Solved

domain cloaking /masking  to ssl page

Posted on 2010-08-12
4
567 Views
Last Modified: 2013-11-30
I have a shared hosting account that has 300 websites. I put a contact form on each website.
I cant afford to buy a ssl for each site so i was considering buying one ssl and when the user fills out the form it would redirect them to the application website that has the ssl.

My problem is i don't want the user knowing that they are being forwarded to another site for fear of them not filling out the form.

so my question is how can i forward the client to the application website with the ssl and them being non the wiser.  I need the form secure and safe any suggestions .
0
Comment
Question by:tomjenkins12
  • 2
4 Comments
 
LVL 11

Expert Comment

by:Paul S
Comment Utility
This is a very difficult thing giving the current state of malware on the internet. All the malware and malicious websites have made these types of behaviors associated with cyber-crime. Therefore, even if you figure out how to do it, most likely some big red flags are going to appear on the users screen.

When it comes to SSL certs in this day and age, paying the extra money to look legit is normally worth it. Unless you want your customers to go somewhere else.


.... now with all that being said. If you purchase a good SSL cert for a matching domain, then you might be able to forward to that domain inside of an iFrame so users don't know.
0
 
LVL 11

Expert Comment

by:JoeNuvo
Comment Utility
what I ever do for this case is

the master form's TARGET is my SSL page (different hostname from master form)
and once my SSL page finish process, it will redirect member to other page.
(SSL page will process only, not have any interface/user interact)

in your case, user must redirect back to their original website.
(either check the referral url, or you must pass hidden parameter with the form)

Hope this can give you some idea to work on your web.
0
 

Author Comment

by:tomjenkins12
Comment Utility
joenuvo

Ok so the user goes to website A which has no SSL  
Website B has the SSL

I want the user to fill out the form on website B (SSL ) so their data is encrypted , but I don't want the user to know they left website A (non SSL )

Cant I cloak  the redirect with php so the client thinks they are on website  A , than when the form is completed redirect them to the thank you page on website A

I just cant figure out how to cloak the url
0
 
LVL 11

Accepted Solution

by:
JoeNuvo earned 500 total points
Comment Utility
Instead of having form on Web B which required you to do some clocking
You may have the form filling page on website A and submit to website B using target as "https" URL

WEB A
http://web_a/sub/comment.php :  form filling page, form target is on Web B
for ex. https://web_b/sub/formprocess.php
|
| submit content will went under SSL to web B for process
|
v
WEB B
https://web_b/sub/formprocess.php : perform any task, like save it to DB etc.   and then redirect to Web A thank you page
web b will know data come from web a, either by check URL Referal OR read some hidden form input
|
| page redirection
|
v
WEB A

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Windows 7 Share with XP 22 57
listing all functions in JavaScript 19 98
Cisco iWAN 8 45
site to site tunnel not autostarting 5 32
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article discusses four methods for overlaying images in a container on a web page
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now