I'm trying to figure out whether a website I use was hacked.
When I access the site via www.site-name.com, I'm taken to the website.
However, when I access the site without the "www," i.e. site-name.com, I'm taken to a different website.
Why is this happening? I did a little research and my only guess is that someone changed the site's .htaccess file, but that seems unlikely, as the different website has no relation to the official site.
Can someone help me understand what's going on here?
One IP address can host multiple websites with different hostnames using Virtual Name Hosting.
The HTTP server will look at the Host header in the request to determine what site to use for a given request.
This lets you have one IP address serving example.com and example.net.
Typically, the first Virtual Name Host will be the default, so if you were to ask for example.org the server would not recognise it and give you example.com instead.
In this case, it appears that the server has a Virtual Name Host configured for www.site-name.com but not for site-name.com so requests for site-name.com get the default site for the server.
Related
I understand that if I want customers to be able to use a custom domain that points to their space at customer.mysaasapp.com, they must define a CNAME record that aliases the canonical customer.mysaasapp.com domain.
What I don't understand is how this alias persists across requests. For example, if the customer site links to its resources, how does it know whether to link to the customer.mysaasapp.com/videos domain vs the customclientdomain.com/videos resource? I don't want the true subdomain to show up in the navigation bar as soon as a link is clicked. How is this handled?
Let me try to explain it for you. As you already know CNAME are canonical names for another domain.
As you know when we hit a domain in browser address bar. Browser asks the DNS (domain name server) where to send the request. DNS matches the domain name and sends the IP address back to browser and browser hit those IP address to get the response.
But when we want multiple sites to be served from same IP address which is the case in SAAS app. We can define CNAME for each client. Which is alternative to IP mapping.
So when browser asks the DNS about the address for the provided host url. DNS sends back the actual domain name/path and tell's the browser that it's the right address to ask.
So now browser sends the request to actual domain behind the scene and sets the HOST header to the provided address which user entered. (customclientdomain.com/videos for your case).
Now the server knows which host was provided by the user and responds accordingly.
From next request onward Browser does the magic and give you a mimic that it's a totally new website.
All of the modern browser including WGET , CURL also handles this.
Here is a link with more details.
I have a complex web app at example-app.com, hosting fully on AWS using ELB and Route 53 for DNS. It's a Rails app.
I'm running an experiment that I'm using in the rails app, at example-app.com/test. I want to set up new-domain-app.com, to point at example-app.com/test, and have the URL cloacked to always be new-domain-app.com. It's a single page site, so it shouldn't require any navigation.
I'm having a lot of trouble figuring out how to set up my DNS on Route 53 to accomplish this. Does anyone have good ideas on what this Route 53 configuration should look like?
AWS offers a very simple way to implement this -- with CloudFront. Forget about the fact that it's marketed as a CDN. It's also a reverse proxy that can prepend a fixed value onto the path, and send a different hostname to the back-end server than the one typed into the browser, which sounds like what you need.
Create a CloudFront web distribution.
Configure the new domain name as an alternate domain name for the distribution.
For the origin server, put your existing hostname.
For the origin path, put /test -- or whatever string you want prefixed onto the path sent by the browser.
Configure the cache behavior as needed -- enable forwarding of the query string or cookies if needed and any headers your app wants to see, but not Host.
Point your new domain name at CloudFront... But before you do that, note that your CloudFront distribution has a dxxxexample.cloudfront.net hostname. After the distribution finishes setting up (the "In Progress" status goes away, usually in 5 to 20 minutes) your site should be accessible at the cloudfront.net hostname.
How this works: When you type http://example.com into the browser, CloudFront will add the origin path onto the path the browser sends, so GET / HTTP/1.1 becomes GET /test/ HTTP/1.1. This configuration just prefixes every request's path with the string you specified as the origin path, and sends it on to the server. The browser address bar does not change, because this is not a redirect. The host header sent by the browser is replaced with the hostname of the origin server when the request is sent to the origin.
What you are trying to do is not possible. Route53 is a DNS system, and you can not configure a hostname (e.g. new-domain-app.com) to point to URL (e.g. http://example-app.com/test) using DNS.
However, you are probably using a wrong tool for the job. If example-app.com/test is indeed a simple, static, single page site, then you do not need to host it inside Rails app. Instead, you can host it on AWS S3 bucket, and then you can point new-domain-app.com to that bucket using Route53.
See the following for details:
http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RoutingToS3Bucket.html
DNS knows about Domains, not url's. DNS simply converts names to IP addresses.
You can't do what you are asking for just using DNS and ELB, however, what you can do is have a seperate VHOST for new-domain-app.com that points to your example-app.com site and accomplishes what you want using some sort of redirection rule that only fires for new-domain-app.com.
I'm not sure that this qualifies as an SO question, and more likely is a serverfault question. Specifics about your webserver and OS platform would be helpful in getting more specific advice.
So here's some details:
You already have example-app.com setup and working
You create a CNAME entry pointing new-domain-app.com to example-app.com or you can make an A record pointing to the same IP. If you already have example-app.com pointing to a different IP address, then use a subdomain (test.example-app.com) to isolate it.
