homepage Welcome to WebmasterWorld Guest from 54.226.180.223
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Is this a vulnerability?
Canonical Issue through :80?
Bilbo




msg:3802192
 12:31 am on Dec 8, 2008 (gmt 0)

I have noticed a lott of requests on domain in logs using following

[yourdomain.com:80...]

Is this a possible way of creating a Canonical Issue?

Be glad of any advice

 

g1smd




msg:3802198
 12:35 am on Dec 8, 2008 (gmt 0)

Yes it is.

If any part of the URL differers by only one character, then you have a Duplicate Content issue.

It is very easy to 301 redirect such requests to the correct URL, using just two lines of code.

There's many previous posts with such an example, for "appended port numbers and/or punctuation".

jdMorgan




msg:3802202
 12:45 am on Dec 8, 2008 (gmt 0)

Beware also the FQDN format http://www.example.com./page.html, which could also be combined with the appended port number format, giving http://www.example.com.:80/page.html

All three formats are perfectly-valid, but (usually) non-canonical.

Jim

Bilbo




msg:3802208
 12:51 am on Dec 8, 2008 (gmt 0)

Thanks guys, I have a redirect already on this and just checking if its a 301 not 302. JdMorgan you describe the exact format beeing hit.

Thanks again for the response :)

jdMorgan




msg:3802235
 1:14 am on Dec 8, 2008 (gmt 0)

Here are two forms of simple domain canonicalization using mod_rewrite in .htaccess.

The first redirects anything that is not exactly the canonical domain (or blank, for HTTP/1.0 requests):

# If requested hostname is not *exactly* "www.example.com" (or blank)
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
# externally redirect to canonical "www.example.com" hostname
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

The second is to be used if you have several domains or subdomains resolving to the same .htaccess file:

# If requested hostname is any variation of "example.com"
RewriteCond %{HTTP_HOST} example\.com [NC]
# but is not *exactly* "www.example.com"
RewriteCond %{HTTP_HOST} !^www\.example\.com$
# externally redirect to canonical "www.example.com" hostname
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
#
# If requested hostname is any variation of "ex-maple.com"
RewriteCond %{HTTP_HOST} ex-maple\.com [NC]
# but is not *exactly* "ex-maple.com"
RewriteCond %{HTTP_HOST} !^ex-maple\.com$
# externally redirect to canonical "ex-maple.com" hostname
RewriteRule (.*) http://ex-maple.com/$1 [R=301,L]

Note that the "any variation" pattern is un-anchored, and will accept any uppercase/lowercase variations, while the "exactly" pattern is fully-anchored, and requires all-lowercase, and no trailing period or port numbers.

Jim

Bilbo




msg:3802244
 1:21 am on Dec 8, 2008 (gmt 0)

Ok I am getting a redirect onbrowser but no 301 or 302 in headers even using live headers in firefox, also I am getting a response from server showing host as "Host: www.yourdomain.com:80".

is there a way of rewriting a :80 "request" to "" in Apache?

Bilbo




msg:3802248
 1:25 am on Dec 8, 2008 (gmt 0)

Sorry JD ignore my last comment just seen your script ;)

Bilbo




msg:3802259
 1:49 am on Dec 8, 2008 (gmt 0)

JD your script worked beutifully now returning a solid 301 in headers.

Thankyou so much I owe you one.

Bilbo :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved