2alman
asked on
A 302 redirect was discovered to be in place on the server hosing my ecommerece site. Should I have them remove it?
Here's the explanation from the hosting service regarding the reason for it being there.
Based on testing and web server log files (attached), here is what I believe to be happening:
1) The Asymptotic Design Server Header Checker attempts to check the headers on helloemeralds.com using the "head" command.
2) The Microsoft URL Scan utility on UniteU's web servers (helloemeralds.com) detects the head command and rejects the connection, generating a 404 (file not found) error.
3) Our web servers are setup so that 404 (file not found) errors redirect to redirect.asp.
4) Redirect.asp generates a 302 redirect, and sends the bot back to default.asp
5) Rinse and repeat – thus generating the loop you’re seeing.
The reason we have Microsoft URL scan setup, is to block attempts to hack into the web server. You can find more information at the following address: http://www.microsoft.com/technet/security/tools/urlscan.mspx
The reason for sending 404 (file not found) errors to redirect.asp is that if someone hits a bad page on your site, they get redirected back to your main page (default.asp). (Redirect.asp can also be configured to send you email alerts whenever a 404 error is generated to help you keep your site up to date.)
That leaves us with the following options:
1) You can just keep in mind the results that the Asymptotic Design Server Header Checker are producing are not what Google Bot experiences and leave everything as its currently configured. You can use either of the other two server header checkers that I sent previously to see how the server headers are configured.
2) We can disable custom 404 error reporting for your site. This will stop the Asymptotic Design Server Header Checker from looping but shoppers who hit a bad link on your site will receive a generic 404 error page instead of being sent back to your main page. The Asymptotic Design Server Header Checker will now display a 404 error though instead of a loop.
3) You can contact whoever makes Asymptotic Design Server Header Checker and ask them to modify their tool to not send the “head” command.
Experts! What is your recommended course of action here?
Based on testing and web server log files (attached), here is what I believe to be happening:
1) The Asymptotic Design Server Header Checker attempts to check the headers on helloemeralds.com using the "head" command.
2) The Microsoft URL Scan utility on UniteU's web servers (helloemeralds.com) detects the head command and rejects the connection, generating a 404 (file not found) error.
3) Our web servers are setup so that 404 (file not found) errors redirect to redirect.asp.
4) Redirect.asp generates a 302 redirect, and sends the bot back to default.asp
5) Rinse and repeat – thus generating the loop you’re seeing.
The reason we have Microsoft URL scan setup, is to block attempts to hack into the web server. You can find more information at the following address: http://www.microsoft.com/technet/security/tools/urlscan.mspx
The reason for sending 404 (file not found) errors to redirect.asp is that if someone hits a bad page on your site, they get redirected back to your main page (default.asp). (Redirect.asp can also be configured to send you email alerts whenever a 404 error is generated to help you keep your site up to date.)
That leaves us with the following options:
1) You can just keep in mind the results that the Asymptotic Design Server Header Checker are producing are not what Google Bot experiences and leave everything as its currently configured. You can use either of the other two server header checkers that I sent previously to see how the server headers are configured.
2) We can disable custom 404 error reporting for your site. This will stop the Asymptotic Design Server Header Checker from looping but shoppers who hit a bad link on your site will receive a generic 404 error page instead of being sent back to your main page. The Asymptotic Design Server Header Checker will now display a 404 error though instead of a loop.
3) You can contact whoever makes Asymptotic Design Server Header Checker and ask them to modify their tool to not send the “head” command.
Experts! What is your recommended course of action here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.