Setup a new vhost on your server that basically duplicates the existing vhost for new-domain-app.com. The only thing you need to change is the server name configuration.
Why does this work? Because HTTP 1.1 included the HOST header that browsers send along, and web servers use in vhosting to determine which virtual host to route an incoming request to. When it sees that the client browser wanted "example-app.com" it routes the request to the appropriate vhost.
Rather than having to do some fancy proxying, which certainly can be used to get to a similar result, you can just add a redirection rule that looks for requests for the host example-app.com and redirects those to example-app.com. In apache that uses mod_rewrite which people often utilize by putting rules in the ubiquitous .htacess file, but can also be done in nginx and other common web servers. The specifics are slightly different for each.
I have set up SAB, Sickbeard, CouchPotato & Plex on my home media server. All mapped to respective ports.
The ports have been forwarded correctly and I have DDNS enabled, if I browse to my DDNS address proceeded by the port number - I can access my services absolutely fine.
What I am wanting to do is use sub-domains on a domain that I already own to make the URLs a bit more friendly. However I have tried setting up simple web redirects & these don't work for some reason.
For example;
sab.domain.com = DDNS_address:9090
plex.domain.com = DDNS_address:32400/web/index.html
When trying to access I get 404 Not Found errors.
I don't host my own IIS or Apache server, the domain is hosted by an online provider.
Is this possible or worth too much hassle?
Thanks.
Hi I have a website that I will be developing in the future.
Upon looking at the current website I noticed something weird that I have never seen before and also Google'd and found nothing.
If you go to: http://www.smartrainer.com.au you get the normal site
But, if you go to: https://www.smartrainer.com.au you get redirected to another website and are also given an SSL warning beforehand (in Chrome)
The site is hosted on a UNIX / PHP server and the .htaccess file currently has nothing that would suggest that it's redirecting to this other website.
Any help or insight would be appreciated with this, because I've never heard of this or seen this before.. The client also has no idea why it would be directing to that company that we've never heard of
Thanks!
It sounds like you're using a shared hosting server.
In plain HTTP, the server can know which host the client is requesting using the Host header in the request (this is based on the URL). Apache Httpd supports this with what it calls Name-based virtual hosts.
The HTTPS configuration is separate from the HTTP configuration in Apache Httpd (and presumably a number of other servers). Having virtual hosts (typically on a shared host) for the HTTP configuration doesn't mean that the same configuration is replicated for HTTPS.
HTTPS presents another problem: choosing which certificate to send before being able to see the Host header. Indeed, the server needs to send the client a certificate with the correct name during the SSL/TLS handshake, which happens before any HTTP traffic is sent (so before the Host header can be read). To overcome this problem, some hosts will set up a certificate valid for multiple host names (typically multiple Subject Alternative Names, or sometimes wilcards), others will use Server Name Indication (which isn't supported by all clients).
To get your server to host your site for HTTPS, you'd need:
To make sure the certificate it serves is valid for your host name (otherwise, there will be a warning message).
That the virtual hosts (or equivalent) it serves are configured for your host too.
In your case it seems that (a) your server is serving a single certificate that is not valid for your host and (b) your host isn't configured for HTTPS anyway, since you're falling back to what's probably the default host.
You may solve this issue by redirecting HTTPS URL to HTTP URL from your .htaccess. This error might because of shared hosting. If you cannot solve this issue from your .htaccess than you may also contact your hosting provider on this issue.
Hi if the 2 domain names www.xyz.com and www.abc.com are correct AND xyz.com is the server where abc.com is hosted, will the address www.xyz.com/www.abc.com work? This question is to try and solve a legal problem!
Thanks,
Henry
No it will not work. Usually you would employ vHosts to run multiple domains on one machine. These can distinguish either by IP (if you have one IP per Domain) or by which domain is requested in the HTTP header (if you share one IP for both domains).
So, basically which website you get depends on your request. The address www.xyz.com/www.abc.com should provide an 404 error. Except if the admin configured it on purpose to response to that request.
Further reading: http://httpd.apache.org/docs/2.2/en/vhosts/name-based.html
This is quite a strange question.
If you have two domains which both point to one server, the address www.domain1.com www.domain2.com will be a virtual host on that server.
Each virtual host will have their own home folder if configured correctly
and www.domain1.com/something will be a folder called something within the DocumentRoot of www.domain1.com
From the moment you add a / after the domain the web server on that machine will try to look up the local document root for anything beyond that point
Even with an awfully badly configured web server this is not likely to work since it goes back to above after / is DocumentRoot folder it be looking for
so unless you have
Assuming domain1's Document Root is : /var/www/domain1/
if you have
/var/www/domain1/www.domain2.com { which has all the content of www.domain2.com then its not going to work
www.xyz.com/www.abc.com is a valid URI and points to the resource at the path /www.abc.com on host www.xyz.com. www.xyz.com/www.abc.com would return a resource as long as something exists at this path at the host.
Whether or not www.xyz.com/www.abc.com works is not dependent on whether or not xyz.com and abc.com are related. The host www.abc.com may just as well not exist, as it is not referred to.
http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax