Solved

A 302 redirect was discovered to be in place on the server hosing my ecommerece site. Should I have them remove it?

Posted on 2006-07-18
3
214 Views
Last Modified: 2010-08-05
Here's the explanation from the hosting service regarding the reason for it being there.  

Based on testing and web server log files (attached), here is what I believe to be happening:
 

1) The Asymptotic Design Server Header Checker attempts to check the headers on helloemeralds.com using the "head" command.

2) The Microsoft URL Scan utility on UniteU's web servers (helloemeralds.com) detects the head command and rejects the connection, generating a 404 (file not found) error.

3) Our web servers are setup so that 404 (file not found) errors redirect to redirect.asp.

4) Redirect.asp generates a 302 redirect, and sends the bot back to default.asp

5) Rinse and repeat – thus generating the loop you’re seeing.


The reason we have Microsoft URL scan setup, is to block attempts to hack into the web server. You can find more information at the following address: http://www.microsoft.com/technet/security/tools/urlscan.mspx 

The reason for sending 404 (file not found) errors to redirect.asp is that if someone hits a bad page on your site, they get redirected back to your main page (default.asp). (Redirect.asp can also be configured to send you email alerts whenever a 404 error is generated to help you keep your site up to date.)

That leaves us with the following options:

1) You can just keep in mind the results that the Asymptotic Design Server Header Checker are producing are not what Google Bot experiences and leave everything as its currently configured.  You can use either of the other two server header checkers that I sent previously to see how the server headers are configured.

2) We can disable custom 404 error reporting for your site. This will stop the Asymptotic Design Server Header Checker from looping but shoppers who hit a bad link on your site will receive a generic 404 error page instead of being sent back to your main page. The Asymptotic Design Server Header Checker will now display a 404 error though instead of a loop.

3) You can contact whoever makes Asymptotic Design Server Header Checker and ask them to modify their tool to not send the “head” command.

 
Experts! What is your recommended course of action here?
0
Comment
Question by:2alman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 350 total points
ID: 17137197
2) configure your M$ tools to return RFC compliant codes, which is 401, 403 or best 405 in your case
if you return 404 or 30x you shoot into your leg as you just realised yourself ;-)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server specifications for web hosting 7 96
Internal DNS Zone Issue 13 92
Web server settings related to keepalive 1 134
Ubuntu Apache Webserver - File Permissions 5 90
In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question