How do I get the url to stay the same when using a redirect script?
I want to create a re-direct script that when used _keeps_ my url in the address bar even after it gets to the destination (like those domain name redirects you can get).
So, mysite.com/redirect.php?=bbc.co.uk is the url that stays in the address bar when used.
What's the best way to go about this? Thanks in advance!
It can not be done, scripts can not control what the URL bar says. What you can do is use frames to give the appearance of a redirection.
Thanks, I thought hat might be the case but thought I'd better ask :)
Prior to framing content that belongs to someone else, you might want to read up on the laws pertaining to that. Framing of content is illegal and has been upheld by the 9th Circuit Court. See Kelly v Arriba Soft (00-55521) [google it]
If you haven't sought the permissions of the domain owner to frame his/her content within your site you may very well be in legal violation of copyright laws as well.
Also, there's more here too:
From FACE (Friends of Active Copyright Education)
What about framing content from another website on my own site; that's permitted -- isn't it?
I see what you mean about their ads not showing so maybe not a great idea after all.
I have another better idea that would be more suitable.
Yep, it's always better to err on the side of safety whenever possible.
What is it exactly, that you're trying to do, and why? What I mean is, are you trying to avoid linking to bad neighborhoods or is it that you're just wishing to keep an open active area for the visitor to "stay on your site" Vs leaving and going to another site?
If you're wishing to keep an open active area for the visitor to not completely leave your site, you can always open external links in a new window.
If you're looking to avoid linking to bad neighborhoods you can always add nofollow to the external link or use a redirect.
However, if using a redirect you'd need to make sure that your script sends a 301 header and not a 302 header. If it sends a 302 then there's every possibility your "script" may pull off a 302 hijacking.
The easiest way to avoid that is, create a small db and add 2 fields to the table. One field for ID (make it primary, auto_increment, unique) and then add one for urls (varchar 255).
Create a small php script that will pull the IDs & urls from your table based on the script parameter (e.g., redirect.php?site=bbc.co.uk -- the "site" parameter would give the url to be pulled from the table).
Once the url is pulled from the table, add a php redirect (301) to the code in the redirect script and it'll automatically forward the visitor to that url.
The reason you want to have control of it with a db is the fact that spammers would abuse your redirect script and make it appear that you're linking to things you are not. How they accomplish that is by linking to your redirect script with some other site url attached, and they'd be able to do it from their own sites.
If you're considering a redirect script and aren't sure how to create one, just let me know and I'll post the codes for you here. I've written and used them 100s of times myself.
hope this helps.
I basically want to have some control over outgoing urls, because we get a tonne of them posted, and too many outgoing urls (as in links) are not great for seo. So by converting the urls posted on the forums to have my redirect script's url in them I get over the problem :) So urls posted become mysite.com/redirect.php?url=bbc.oc.uk (instead of just bbc.co.uk).
I already have nofollow, but tbh, I don't think it helps all that.
Could I not just use $HTTP_REFERER to check the request came from my site?
Is anything wrong with using: header("Location: $url"); ?
Thanks for your help!
Spammers and hackers have ways of spoofing the HTTP referrer. It's actually not really that difficult to do. Trust me, I know. I've been there, done that.
I own a rather large website (over 50,000 pages wide) and it's quite popular. It'll be 10 years old this year, and in that time I've ran up against just about everything you can imagine.
One guy put my entire site into his web-based proxy and it was indexed by Google that way (which is how I found out about it). Of course Google took care of the problem real fast -- and having access to a few high level employees there doesn't hurt me either. ;)
Then there was another guy that kept requesting nonexistent URLs on my site using an automated script to hammer my server with requests at 1 second intervals 24 hours a day. I put a stop to that one real quick too by writing some code to do host lookup on the fly and if it's a request from that guy's site my dynamic codes return the request right back to him. So, in essence, he ends up hammering his own site with his own script for nonexistent URLs in 1 second intervals 24 hours a day. He quit after 2 days. I have left the codes there just in case he changes his mind. ;)
Then, another guy wrote this automated rank checking software and listed my site in it so his users could check their ranks in my SERPs. I then changed the fields on my search script to output a different query string based on known data at different intervals. It would cause his program to break, and by the time he had it fixed again my output query strings had of course changed again. He couldn't keep up, so he finally gave up and removed my site from his program. I still have the codes in place in case he changes his mind. ;)
OK, now enough of my history ;P Let's move on to your situation. There's a much easier, better, and safer way to do what you want to do. I'll post step-by-step instructions with codes in about an hour. It's just now 9:30 AM here and I'm just getting started working and have a few tasks to complete first.
