Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

A 302 redirect was discovered to be in place on the server hosing my ecommerece site. Should I have them remove it?

Posted on 2006-07-18
3
Medium Priority
?
217 Views
Last Modified: 2010-08-05
Here's the explanation from the hosting service regarding the reason for it being there.  

Based on testing and web server log files (attached), here is what I believe to be happening:
 

1) The Asymptotic Design Server Header Checker attempts to check the headers on helloemeralds.com using the "head" command.

2) The Microsoft URL Scan utility on UniteU's web servers (helloemeralds.com) detects the head command and rejects the connection, generating a 404 (file not found) error.

3) Our web servers are setup so that 404 (file not found) errors redirect to redirect.asp.

4) Redirect.asp generates a 302 redirect, and sends the bot back to default.asp

5) Rinse and repeat – thus generating the loop you’re seeing.


The reason we have Microsoft URL scan setup, is to block attempts to hack into the web server. You can find more information at the following address: http://www.microsoft.com/technet/security/tools/urlscan.mspx 

The reason for sending 404 (file not found) errors to redirect.asp is that if someone hits a bad page on your site, they get redirected back to your main page (default.asp). (Redirect.asp can also be configured to send you email alerts whenever a 404 error is generated to help you keep your site up to date.)

That leaves us with the following options:

1) You can just keep in mind the results that the Asymptotic Design Server Header Checker are producing are not what Google Bot experiences and leave everything as its currently configured.  You can use either of the other two server header checkers that I sent previously to see how the server headers are configured.

2) We can disable custom 404 error reporting for your site. This will stop the Asymptotic Design Server Header Checker from looping but shoppers who hit a bad link on your site will receive a generic 404 error page instead of being sent back to your main page. The Asymptotic Design Server Header Checker will now display a 404 error though instead of a loop.

3) You can contact whoever makes Asymptotic Design Server Header Checker and ask them to modify their tool to not send the “head” command.

 
Experts! What is your recommended course of action here?
0
Comment
Question by:2alman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1400 total points
ID: 17137197
2) configure your M$ tools to return RFC compliant codes, which is 401, 403 or best 405 in your case
if you return 404 or 30x you shoot into your leg as you just realised yourself ;-)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question