Is there a good way to hide the url from the user? - iis

There are three options I know of:
rename on the web server
html5 history.pushstate()
allegedly meta tags
I'm working on an app that relies heavily on knowing what the url is client side. I agree it's a bad design but thats another question. It is what it is.
Is there any good safe way to make the URL be just the domain name and nothing else?

I think it also depends a little bit on the technology you are using for implementation but I guess it is possible to use URL Rewriting?
Related
http://msdn.microsoft.com/en-us/library/ms972974.aspx
http://www.iis.net/downloads/microsoft/url-rewrite
MVC - Rewrite URL to display domain only [ASP.NET MVC]

Related

Prevent indexing a domain in search engines like Google and Bing

I have a domain (e.g. domain.com) which is public for all users and I have a secret sub-domain (e.g. site1.secretdomain.com) of a general domain (here secretdomain.com) just for admins of the site.
I don't want Google or other Search Engines index either the secret domain or its subdomains. Do you have any idea for that? I think robots.txt doesn't work because it makes changes for all domains.
A not so fool-proof solution is to remove, or issue a NO-Follow directive to any references to the subdomain-pages along with other necessary changes in robots.txt.
Another little more expensive, but more concrete but on a pragmatic note, would be to look into CAPTCHA or Google's ReCaptcha.
On a more theoretical note, Without much research, I guess a typical approach to the problem would be to serve a unique Cryptographic/Some form of Challenge (Computationally Expensive Problem) upon a request to and use the solution to validate a session from the user.
Even the most advanced Crawlers work with a limited Javascript execution budget; and will decide to move on to other pages once exhausted. FInd a suitable challenge, Optimize the page design to factor in for a load delay, and you have a subdomain open to all humans but not bots.

.htaccess redirection keeping my orginal URL

I would like to have the following setup using .htaccess.
domain.com/test/hello.php or domain.com/index.php or any other link must show only domain.com in the URL.
Kindly share your views on this.
As implied by Jon Lin, this is not directly possible as the server cannot guess what content should be loaded. The simple rule of HTTP is that each request has its own response.
Furthermore, it should be noted that, if it were possible (by some kind of magic - perhaps by the use of AJAX), it wouldn't be good for SEO, as Google/Bing/whatever wouldn't be able to index your site.
If you really wanted to mimic the behaviour, you could run the following HTML5 History API method in JavaScript:
window.history.pushState("", document.title, "/");
This will change the address bar to show only your domain name, and will more than likely have side-effects.

Website A 'redirect' to subdomain of website B, with content of website A

There has been a question made towards me recently to do the following:
We have a website with Drupal running in IIS.
On that site is an URL Redirect to a website hosted externally, obviously with a name completely irrelevant to the name of our company.
The question now is the following;
They want to change to URL to a subdomain of our website. Example: from "www.external-site.com" to "www.sub.internal.com" (while still showing content of the external website)
They want the current page of that website to be reflected in the URL bar. So it wouldn't say "www.sub.internal.com", but it would say "www.sub.internal.com/solutions/page1.html" (instead of "www.external-site.com/solutions/page1.html")
It's possible that I forgot another 'condition' but have mentioned before this.
So, if someone visits through our URL Redirect to External-website, it needs to show our subdomain instead of their domain in the URL, AND it needs to show the current page when people start browsing while still using our subdomain in the URL.
Now, I checked the external-website, and it seems that most of the links available are relative links (if this would be any useful information).
Currently, the external website is hosted externally, and will remain to be so for next few years. (I believe we bought the company)
I have been asking around and looking up, and the best possible thing seems to use domain forwarding, but even then it still doesn't seem to comply with the entirety that they asked of me.
I am but a 'simple' .NET programmer, held responsible to do support for anything involving the websites, and I can't say I have extended knowledge about infrastructure. (But I can ask people to do this for me)
Is there anything that could solve this?
Thanks so much!
IIS's URL rewite and Application Request Routing (ARR) combo can help you what you want to achive. Here are few links which may guide you to configure ARR. Please note that these links dont exibit exact solution to your problem however you can take clue from it and fabricate your solution accordingly.
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-rule-template
It sounds like you'll want to use a full-page iframe: do not redirect but show a page with an "inner page" instead: that inner page is the external web site. That way, users do not see the external site in their URL bar.
http://webdesign.about.com/od/iframes/a/aaiframe.htm
You need to configure the equivalent of Apache Virtual Host with Reverse Proxy on IIS.
See this answers:
https://serverfault.com/a/271030
and
https://stackoverflow.com/a/10003306/2131693

SSL with CartThrob - in-template redirect or htaccess on the basis of URL segment?

this is a broader question than I would probably ask of the CartThrob folks, which is why I'm posting it here. What would the community recommend as far as SSL is concerned with CartThrob? The store functions are limited to a couple of key template groups. So my thinking was perhaps the best way to handle it would be htaccess on the basis of the presence of those URL segments. I would like to return the user to a non-SSL connection when they are not in the store area. So a trigger might be the first segment being "basket" or "account" for example. Or what about an in-template redirect to the secure URL? Very interested to hear the community's suggestions on how best to handle SSL within a given area of an EE site. I'm interested in whatever makes the most sense to implement, while also ensuring that, for example, all assets - even those loaded with path variables - are loaded via SSL. Thanks all!
I've always used CartThrob's https_redirect tag (docs) on my checkout screens, which will rewrite your {path}, {permalink} (etc)-created URLs to use https, as well as redirect you to the https:// version of your page if necessary.
That, combined with using the protocol-agnostic style of calling scripts and stylesheets should get you most of the way in getting your secure icon in the browser.
(Example:)
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.9.1/jquery-ui.min.js"></script>

Can IIS 6 serve requests for pages with no extensions?

Is there any way in IIS to map requests to a particular URL with no extension to a given application.
For example, in trying to port something from a Java servlet, you might have a URL like this...
http://[server]/MyApp/HomePage?some=parameter
Ideally I'd like to be able to map everything under MyApp to a particular application, but failing that, any suggestions about how to achieve the same effect would be really helpful.
You can set the IIS6 to handle all requests, but the key to handle files without extensions is to tell the IIS not to look for the file.
http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx
You can also create an ISAPI filter that re-writes urls. The user enters a url with no extension, but the filter will interpret the request so that it does. Note that in IIS it's real easy to screw this up, so you might want to find a pre-written one. I haven't used any myself so I can't recommend a specific product that's any different than what you'd find via google, especially as I don't know your specific use case. But at least now you know what to search for.
You can also rewrite your urls using ASP.Net:
http://msdn.microsoft.com/en-us/library/ms972974.aspx

Resources