After I post the codes and instructions, if there's anything you have any questions about, please feel free to ask and I'll help you as much as possible.
One last thing, are you using PHP5 or PHP4?
Sounds like you've had quite an adventure :lol: what sites do you run? (If you don't mind sharing)
My server was getting ddos'd a while back but I just let the server techs take care of it lol, which I must add they did pretty fast. Perhaps you could share some of your other tips too ?
I'll look forward to the how to :) Will it add much server load? Also, on one of my sites (aimed more at beginners) I was going to have links to external sites (use stristr) to go to a redirect notice page first - to let them know they are leaving my site and that we're not responsible for external content.
One last thing, why not just add the redirect script name to the bot file so that google knows not to index it? And I didn't think Google took a redirect as a 'link' point for that site?
Using PHP 5 :)
Also, framing dosn't remove the original copyright that almost every site have in their footer, but can be confusing to the user to be framed to some third party site without knowing
@Kalle, I'm very well aware that US law is not International law. However, if the site in question (being framed) is the property of someone residing in the US -- US laws apply regardless of where in the world the owner of the site doing the framing, resides. I merely provided the information in order to allow the OP make a more informed decision.
Framing can cover up the copyright that someone has located in their footer. And, yes, I agree it is confusing to visitors when they encounter a framed site.
@Brook, yep -- I'll share the site once I'm finished with my updates. Right now I'm in the middle of a big restructure and changing formats. I have some new features being implemented too and haven't finished coding them yet. I'm legally blind, so it takes me a little while longer to do things than it does for people with good eyesight.
I'm nearly done with the few tasks I had to complete and will post the codes for you shortly.
What bulletin board software are you using?
Kalle - while I agree that US law is not international law, I do think that the side effect of stopping someone's ads from showing is not on because I wouldn't want to 'steal'/take away any money from them - we all know how time consuming it is to write content. I also don't think it would be that big of a deal (framing), as google does it in their images search - but like I said it's not something I would personally want to do if it is detrimental to the site in terms of ad revenue.
WebSavvy - sure no probs, was just interested in seeing your site :) I had no idea you were blind sorry and no pressure from me on when to get it done, just as and when you're ready. I'm using vBulletin :-)
Thanks again for your help and welcome to TalkPHP!
Thanks for the welcome, Brook.
OK, as you're using this for urls posted inside someone's post on your forum, you'll need to use whatever db field your forum software uses for that, and change that in the script to reflect that.
This redirect assumes you are using a db table with the following fields (change to suit your needs and purposes)
ID (primary, auto_increment, unique)
url (varchar 255)
Create a file on your server that will be used in the case that someone tries to pass a url through your redirect script that is not permitted by you. Call this file denied.php
Inside denied.php put any text in there you wish to inform the user that they do not have authorization to use your redirect script for the domain they tried to attach to redir.php
1. Create the file and call it db_inc.php.
2. Copy and paste the following text (located below) into the db_inc.php file.
3. Replace db_user with your db username.
4. Replace db_pass with your db password.
5. Replace db_name with the name of your database.
6. Place db_inc.php inside whatever folder you use on your server to store include files.
2. Inside redir.php copy and paste the code below into the file.
3. Replace /path/to/db_inc.php -- with your root path to the file.
4. Replace db_table with the name of your db table.
5. Replace domain_name.com with the name of your domain.
LOL @ OK. I see what you mean now. Yes, I should have clarified that a bit more I suppose.
Interesting to note though, is that even if one is a resident of a country to which the law does not apply, the location of the webhost is then considered to establish "location."
Which means, if I lived in Bombay and had my site hosted on a server located inside the US, and framed someone's site (no matter where they resided) I could be brought to justice under the existing US laws which were upheld by the 9th Circuit Court.
