Highest Voted 'url' Questions - IT Security Stack Exchange

21

votes

3 answers

Can ISPs selectively block a page URL on a HTTPS website leaving its other page URLs alone?

I want certain web pages blocked (within my country) by my Govt on a website that uses HTTPS on all pages. My Govt agrees that the specific URLs need to be blocked but expresses helplessness as their ISPs claim they can't selectively block HTTPS…

tls url

asked Jan 18 '21 at 00:00

Desmond

327
2
3

20

votes

4 answers

Is URL visible by ISP before HTTP request is 301 redirected to HTTPS?

Let's say I enter http://domain.com/... as a URL. The domain.com server performs a 301 redirect of all HTTP requests to the HTTPS version, so it shows me https://domain.com/.... Can my ISP see the whole URL (not just domain name) that I entered…

tls monitoring url

asked Oct 02 '15 at 12:35

Mike Fawles

201
2
4

16

votes

3 answers

How to defend against homograph attacks?

Referring to this Wikipedia example of an homograph attack, the URL of Wikipedia had the Latin characters A and E replaced with a similar Cyrillic copy (wikipediа.org). These characters look so similar, how can they be differentiated?

url unicode

asked Mar 31 '18 at 15:43

toffee.beanns

291
2
6

14

votes

4 answers

Is it possible to sniff HTTPS URLs?

From many posts, I know that almost everything in HTTPS or SSL connections is encrypted. Still, I am wondering, if it is possible to get the URLs out of such a connection if the computer that opens the connections is on a home network and access to…

tls url

asked Dec 27 '17 at 00:22

jdoe

151
1
2
5

14

votes

1 answer

Is a plain password in the URL a potential security threat?

I'm in no way a security expert, in fact I'm just your average Joe with a question. I was on my car insurance website, I registered and as I logged in I saw my password, not encrypted, in plain sight in the address bar. Now this (to me) is already…

passwords websites url

asked Nov 15 '16 at 17:36

zakkos

143
1
6

11

votes

2 answers

How to handle media files from untrusted sources?

I've been a heavy user of ffmpeg-based players and encoders for years, and though I've heard about numerous security issues, I always assumed that staying up-to-date was safe enough. However, I just saw an article (in Russian) which explains how…

vulnerability url

asked Jan 14 '16 at 19:46

Dmitry Grigoryev

10,072
1
26
56

9

votes

1 answer

Why is there "t=[your device]" in duckduckgo query URL?

I was just searching something on my raspberrypi via duckduckgo and realized that there is q=[my query]&t=raspberrypi&[rest of the URL] in the URL bar. When i did the same query on my PC, there was ...t=h_.... Their motto is "We don't track you" so…

url duckduckgo

asked Aug 25 '16 at 01:37

ShinobiUltra

782
7
16

9

votes

1 answer

How can Google search change the location in a URL tooltip?

When hovering over a website link in Google search the tooltip says the link of the website (stackoverflow.com). But when I click it it goes to some Google page and then StackOverflow. But now if I go back to the Google search tab the tooltip has…

javascript google url-redirection url

asked Jun 08 '16 at 01:04

Suici Doga

477
3
12

8

votes

1 answer

What is the name for this type of URL attack?

Say a PHP page accepts URL path as a POST parameter (like the answer to this question): $path = $_POST['url_path']; file_get_contents('http://example.com' . $path); A maliicious user POSTs url_path as @evil.com/stuff.html. As the code takes the…

php attacks url

asked Feb 12 '15 at 08:57

SilverlightFox

33,408
6
67
178

8

votes

1 answer

SQL injection: how to find urls to attack to

The last days I've been reading about SQL injection and most of the url examples I see are like the…

sql-injection url

asked Nov 14 '17 at 11:27

tgogos

193
1
1
8

8

votes

1 answer

Why am I getting url requests for pages I never had on my site?

On my Drupal site I'm getting strange requests for url paths that I have never had and have nothing to do with my site. Could some one explain why people (or bots) are looking for the following…

url drupal

asked Oct 13 '15 at 16:59

Patrick W. McMahon

187
5

7

votes

1 answer

Is it safe to allow CSS filter: url(data:

We have a web service where logged in users can create web page content and write custom CSS for their pages. All the HTML goes through a whitelist parser and doesn't allow any executable content. All the CSS is put through a whitelist parser that…

web-browser url whitelist css

asked Jun 14 '21 at 13:12

Mikko Rantalainen

513
2
11

7

votes

3 answers

How to convince team mate about using an allowlist for a link created from a parameter?

Context In our development team, we have to build a component. This component is a full client side one written in Javascript. A client web application wishing to embed this component will call it like below:

Questions tagged [url]