Solved

Change display of URL

Posted on 2012-03-14
11
287 Views
Last Modified: 2013-11-19
I have an 8 page website with no open links back to the root directory.  It will appear soley as a link on a different website>

I want to create a URL mask that will display the host-site URL in the url-address field when each of the 8 pages is open.

I need some very specific instructions for a script that will work with most or all browsers and I need to know precisely where to place the script in each page.

To be clear....I want to place a link to xxX.com on a web page named yyy.com
When the visitor clicks on the link in yyy.com and lands on xxX.com, the URL displayed in the address bar will be yyy.com, and all the pages on the 8-page website (xxX.com) will also display yyy.com as the URL...a mask!  Not a Short URL!  I don't ever want a visitor top see the url for xxX.com.

Any expert ideas?
0
Comment
Question by:doncalarco
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37724678
in your page on yyy.com use
<iframe src=//xxX.com/ />

(I'd never use such a page, for obvious security reason :)
0
 

Author Comment

by:doncalarco
ID: 37724819
>A hoffman.  thanks for the input. I do appreciate your expert advice, but if I gave you instructions to cook the perfect meal by saying "drop it in the pot and throw int in the oven, I would be useless.

your instruction is suggesting that I "use" on a page that I don't control.

Obvious reasons?  do you care to elaborate?  What obvious reasons?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37724878
>  do you care to elaborate?
if the user does not see where the content is from, there is no posibility to control if the content is trustworthy, hence a secure application (secure for the application and the user), any kind of frames should be avoided
there're many attacks around which use hidden elements or even hidden frames (click-jacking and such)

as I'm security paramoid, somehow, I avoid to "use" such pages
that's what I said, had no offence in mind ;-)
0
 

Author Comment

by:doncalarco
ID: 37725004
>ahoffman:  I sincerely appreciate your security paranoia..It helps to know your concern.
This might help:
My client is also security paranoid.  They are a very large US corporation with 1200 field personnel who log in to an "intranet site" every day to post sales reports, and other dutiful reports.

I am an incentive motivation specialist who is managing the communications portion of their "Sales Contest".  I created a site (8 simple pages) where we store photos and text about the hotel trip they will win, information about the island, videos, etc.  Nothing revealing or security exposed.  My URL for the site I created (I have dozens of URLs to chose from) is very simple and has no way for anyone to back up to get to the main directory, because there is only one directory and it only holds this little site.

Someone with Security paranoia at the Client's side is concerned that the field people will discover that the site is coming from a third party (me) , or maybe they are concerned that the field personnel will back out the url and discover naughty bits, I don't know what their worry is.

No "public" viewing of this site is happening.  No meta tags, no promoting of any sort.. just a dedicated group of "employees" who will click on a link in their Intranet...and my pages will appear.

The client wants the URL to remain as his url>

What would really help is a professional opinion from you that it is impossible to do.  Then i can stop making as fool of myself by placing ridiculous tasks here on EE!

The simplest answer is to send the pages to them and let them host them.
problem solved?  Lots of work to do that!
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 37725328
The simplest answer is to send the pages to them and let them host them.  problem solved?  Lots of work to do that!

Maybe not so much as you might think.  See:
http://www.laprbass.com/RAY_temp_doncalarco.php
<?php // RAY_temp_doncalarco.php
echo file_get_contents('http://www.landonbaseball.com/RAY_fader.php');

Open in new window

Now as it happens, I control both of those sites.  But any site that correctly uses a <base> tag in the header or uses explicit URLs can be re-served with a single line of code.  So you can add the <base> tag or use explicit URLs and your client can load your pages directly.  Easy!
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:doncalarco
ID: 37725512
Ray, we may be almost there.  Now i need for you to show me HOW TO MAKE IT HAPPEN.

I have a link on Site A, that links to site B

When a visitor clicks on the link to site B...I want the URL for site A to remain in the address window>  Or a link back to the main page in Site A.

They just dont want my url (site B) to be visible

How do I make it happen.  I have the cooperation with both sites.  Please, as step by step!
0
 
LVL 38

Expert Comment

by:BillDL
ID: 37725752
I typed this up a bit earlier, so you will excuse me if I just post it.  I do suggest that you stick with whatever direction Ray Paseur guides you in and treat this as informative only.  Ray's suggestion looks like it will supersede the statement in the first paragraph of my comment.  Perhaps it might explain why ahoffmann drew your attention to the security aspects of what you want to do.

The only realistic method, other than sending your "web" to them and leaving them responsible for uploading them to their own server, is to load the content inside an "IFRAME" on their pages.  I will explain in a moment.

Please be aware that I am not recommending any of these methods, just trying to answer your question as fully as I can.

There have always been JavaScript methods for controlling how the browser shows things to the viewer.

For example, when someone hovers the mouse over a hyperlink it will show the URL of that link down in the Status Bar at the botrtom of the page.  It is possible to use JavaScript to display something entirely different in the Status bar for the link, including a completely different URL.  This tactic has been used a lot by unscrupulous people to disguise the fact that the link is to a malicious site of file.  Modern anti-malware applications may well detect such code in the page as suspicious, and there is also the issue that if JavaScript is disabled on the client system for security reasons the method will not work as expected.

You explained the following:

"No public viewing of this site is happening.  No meta tags, no promoting of any sort.. just a dedicated group of employees who will click on a link in their Intranet and my pages will appear.  The client wants the URL to remain as his url."

