Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

domain cloaking /masking  to ssl page

Posted on 2010-08-12
4
Medium Priority
?
656 Views
Last Modified: 2013-11-30
I have a shared hosting account that has 300 websites. I put a contact form on each website.
I cant afford to buy a ssl for each site so i was considering buying one ssl and when the user fills out the form it would redirect them to the application website that has the ssl.

My problem is i don't want the user knowing that they are being forwarded to another site for fear of them not filling out the form.

so my question is how can i forward the client to the application website with the ssl and them being non the wiser.  I need the form secure and safe any suggestions .
0
Comment
Question by:tomjenkins12
  • 2
4 Comments
 
LVL 11

Expert Comment

by:Paul S
ID: 33425831
This is a very difficult thing giving the current state of malware on the internet. All the malware and malicious websites have made these types of behaviors associated with cyber-crime. Therefore, even if you figure out how to do it, most likely some big red flags are going to appear on the users screen.

When it comes to SSL certs in this day and age, paying the extra money to look legit is normally worth it. Unless you want your customers to go somewhere else.


.... now with all that being said. If you purchase a good SSL cert for a matching domain, then you might be able to forward to that domain inside of an iFrame so users don't know.
0
 
LVL 11

Expert Comment

by:JoeNuvo
ID: 33426360
what I ever do for this case is

the master form's TARGET is my SSL page (different hostname from master form)
and once my SSL page finish process, it will redirect member to other page.
(SSL page will process only, not have any interface/user interact)

in your case, user must redirect back to their original website.
(either check the referral url, or you must pass hidden parameter with the form)

Hope this can give you some idea to work on your web.
0
 

Author Comment

by:tomjenkins12
ID: 33431971
joenuvo

Ok so the user goes to website A which has no SSL  
Website B has the SSL

I want the user to fill out the form on website B (SSL ) so their data is encrypted , but I don't want the user to know they left website A (non SSL )

Cant I cloak  the redirect with php so the client thinks they are on website  A , than when the form is completed redirect them to the thank you page on website A

I just cant figure out how to cloak the url
0
 
LVL 11

Accepted Solution

by:
JoeNuvo earned 2000 total points
ID: 33601978
Instead of having form on Web B which required you to do some clocking
You may have the form filling page on website A and submit to website B using target as "https" URL

WEB A
http://web_a/sub/comment.php :  form filling page, form target is on Web B
for ex. https://web_b/sub/formprocess.php
|
| submit content will went under SSL to web B for process
|
v
WEB B
https://web_b/sub/formprocess.php : perform any task, like save it to DB etc.   and then redirect to Web A thank you page
web b will know data come from web a, either by check URL Referal OR read some hidden form input
|
| page redirection
|
v
WEB A

0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question