Which of them is correct definition of URL rewriting?
Shortening of URL for end-user as elaborated here
Appending extra arguments to URL sent to server for session management
I am confused over which one was invented first, and which one should be correct definition of URL re-write?
URL rewriting is simply what its name implies: rewriting/modification of URLs.
This can be used for shortening URLs, and it can be used for appending query parameters, but it’s not restricted to these two use cases.
To make the URL more readable
Example www.abc.com?id=1 rewrite it to www.abc.com/1
Related
I need help in rewriting the URL in nginx configuration which should work as below :
/products/#details to /produce/#items
but it is not working as # is creating a problem.
Note : # in the URL denotes the page section
e.g. www.test.com/products/#details should get redirected to www.test.com/produce/#items
This is impossible using nginx because browsers don't send hashtags (#details) to servers. So you cannot rewrite in nginx or any other web servers.
In other words, hashtags is available to the browser only, so you have to deal it with Javascript. The server can not read it.
https://www.rfc-editor.org/rfc/rfc2396#section-4
When a URI reference is used to perform a retrieval action on the identified resource, the optional fragment identifier, separated from the URI by a crosshatch ("#") character, consists of additional reference information to be interpreted by the user agent after the retrieval action has been successfully completed. As such, it is not part of a URI, but is often used in conjunction with a URI.
There is no way to do this rewrite. The # and everything that precedes it will not be sent to the server, it is completely handled on the client side.
I have the need to redirect back to the current page minus any query arguments.
I just found Request.Url.AbsolutePath, which looks like it provides just the ticket to pass to Response.Redirect().
It seems to work on my dev machine okay. Does anyone know of any potential problems redirecting to the value of this property? It's hard to confirm it's "safe" in all cases.
It could be a problem if you "re-written" the URL internally. For example, the user request "/team.aspx" but internally you transfer execution or rewrite the url as "/page.aspx?id=137".
Personally, I prefer to use the Request.RawUrl (which is always local) and you can strip the query-string.
Getting rid of the host part of a request is not an issue because HTTP Redirect can be path on Absolute Paths ("/foo/bar") and the browser will preserve the protocol, port and hostname.
I would use Request.Url.OriginalString.
Absolute path gets rid of the host part of the URL.
Take a look at this: http://wdevs.blogspot.com/2009/03/url-properties-of-request-to-aspnet.html
I am trying to do this:
http://somehost.net/edit.php?url=http://www.youtube.com/watch?v=EgHY53dOZ-U
Forbidden
You don't have permission to access edit.php on this server.
Is there a way to fix this through javascript(jquery), cause I am passing argument through ajax call.
I have tried it this way but without success:
$('#videofrm').load('edit.php?url='+encodeURI($(this).siblings('a').attr('href'))
You should fix the chmoding issues on the server.
Edit
What your edit.php doing ? If it redirecting to somewhere else ? then echo the result url before redirecting.
You can follow Tomalak Geret'kal if you want/can rewrite the .htaccess. otherwise you need to pass the url without the http:// part and prepend an http:// on edit.php
If you don't have permission to access edit.php, then it doesn't matter how many different ways you try to request it: you don't have permission.
Fix the permissions on the server, likely using chmod if the server is on Linux.
Update
You have a server configuration issue. I can only replicate the problem when passing the string :// inside the querystring.
Try writing AllowEncodedSlashes On in your httpd config, as per this question/answer.
You will then need to make sure you encode your URI properly:
http://somehost.net/edit.php?url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv=EgHY53dOZ-U
(it looks like your encodeURI call should take care of that part)
AllowEncodedSlashes allows slashes to be present in the query string as long as they're encoded which, for some reason, is not the case by default. The docs say that failure produces a 404, not a 403, but I still think that this is the cause.
If you are not able to manipulate configuration options for your webserver, workarounds include:
Choosing a stand-in term for http:// like http!!! that you will programmatically revert in the PHP script;
If you always use http:// (as opposed to, say, ftp:// or some local path), just leave it off the query string entirely and prepend it to the input in your PHP script (preferred workaround).
Hope that helps.
When you have done your url rewrite for a url what happens when you use your code behind file and use request.querystring when there aren't any cos you url has been re-written. I haven't implemented url re-writing yet and want to.
Well, not sure if I understand your question...
If you use url rewriting the user sees on the browser a url like this one
www.yourdomain.com/category1/product1
While you see on the code behind something like this
www.yourdomain.com?cat=1&prod=1
The friendly url is converted to the "ulgy" format before reaching your page logic, so the querystring will be there and ready to be processed.
I heard of sites using other site to redirect users either to their own site or to hide behind another site. In my code i redirect in a few places such as post a comment (its easier to use a return url then figure out the page using data given).
How do i check if the return URL is my own url? I think i use absolute paths so i can easily check if the first character is '/' but then i will lose relative flexibility. This also disallows me from doing http://mysite.com/blah in the redirect url. I could patch the url by adding mysite + string but i'll need to figure out if string is a relative url or already a mysite.com url.
Whats the easiest way to ensure i am only redirecting to my site?
How about, if the redirectUrl contains "://" (which includes http://, https://, ftp://, etc.) then it must also start with "http://mysite.com". If it does not contain "://" then it is relative and should not be a problem. Something like this:
if (!(redirectUrl.Contains("://") ^ redirectUrl.IndexOf("http://mysite.com") == 0))
{
Response.Redirect(redirectUrl);
}
I hadn't thought of this before, but how about using an encrypted version of the URL in the query string parameter?
Alternatively, you could keep a list of the actual URLs in some persistent store (persistent for a couple of hours, maybe), and in the query string, just include the index into the persistent store of URLs. Since You'd be the only code manipulating this persistent, server-side store, the worst a malicious user could do would be to redirect to a different valid URL.
This seems to be an odd question, and it should not be a concern if you are in full control over the redirect process. If for some reason you are allowing input from the user to be actively involved in a redirect (as in the code below)
Response.Redirect(someUserInput);
Then, yes, a user could have your code send them off to who knows where. But if all you are ever doing is
Response.Redirect("/somepage.aspx")
Then those redirects will always be on your site.
Like I said, it seems to be an odd question. The more prominent concerns in terms of user input are typically SQL Injection attacks and cross-site scripting. I've not really heard about "malicious redirects."