, or handled through a client-side script.

222 questions
13
votes
4 answers

Are open redirects a security concern?

Are open redirects a security concern? Google writes that: "An open redirect isn't a bug or a security flaw in and of itself—for some uses they have to be left fairly open." And Google's bounty program doesn't view it as a bug: Some members of the…
user389823
  • 625
  • 6
  • 11
12
votes
2 answers

Sites being redirected to adult site in all devices

From past couple of days, we are facing this issue where sites are automatically being routed to an adult site, although we get a 404 Not Found HTTP error. First guess is obviously that my system is infected with a virus or malware. So, I did a…
nitgeek
  • 229
  • 2
  • 5
11
votes
3 answers

How to exploit open redirect vulnerability?

I have the following open redirect vulnerability: This exploit sends user from your page to evil…
nik
  • 223
  • 1
  • 2
  • 4
11
votes
4 answers

How dangerous is it to allow arbitrary webhook urls to post to?

I am building a Ruby on Rails API that posts to webhooks that the API user can create, whenever a resource that he manages is created, updated or destroyed, using the HTTParty gem. This got me thinking: I am validating that the webhook url is indeed…
Dennis Hackethal
  • 213
  • 2
  • 7
11
votes
1 answer

Is HSTS (Strict-Transport-Security header) for HTTP or HTTPS?

Is the Strict-Transport-Security header intended for HTTP or HTTPS? What I mean is, do I respond with this header on a HTTP connection which in turn tells the browser to use HTTPS only from that point on? Or, is this header only used on a HTTPS…
Sam
  • 211
  • 1
  • 3
11
votes
5 answers

How safe is redirecting to another site?

Lets say I have a website at https://example.com/test. Whenever someone accesses this site, I want to just simply redirect them to https://example.com/Test. Are there any possible vulnerabilities here? Or is this method safe since all I am doing is…
alex067
  • 335
  • 3
  • 7
10
votes
4 answers

Defending site against being abused by phishing

Say you have a web site and you are using some returnUrl URL parameter to redirect user back to page where he was after login or editing some records in user area. Is there some standard way how to check if the returnUrl is located on same server as…
bretik
  • 1,840
  • 13
  • 22
10
votes
2 answers

Redirecting/rickrolling intruders

While browsing for Node.js packages, I came across this one. It's purpose is to redirects crawlers away from a site, and by default it Rickrolls them. I find the idea amusing, but is it a good idea to do this to intruders, given that unvalidated…
Philip Rowlands
  • 1,779
  • 1
  • 13
  • 27
9
votes
1 answer

Prevent phishing attacks through abuse of Apple iOS URL scheme

I am building an Apple iOS application that will have the following flow: A user completes registration from the web. Upon completion of registration, a link is sent to his email. Once the link is clicked on an iOS device, my iOS app will be…
user3074662
  • 541
  • 2
  • 6
  • 11
9
votes
1 answer

Is google.com/webhp malicious?

Lately, I've noticed the addition of "/webhp" in the url of Google searches along with some additional variables, "sourceid", "rlz", and a few others. Together, they make a URL in the form of https://www.google.com/webhp/... In addition, this only…
user2864874
  • 223
  • 1
  • 2
  • 4
9
votes
3 answers

Clicking on a Google search result sometimes redirects to malicious site

Key Facts: On 3 separate occasions, in the past 3 months, with 3 different google search queries, I was redirected from the intended site to a malicious site. Always from a Google search using Firefox. The redirect is not repeatable: doing the…
andyjv
  • 191
  • 1
  • 1
  • 4
9
votes
1 answer

Scam link in "from"-links on my blog traffic

I have a blog on blogspot (google), which is mostly visited by my friends and occasional wanderers on the internet. In the statistics I can see "reference-url"'s which are supposedly sites that link to my blog because people come from there before…
Hekx
  • 193
  • 4
9
votes
1 answer

How can Google search change the location in a URL tooltip?

When hovering over a website link in Google search the tooltip says the link of the website (stackoverflow.com). But when I click it it goes to some Google page and then StackOverflow. But now if I go back to the Google search tab the tooltip has…
Suici Doga
  • 477
  • 3
  • 12
8
votes
3 answers

Favicon Redirection Possible Security Flaw

I have the domain example.com When I enter the URL https://api.example.com, Chrome loads the page and also tries to load https://myapp.example.com/favicon.ico, and that request receives a 301 redirect to **http://**main.example.com, and receives the…
Ricardo Umpierrez
  • 183
  • 1
  • 5
8
votes
2 answers

Web redirecting to porn site

My company missed to extend a domain name by few days, so it went to grace period. From what I know, if it went to grace period, people would still be able to access my website. However, the site was actually showing a porn site with domain name…
William Calvin
  • 327
  • 2
  • 9
1
2
3
14 15