It would be easy enough for an employee to Right-Click on the hyperlink and "Copy Shortcut" (in IE or equivalent action in other browser) to see the real target.  It would also show in the browser's Status Bar when the employee hovered over the link, depending on the browser.  OK, so Right-Clicking can be disabled on the page(s) with the link(s) using JavaScript, but anyone curious enough to see the real URL could easily "View Source" unless the URL was "obfuscated", again using JavaScript.

Various ways to disable Right-Clicking in a page, along with details of which browsers support the method and which ones disregard it:
http://javascript.about.com/library/blnoright.htm
http://www.javascriptsource.com/page-details/no-right-click.html
http://www.dynamicdrive.com/dynamicindex9/noright3.htm

I Right-Click a lot in browsers, such as to open links in new tabs, and such tactics really annoy me.

I frown on methods that show something else in the Status Bar other than the real URL when hovering over and clicking a link, but it can be done:

http://roshanbh.com.np/2008/08/different-status-bar-text-hyperlink-mouseover.html
http://www.mightycoach.com/articles/htmltricks/changestatusbar.html
http://www.willmaster.com/library/web-development/URL-masking.php

Although there may be legitimate reasons for obfuscating hyperlinks, such as hiding a "mailto:" email address link from malicious "crawling" software that snatches email addresses from pages on the Internet, some anti-malware applications may detect the page as malicious because the methods are the same as commonly used to deliver malicious content:

URL Obfuscation by encoding the web address or IP Address into another encoding within the page's code:

http://www.terminally-incoherent.com/blog/2006/09/03/url-obfuscation/
http://www.pc-help.org/obscure.htm
http://vrt-blog.snort.org/2009/02/detecting-silly-javascript-obfuscation.html

Of course, you could use redirection via a short url created using http://tinyurl.com or other url shorteners, but it will still show the real URL in the Address Bar of the browser when it gets to the page.

There are .ASP, Apache Server, etc methods to keep the URL in the Address Bar rooted at, for example, just the http://www.domain-name.com/# regardless of what page you are on, and there are JavaScript methods to open links in new Popup windows in which you can dictate the size of the new window and whether or not the various parts of the browser window show.  Each has its limitations in terms of whether or not the method will be supported, and I personally have never used any such methods because I find them objectionable.  As a viewer I deserve the right to see the URL of the page I am on, and nothing has the right nor legitimate need to hide my address bar.

Given that most, if not all of the above methods, would require that your client adds a bunch of code to their own web pages, I think the best solution is just to send them your "web" and let them host it on their own Intranet.

If you are really desperate to keep your own pages under your control and display them from your server, then your client could load them within an IFRAME on their pages.

Older HTML web pages used to have a full-width "banner" pane across the top, a separate "menu" pane down the left, and the page content n the lower right.  That way the banner and menu navigation remain constant while new content loads in the rest of the page.  In such a page each of the panes are loaded as separate "frames" into a main page something like these examples:
http://www.w3schools.com/tags/tag_frame.asp
Click the "Try It Yourself" buttons and look at the related links at the bottom of the page:
http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_frame_mix
http://www.w3schools.com/tags/tag_noframes.asp

That is "Frames".  These days CSS and other up to date methods are used for banners and navigation panels.

In IFRAME is an "inline frame" that is used to embed one page (or content from somewhere else) into another page:  
http://www.w3schools.com/tags/tag_iframe.asp
http://www.w3schools.com/html/html_iframe.asp

Reasons why NOT to use IFRAMES and other info including how they work:
http://www.iframehtml.com/iframe-security.html
http://www.iframehtml.com/faq.html
http://seminsights.com/web-development/iframes-are-evil-if-you-must-try-this-alternative

So, if your client created a page specifically for your content and in that used the IFRAME code to fetch one of your pages into it and fill it, the Address Bar would show the URL of your client's page, but your content would show:

http://roshanbh.com.np/2008/04/hide-url-display-same-url-website.html

That may or may not work depending on a lot of the criteria discussed in the above "iframe-related" pages I linked to above.

Anyway, as I said, stick with Ray's suggestions.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 37726138
How do I make it happen.  I have the cooperation with both sites.  Please, as step by step!

Do it exactly the way I showed in the post above.  Visit these two web pages and look at the URLs in the address bar.
http://www.laprbass.com/RAY_temp_doncalarco.php
http://www.landonbaseball.com/RAY_fader.php

The images will change because they are randomly rotated, but the same page is being served through two URLs from the underlying data on the Landon Baseball web site.  It really is that easy.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37726643
if you want make things complicated, there's no way to restrict it :)
but you say:
>  I have the cooperation with both sites.
why not simply hand over the content from site B to site A?
and Ray's suggestion will do it dynamically ...
0
 

Author Comment

by:doncalarco
ID: 37726646
> Ray, I dont want to sound too much like an idiot, but you wrote:

Do it exactly the way I showed in the post above.

In the post above you gave an example:

<?php // RAY_temp_doncalarco.php
echo file_get_contents('http://www.landonbaseball.com/RAY_fader.php');

Where does this code get placed?  Which site, mine or theirs?
What do I substitute?

Do I place it on all my pages?
Does it matter where it gets placed in the html?

any help?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37726799
> Where does this code get placed?  Which site, mine or theirs?
on the site which should be displayed as URL in the browser bar
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Read about why website design really matters in today's demanding market.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now