CNAME url on site transfered to - url

Is it possible to have the site you transfer to from a CNAME and 'A' record keep the name from the CNAME in the url? Example: Site 123.com has a CNAME called app pointing to abc.com. When I type in app.123.com, it transfers me to abc.com and keeps app.123.com in the url on the first page that I transfer to. But once I click anything on the page to move around within the page, the url reverts back to abc.com. Is it possible to have the app.123.com stay in the url while I move around. So instead of changing to abc.com/otherPage.php, it would stay app.123.com/otherPage.php?
Thanks for any help!

There are two different mechanisms at work here, DNS and HTTP.
When you use a URL containing app.123.com, that's looked up using DNS and gives the IP address that happens to be the same as the IP address configured for abc.com
But once you're viewing that page, the HTML of that page will determine how the links work, they may be absolute URLs including abc.com or they may be relative URLs, so behaviour could vary.
A site can be made to work under multiple aliases but it would need to use the request headers to detect the address used by the client and alter content accordingly.

Related

Was this site hacked? URL redirects when "www" removed.

I'm trying to figure out whether a website I use was hacked.
When I access the site via www.site-name.com, I'm taken to the website.
However, when I access the site without the "www," i.e. site-name.com, I'm taken to a different website.
Why is this happening? I did a little research and my only guess is that someone changed the site's .htaccess file, but that seems unlikely, as the different website has no relation to the official site.
Can someone help me understand what's going on here?
One IP address can host multiple websites with different hostnames using Virtual Name Hosting.
The HTTP server will look at the Host header in the request to determine what site to use for a given request.
This lets you have one IP address serving example.com and example.net.
Typically, the first Virtual Name Host will be the default, so if you were to ask for example.org the server would not recognise it and give you example.com instead.
In this case, it appears that the server has a Virtual Name Host configured for www.site-name.com but not for site-name.com so requests for site-name.com get the default site for the server.

How do custom domains work with routing, links, and redirects in a Saas app?

I understand that if I want customers to be able to use a custom domain that points to their space at customer.mysaasapp.com, they must define a CNAME record that aliases the canonical customer.mysaasapp.com domain.
What I don't understand is how this alias persists across requests. For example, if the customer site links to its resources, how does it know whether to link to the customer.mysaasapp.com/videos domain vs the customclientdomain.com/videos resource? I don't want the true subdomain to show up in the navigation bar as soon as a link is clicked. How is this handled?
Let me try to explain it for you. As you already know CNAME are canonical names for another domain.
As you know when we hit a domain in browser address bar. Browser asks the DNS (domain name server) where to send the request. DNS matches the domain name and sends the IP address back to browser and browser hit those IP address to get the response.
But when we want multiple sites to be served from same IP address which is the case in SAAS app. We can define CNAME for each client. Which is alternative to IP mapping.
So when browser asks the DNS about the address for the provided host url. DNS sends back the actual domain name/path and tell's the browser that it's the right address to ask.
So now browser sends the request to actual domain behind the scene and sets the HOST header to the provided address which user entered. (customclientdomain.com/videos for your case).
Now the server knows which host was provided by the user and responds accordingly.
From next request onward Browser does the magic and give you a mimic that it's a totally new website.
All of the modern browser including WGET , CURL also handles this.
Here is a link with more details.

Route 53 - Special domain for a single page on existing server

I have a complex web app at example-app.com, hosting fully on AWS using ELB and Route 53 for DNS. It's a Rails app.
I'm running an experiment that I'm using in the rails app, at example-app.com/test. I want to set up new-domain-app.com, to point at example-app.com/test, and have the URL cloacked to always be new-domain-app.com. It's a single page site, so it shouldn't require any navigation.
I'm having a lot of trouble figuring out how to set up my DNS on Route 53 to accomplish this. Does anyone have good ideas on what this Route 53 configuration should look like?
AWS offers a very simple way to implement this -- with CloudFront. Forget about the fact that it's marketed as a CDN. It's also a reverse proxy that can prepend a fixed value onto the path, and send a different hostname to the back-end server than the one typed into the browser, which sounds like what you need.
Create a CloudFront web distribution.
Configure the new domain name as an alternate domain name for the distribution.
For the origin server, put your existing hostname.
For the origin path, put /test -- or whatever string you want prefixed onto the path sent by the browser.
Configure the cache behavior as needed -- enable forwarding of the query string or cookies if needed and any headers your app wants to see, but not Host.
Point your new domain name at CloudFront... But before you do that, note that your CloudFront distribution has a dxxxexample.cloudfront.net hostname. After the distribution finishes setting up (the "In Progress" status goes away, usually in 5 to 20 minutes) your site should be accessible at the cloudfront.net hostname.
How this works: When you type http://example.com into the browser, CloudFront will add the origin path onto the path the browser sends, so GET / HTTP/1.1 becomes GET /test/ HTTP/1.1. This configuration just prefixes every request's path with the string you specified as the origin path, and sends it on to the server. The browser address bar does not change, because this is not a redirect. The host header sent by the browser is replaced with the hostname of the origin server when the request is sent to the origin.
What you are trying to do is not possible. Route53 is a DNS system, and you can not configure a hostname (e.g. new-domain-app.com) to point to URL (e.g. http://example-app.com/test) using DNS.
However, you are probably using a wrong tool for the job. If example-app.com/test is indeed a simple, static, single page site, then you do not need to host it inside Rails app. Instead, you can host it on AWS S3 bucket, and then you can point new-domain-app.com to that bucket using Route53.
See the following for details:
http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RoutingToS3Bucket.html
DNS knows about Domains, not url's. DNS simply converts names to IP addresses.
You can't do what you are asking for just using DNS and ELB, however, what you can do is have a seperate VHOST for new-domain-app.com that points to your example-app.com site and accomplishes what you want using some sort of redirection rule that only fires for new-domain-app.com.
I'm not sure that this qualifies as an SO question, and more likely is a serverfault question. Specifics about your webserver and OS platform would be helpful in getting more specific advice.
So here's some details:
You already have example-app.com setup and working
You create a CNAME entry pointing new-domain-app.com to example-app.com or you can make an A record pointing to the same IP. If you already have example-app.com pointing to a different IP address, then use a subdomain (test.example-app.com) to isolate it.
Setup a new vhost on your server that basically duplicates the existing vhost for new-domain-app.com. The only thing you need to change is the server name configuration.
Why does this work? Because HTTP 1.1 included the HOST header that browsers send along, and web servers use in vhosting to determine which virtual host to route an incoming request to. When it sees that the client browser wanted "example-app.com" it routes the request to the appropriate vhost.
Rather than having to do some fancy proxying, which certainly can be used to get to a similar result, you can just add a redirection rule that looks for requests for the host example-app.com and redirects those to example-app.com. In apache that uses mod_rewrite which people often utilize by putting rules in the ubiquitous .htacess file, but can also be done in nginx and other common web servers. The specifics are slightly different for each.

