Welcome to WebmasterWorld Guest from 54.159.50.111

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Is this a vulnerability?

Canonical Issue through :80?

     
12:31 am on Dec 8, 2008 (gmt 0)

New User

joined:Dec 5, 2008
posts:21
votes: 0


I have noticed a lott of requests on domain in logs using following

[yourdomain.com:80...]

Is this a possible way of creating a Canonical Issue?

Be glad of any advice

12:35 am on Dec 8, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Yes it is.

If any part of the URL differers by only one character, then you have a Duplicate Content issue.

It is very easy to 301 redirect such requests to the correct URL, using just two lines of code.

There's many previous posts with such an example, for "appended port numbers and/or punctuation".

12:45 am on Dec 8, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Beware also the FQDN format http://www.example.com./page.html, which could also be combined with the appended port number format, giving http://www.example.com.:80/page.html

All three formats are perfectly-valid, but (usually) non-canonical.

Jim

12:51 am on Dec 8, 2008 (gmt 0)

New User

joined:Dec 5, 2008
posts:21
votes: 0


Thanks guys, I have a redirect already on this and just checking if its a 301 not 302. JdMorgan you describe the exact format beeing hit.

Thanks again for the response :)

1:14 am on Dec 8, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Here are two forms of simple domain canonicalization using mod_rewrite in .htaccess.

The first redirects anything that is not exactly the canonical domain (or blank, for HTTP/1.0 requests):


# If requested hostname is not *exactly* "www.example.com" (or blank)
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
# externally redirect to canonical "www.example.com" hostname
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

The second is to be used if you have several domains or subdomains resolving to the same .htaccess file:

# If requested hostname is any variation of "example.com"
RewriteCond %{HTTP_HOST} example\.com [NC]
# but is not *exactly* "www.example.com"
RewriteCond %{HTTP_HOST} !^www\.example\.com$
# externally redirect to canonical "www.example.com" hostname
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
#
# If requested hostname is any variation of "ex-maple.com"
RewriteCond %{HTTP_HOST} ex-maple\.com [NC]
# but is not *exactly* "ex-maple.com"
RewriteCond %{HTTP_HOST} !^ex-maple\.com$
# externally redirect to canonical "ex-maple.com" hostname
RewriteRule (.*) http://ex-maple.com/$1 [R=301,L]

Note that the "any variation" pattern is un-anchored, and will accept any uppercase/lowercase variations, while the "exactly" pattern is fully-anchored, and requires all-lowercase, and no trailing period or port numbers.

Jim

1:21 am on Dec 8, 2008 (gmt 0)

New User

joined:Dec 5, 2008
posts:21
votes: 0


Ok I am getting a redirect onbrowser but no 301 or 302 in headers even using live headers in firefox, also I am getting a response from server showing host as "Host: www.yourdomain.com:80".

is there a way of rewriting a :80 "request" to "" in Apache?

1:25 am on Dec 8, 2008 (gmt 0)

New User

joined:Dec 5, 2008
posts:21
votes: 0


Sorry JD ignore my last comment just seen your script ;)
1:49 am on Dec 8, 2008 (gmt 0)

New User

joined:Dec 5, 2008
posts:21
votes: 0


JD your script worked beutifully now returning a solid 301 in headers.

Thankyou so much I owe you one.

Bilbo :)