Solved

A 302 redirect was discovered to be in place on the server hosing my ecommerece site. Should I have them remove it?

Posted on 2006-07-18
3
210 Views
Last Modified: 2010-08-05
Here's the explanation from the hosting service regarding the reason for it being there.  

Based on testing and web server log files (attached), here is what I believe to be happening:
 

1) The Asymptotic Design Server Header Checker attempts to check the headers on helloemeralds.com using the "head" command.

2) The Microsoft URL Scan utility on UniteU's web servers (helloemeralds.com) detects the head command and rejects the connection, generating a 404 (file not found) error.

3) Our web servers are setup so that 404 (file not found) errors redirect to redirect.asp.

4) Redirect.asp generates a 302 redirect, and sends the bot back to default.asp

5) Rinse and repeat – thus generating the loop you’re seeing.


The reason we have Microsoft URL scan setup, is to block attempts to hack into the web server. You can find more information at the following address: http://www.microsoft.com/technet/security/tools/urlscan.mspx

The reason for sending 404 (file not found) errors to redirect.asp is that if someone hits a bad page on your site, they get redirected back to your main page (default.asp). (Redirect.asp can also be configured to send you email alerts whenever a 404 error is generated to help you keep your site up to date.)

That leaves us with the following options:

1) You can just keep in mind the results that the Asymptotic Design Server Header Checker are producing are not what Google Bot experiences and leave everything as its currently configured.  You can use either of the other two server header checkers that I sent previously to see how the server headers are configured.

2) We can disable custom 404 error reporting for your site. This will stop the Asymptotic Design Server Header Checker from looping but shoppers who hit a bad link on your site will receive a generic 404 error page instead of being sent back to your main page. The Asymptotic Design Server Header Checker will now display a 404 error though instead of a loop.

3) You can contact whoever makes Asymptotic Design Server Header Checker and ask them to modify their tool to not send the “head” command.

 
Experts! What is your recommended course of action here?
0
Comment
Question by:2alman
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 350 total points
ID: 17137197
2) configure your M$ tools to return RFC compliant codes, which is 401, 403 or best 405 in your case
if you return 404 or 30x you shoot into your leg as you just realised yourself ;-)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now