How does this website detect the user's current URL from a different domain?

This is a website which is relevant to the topic that I am researching - getting an IFrame's current URL address from another domain.
Here it is: http://hidemyipaddress.org/ (to use it simply go to the bottom, enter a website address and click "go").
You can surf any website through their website - and the amazing thing is that they can keep track of your current location, and even show it to you. (Here is a picture to illustrate: http://img199.imageshack.us/img199/6343/image2eb.jpg)
The reason I am asking is because I am trying to do the same thing.
How is this possible, isn't that XSS or something? Thanks for taking your time on this.
This is web based proxy. When you enter an address into the proxy address input and hit search, you are requesting that the proxy server retrieves the website for you. The proxy server requests the page you have asked for, parses the HTML so that all URIs are "proxied URIs", adds any additional HTML such as banners and then returns the page in the http response.
If there were an iframe, the current URL of the iframe would actually be on the same domain. It's a proxy, so the server at hidemyaddress.org is actually returning the html to your client. Furthermore the address of an iframe would be irrelevant. The uri in that address box would just displays the address that you requested. It would not reflect on the src of an iframe or the current location of that frame.

Can a browser correct a "mangled url" automatically?

I faced a problem some time back on a particular website. It has given many hyperlinks on it to other sites. e.g. of one such URL is:
http://http//example.com/a9noaa.asp
It is clearly incorrect (http comes twice) URL so when one clicks on it there is a page error like "Address not found".
But when one copies the link location and pastes it in the browser’s location bar, it loads that new page correctly. So it’s the problem of incorrect URL being mentioned in the hyperlink.
Will it be possible to make browser check for basic sanity of the URL being accessed like checking that:
word http is present only once,
colon is typed correct,
no unusual character at beginning of URL,
double backlashes are correctly present, etc.
Or that the URL being typed in the address bar and automatically correct the errors in it?
Can any client side code be present to make a internet browser achieve this functionality? Is it possible?
Or are there any plugins for popular browsers (Firefox, IE) already available to achieve this?
Thank you.
-AD.
First of all, http://http//example.com/a9noaa.asp is a valid URI with http as the scheme, the second http as the host name and //example.com/a9noaa.asp as the path. So if it’s not invalid, the browser has no need to correct it.
Now let’s look at the location bar. Most user friendly browsers do some error correction if the location that has been entered is invalid. One of that correction measures is to prepend the string with http:// if that’s not present. So you just have to type example.com to request http://example.com.
Another correction measure is to complete unknown host names with http://www. and and .com before and after the entered string. So you just have to type example, hit enter and you request http://www.example.com.
But any error correction outside the location bar can especially in hyperlinks can be crucial. Take this for example: A guest enters his/her website URI in a guestbook entry but ommits the http://. Now that value is used in a hyperlink but the missing http:// is not prefixed. So the link might look like this:
Website
If you click on such a link, the relative URI of that link would be resolved to an absolute URI using the current document’s URI as the base. So the link might be expanded to http://some.example/guestbook/example.com. Who hasn’t experienced that?
But correcting that missing http:// in the browser is fatal. Because the auther might have intended to reference http://some.example/guestbook/example.com instead of http://example.com that the browser would expect.
So to round it up: Correcting the user’s location bar input suitable when there is something missing (e.g. the http://). But doing that on every link is not.
The URL you posted is not "incorrect", it is valid. Hostnames can take many forms, such as http://localhost/ or http://http/ as well as the more common http://example.com
If you don't include http:// or another protocol in a web link, then the browser assumes you are using a relative link. For example...
link
...will link to http://yoursite.com/www.example.com, because this is a perfectly valid URL - you can name a file www.example.com.
I would recommend contacting the website in question to fix their error. No browsers will correct this automatically.
It really shouldn't be up to the browser to correct mal-formed URLs. A URL is supposed to be a unique identifier of some page. The one doing the linking to the page should take care to link to the correct page. There must be no guesswork involved in opening a URL.
That said, some browsers are better than others. Of the top of my head I think IE won't understand "localhost:8888/test" (no protocol given and not standard port 80), but Firefox will at least try to access it via "http://localhost:8888/test". This kind of best-guess filling-in-the-blanks is fine I think, any further auto-correction would be doing too much.
Safari for example will try to auto-guess domain names for you. If "apple/safari" yields a DNS error, it'll automatically try to complete the address to "apple.com/safari". With your URL it might try to complete it to "http://http.com//example.com/a9noaa.asp", which might yield a page if http.com exists. There's just no one way of doing it, therefore it shouldn't be done at all.

Resources