I have a Perch web site which will be moving (gradually) to a new domain, so I need to redirect some pages to the new URL.
e.g. mysite.com/page1 => mynewsite.com,
mysite.com/page2 stays the same
I have tried doing redirects using .htaccess, for example:
Redirect 302 /page1 https://mynewsite.com
This works fine if you type the URL in the browser address bar, but when I click on any link to page1 on the web site, all I get is a white screen and no redirection (I have cleared the browser cache). But then if I refresh the page, it redirects. What am I missing, is there a specific way to redirect Perch pages using .htaccess?
I can't see any way to add a link manually in the admin section (sorry I am not very familiar with Perch) - all I can see is 'Page to link to', with no option to enter an external link. How can you set the link to an external URL?
Thanks.
Is it possible to hide an entire website behind a log-in screen? Making the visitor login to see the content. I know there are plugins like this on Wordpress but I am unable to find something for Kentico.
Thanks,
Brian
Yes. At the root of the website (master page) select it. Then go to Properties>Security and in the Access section of that page, select yes for the "Requires authentication" attribute and save the page. This will force the user to the login page you have defined in your web.config OR in your Settings to authenticate first. This will be inherited by default through the rest of the child pages.
I have some website, on it i want to put link to other external site:
http://zzz.com
When user hovers it - he will see zzz.com but when he actually clicks the url - htaccess will redirect him to other website
http://yyy.com
I want to do this with all redirects on the spoken page.
I know its possible to do that in .htaccess but i cant find a way.
On my website users can post stuff anonymously.
When they have posted something they will be redirected to their post, let's say:
http://example.com/post/2/title-of-the-anonymous-post
The user who submitted the post and the admins are the only ones with access to that post (until it is made public). Once it is made public the post would still be anonymous (i.e. people cannot see who submitted the post).
However, on that page there are also some external links. If the user decides to click an external link the target website has the ability to log the http referer (which would contain the link to the hidden page). This means it would be possible to find out who posted it once it is made public.
Is there a way to change the HTTP referer (/ referrer) when a users clicks on a link to another website?
By for example first redirecting the user to another url and let that page redirect to the external website:
user clicks on: http://example.com/referer-hider?url={urlencoded(url)}
and let the referer-hider redirect the user to the external page so that the referer will contain: http://example.com/referer-hider?url={urlencoded(url)}
Will this work? Or is there another solution for this (which doesn't require client side modifications)?
Since the referrer is provided by the browser to a web server, I only see two ways to insure that external sites don't get a view of this "hidden" URL.
First way would be (as you said) to remove the external links from your hidden page by running them through a redirector which uses header("location: ...");). Yes, that will work. You might just want to use this in general, so that you can track the exits from your site.
Second way would be to stop hiding this URL. It won't stay hidden forever, after all. A Google/Alexa/whatever toolbar hits it, and bam, it's indexed. So instead, build this hidden functionality into something session based. Make a script that changes its output depending on session variables, and only allow the hidden content to show up if people have logged in or previewed their post or whatever.
The third (and probably best) way would be to implement proper access control, so that anonymous users CANNOT visit the page with the restricted content. If you want an anonymous original poster to be able to visit THEIR OWN post, you can send them a cookie, then validate the cookie upon the visit to the unapproved post.
For example, upon submission for approval:
setcookie('postkey', mysql_insert_id());
Then:
$pieces=explode($_SERVER['PHP_SELF']);
$postid=$pieces[2]; // or whatever
if (!isset($_COOKIE['postkey'])) {
header("Location: http://example.org/");
} else if ($_COOKIE['postkey'] != $postid) {
header("Location: http://example.org/");
}
etc. You probably want better protection than this, but it should give you some ideas.
The HTTP referer is not transmitted by the browser when a link is going from HTTPS->HTTP. So a simple solution is to have an https redirect page: https://yoursite/redirect?url=... . However this page is also vulnerable to OWASP a10 - Unvalidated Redirects and Forwards, but that might not matter to you. Another solution that doesn't expose you to OWASP a10 is to use a free redirect service.
The Meta referrer proposal from Adam Barth would help with your case; in short you could tell browsers via a <meta> tag that the Referer header should be stripped on all outgoing links.
This isn't a complete answer since it's only implemented in Webkit thus far, but it's something to keep an eye on.
Is it possible to set a default site for a group of users in Sharepoint and have the main default page redirect them to the sub site?
I don't know an out of the box feature which could do this, but you could write a small WebPart which does the redirect depending on the user who visits the site. Shouldn't be to difficult.
The configuration could either be stored in the web part itself or within a list. To speedup the whole redirect process you should cache the redirect information when it was read from the configuration.
That's the way I would do this.
Don't forget to think about a way which let you access and edit the page with the redirect web part without getting redirected.