Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>First, use JavaScript to sniff document.location.href and match it against your domain:</p> <pre><code>var MyHostName = "www.mydomain.com"; if (0 == document.location.href.indexOf("https://")) { MyHostName = "https://" + MyHostName + "/"; if (0 != document.location.href.indexOf(MyHostName)) { var new_location = document.location.href.replace(/https:\/\/[^\/]+\//, MyHostName); if(new_location != document.location.href) document.location.replace(new_location); } } else { MyHostName = "http://" + MyHostName + "/"; if (0 != document.location.href.indexOf(MyHostName)) { var new_location = document.location.href.replace(/http:\/\/[^\/]+\//, MyHostName); if(new_location != document.location.href) document.location.replace(new_location); } } </code></pre> <p><strong>Second</strong>: write a init script to all your ASP pages to check if the remote user IP address matches the address of the reverse proxy. If it matches, redirect to a tinyurl link which redirects back to your real domain. Use tinyurl or other redirection service to counter reverse proxy's url rewriting.</p> <p><strong>Third</strong>: write a scheduled task to do a DNS lookup on the fake domain, and update a configuration file which your init script in step 2 uses. <strong>Note:</strong> Do not do a DNS lookup in your ASP because DNS lookups can stall for 5 seconds. This opens a door for DOS against your site. Also, don't block solely based on IP address because it's easy to relocate.</p> <p><strong>Edit</strong>: If you're considered of the proxy operator stealing user passwords and usernames, you should log all users who are served to the proxy's IP address, and disable their accounts. Then send email to them explaining that they have been victims of a phishing attack via a misspelled domain name, and request them to change their passwords.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload