[users@httpd] URL Redirection: what's wrong with this?

[Stefaan Claes <sc...@aaug.net>]

Hello,

I read an article which describes stealth redirection and why it's bad.
( cf <http://www.bauser.com/websnob/html4/stealth_redirection.html>)

I agree that this form of stealth redirection is NOT a good idea.
But what about the following form of redirection (what I would
call a *real* stealth redirection).

I will try to explain with an example:

 - someone surfs to http://www.domain1.org/faq/index.html
 - the web server knows there is a redirection
   www.domain1.org/  >>  www.domain2.be/
 - the web server replaces 'www.domain1.org/' with 'www.domain2.be/'
   and tries to fetch the webpage at www.domain2.be/faq/index.html
 - if this webpage exists, then this page is fetched by the server
   (else the server gives an error: 404 Not Found)
 - the server forwards this fetched webpage
 - the person who asked for this webpage doesn't know about the
   redirection (he doesn't have to). His webbrowser dispays the webpage
   as if it came from http://www.domain1.org/faq/index.html

BTW:
 - the domain1.org domain is registered with registrar X
 - the domain2.be domain is registered with registrar Y
   and the site is hosted hosted by Y
(i.e. web server of X and Y are not the same server)


ICBW but I think it should be possible to configure the web server to do this
sort of redirection. I have read that URL-URL rewriting is not allowed, but
I still don't know why.



My hosting provider uses another form of redirection: cloaked redirection.
This form of redirection requires the web server (apache) to keep a list
of URLs in the configfile. If the URL (http://www.domain1.org/faq/index.html
in the above example) is not in the configfile, then apache will give
an error (404 Not Found) even if the webpage exists (apache doesn't
try to fetch the webpage at http://www.domain2.be/faq/index.html).


I have already asked my hosting provider why apache has to keep a configfile
of all the URLs, but either he doesn't know or he doesn't want to answer.

I don't know much about (apache) web servers, but I wonder why this form of
redirecion (see above) isn't done.

Suggestions?


TIA

Stefaan

-- 
Stefaan Claes, Hove, Antwerpen, Belgium, Europe, <sc...@aaug.net>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

OT: Re: [users@httpd] URL Redirection: what's wrong with this?

[Shaun Fryer <sh...@lweb.net>]

> > I read an article which describes stealth redirection and why it's bad.
> > ( cf <http://www.bauser.com/websnob/html4/stealth_redirection.html>)

	Sure it's annoying for the overly (b)anal, but it's not too
difficult to cure all of this person's concerns with a combo between
javascript (manipulating the document.links array) and an index.cgi
(which reads the $ENV{QUERY_STRING} and produces the frame src
accordingly. Can't help rid the world of cheapskates, but mainly
destitute or not, there is small but valuable market niche for URL
spoofing.

===================
 Shaun Fryer
===================
 London Webmasters
 http://LWEB.NET
 PH:  519-858-9660
 FX:  519-858-9024
===================



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] URL Redirection: what's wrong with this?

[Joshua Slive <jo...@slive.ca>]

On Thu, 14 Nov 2002, Stefaan Claes wrote:
> I read an article which describes stealth redirection and why it's bad.
> ( cf <http://www.bauser.com/websnob/html4/stealth_redirection.html>)
>
> I agree that this form of stealth redirection is NOT a good idea.
> But what about the following form of redirection (what I would
> call a *real* stealth redirection).

This is usually called a "reverse proxy" and is implemented by apache
using the ProxyPass/ProxyPassReverse directives or the [P] flag to
RewriteRule (along with the ProxyPassReverse directive).

There is nothing inherently wrong with it, as long as you have rights to
the content on both servers.  It can, of course, be slower than direct
access.

> My hosting provider uses another form of redirection: cloaked redirection.
> This form of redirection requires the web server (apache) to keep a list
> of URLs in the configfile. If the URL (http://www.domain1.org/faq/index.html
> in the above example) is not in the configfile, then apache will give
> an error (404 Not Found) even if the webpage exists (apache doesn't
> try to fetch the webpage at http://www.domain2.be/faq/index.html).
>
>
> I have already asked my hosting provider why apache has to keep a configfile
> of all the URLs, but either he doesn't know or he doesn't want to answer.
>
> I don't know much about (apache) web servers, but I wonder why this form of
> redirecion (see above) isn't done.

It is done.  Without giving us more details about exactly how your ISP has
things setup, it is impossible to tell exactly what the problem is.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org