That's why my own rule of thumb is, err on the side of caution whenever possible. :)
Just a quick question about the alternative route, how do spammers intend to hijack the php version of the script (not your db version) i.e using header("Location: $url"); and $HTTP_REFERER ? What about if you add the redirect script name to disallow in robots.txt too?
Are the spammers doing it to get an 'inbound link'? If so it wouldn't work as when a search engines visits the redirect script it would return nothing as they won't be coming from the site either ($HTTP_REFERER).
I'm just wondering how they go about it and whether I can get away with not using the version which makes a db hit for every link.
Sorry if this is a nube question!
You're welcome. :)
$HTTP_REFERER won't always count your own page as the referrer within the domain. That's why it's not foolproof.
Spammers & script hijackers have ways of faking the referrer by spoofing the headers. That's the same problem I had with the guy that had the automated rank checking software.
I used HTTP REFERER in my script and it wasn't supposed to allow any query strings to pass unless they originated from within my site. So, he added header spoofing to his program and bypassed my internal script security.
Using a redirect that doesn't send a 301 header is not a good idea. There's a well-known issue with 302 hijackings.
If you're not familiar with it, please allow me to explain it. Blackhats (I'm sure you know what they are) look for ways to "steal PR" from other sites. They do this by putting a redirect page up on their site. The redirect sends a 302 header. They point this at the root (index) of a site with high PR.
A 302 header will tell the SEs "index MY page over THERE for a while", and then they later remove the redirect, and the PR that belonged to the domain they pointed it at, now also is shared by their own page.
Seriously, they really do do this. I own a web directory and there was one domain in my index that belonged to a Blackhat (which I didn't know at the time). But, anyway -- this guy 302'd his site to Google.com!
I'm not kidding. He thought he was going to end up with a PR10 on his site after the redirect was removed. Of course, I told my friend that works in Google spam team about this, and they took care of it in short order.
Another guy owned this one site that he wasn't doing anything with for a while, so he 302'd it to a .gov domain that had a PR8. Then after the next google PR update came through, he removed the redirect on his domain and low & behold, his site too now had a PR8 when prior to that it was a PR3 with the same lousy 5 backlinks he had before.
You can disallow the redirect script in robots.txt but it's also better if you use a script that sends a 301 header. Pulling the urls from the db just adds extra insurance your script won't be abused by outsiders.
I do the very same thing on my site as I've outlined for you. I've been doing it this way now for about 3 years and haven't had any problems with my script being abused by anyone -- and the only links coming from it, are ones I allow to be there.
I'm not sure how well I answered your question, but if you still need anything else clarified, please feel free to ask.
Thanks again Websavvy, but I still don't see why this would be a problem for my script - as it's me that's redirecting a page outbound not them redirecting to my domain.
Sorry for being a nube!
I'm sorry I didn't explain that too clearly. OK, let me do this the right way this time :)
We'll use some examples, as it's often the best way to demonstrate a scenario:
Let's assume that Blackhat #1 has domainXYZ.com and they'd like a link from your site because it has a pretty PR5 that they're just dying to capture.
So, they add a link from some crappy PR0 page on their site to point to:
The SEs will follow that link to your redirect from their site and end up right back at their site because of your redirect. Now, it looks to the SEs like your pretty PR5 page is linking to the crappy PR0 page on their lowlife site.
This can create problems for your site because once one lowlife blackhat or hacker finds out about it, they pass it around to one another like it's the candy for the day.
Following that, the SEs will look at the amounts of links your site has to all of these *cough* quality *cough* resources, and they'll think ... hmmm ... looks like s/he's into linking to bad neighborhoods.
You'll then get to find out firsthand what the bottom of a SERP feels like, and you won't be comfortable, trust me.
The Internet is full of a lot of freeloaders that want everything for nothing. They don't care that you've worked hard on your site, nor do they care what their antics would do to your reputation or your business. They do it because if their pages get high enough PR, they can sell links and/or ads to other scumbags that are just like them.
I've seen it happen time after time and the blackhats/spammers/hackers NEVER change. The only thing that changes is, their victim, on a regular basis.
I hope this helped to answer your question a little more clearly now? :)
By pulling the allowed urls for redirect from a database, it gives you 100% control over every aspect of it. That kind of control cannot be stolen from you by someone looking to make a PR score off of your hard work.
|All times are GMT. The time now is 05:01 PM.|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0