If I do a google search using "site:mydomain.com" (mydomain isn't mine obviously!) I get a lot of first and 2nd page results which contain bogus subdomains.
First of all, WTF?
Why would anyone setup links to create a Google index with a bogus subdomain for my website?
Whats the scam here? I've had a significant drop in google ranking over the last 3 months and I can't work out why.
A sample of these subdomains:
w.
w3ww.
www.lawsuitsettlementamounts.com2960.
www.lawsuitsettlementamounts.com4519.
www.lawsuitsettlementamounts.com3754.
beft.ru5258.
wa-go2ui.com10992.
wa-go2ui.com10993.
I've updated apache2's siteavailable file for the domain to disallow wild card sub domains.
So now anything other than the domain or www. is allowed. (As per what I've told google via webmaster).
These bogus links now return 403
Is this enough?
Should I do more?
After doing a bit more research I think the best response is a 404 "Page not found".
So I've updated my apache configs for sites-enable/000-default to contain the following:
EDIT - I've changed this from 404 to 400. I think 404 is not a strong enough message to the search engines that the subdomain is bogus. "syntactically incorrect" (400) is probably more accurate than "page not found" (404)
<VirtualHost *:80>
ServerName bogus
Redirect 400 /
</VirtualHost>
Related
I have been running some automated security scans and the following URL triggers a 404:
/%FF%FE%3Cscript%3Ehaikumsg%28326%29%3C%2Fscript%3E
This is run from the route on the domain on an Apache server (so this should be easy to replicate).
My htaccess is setup with ErrorDocument 404 /site/404 but this isn't being caught. I know this because if I completely empty the htaccess file I am still presented with the same standard apache 404 page.
Clearly this is a tag hack so I have to be careful how its handled, however I'd like to know how to manage it so it at least does my /site/404 instead of nothing.
It turns out the solution is to move your 404 redirect to the Vhosts not htaccess!! Very simple solution and that will fix it. Apache obviously works with the URL before even getting to the htaccess file so moving the 404 redirect is needed at a higher level.
However if you need to decode and use the URLs then the following begins to help:
https://serverfault.com/questions/261683/how-does-apache-process-a-path-with-a-percent-encoded-url-in-it
Basically the solution is to add AllowEncodedSlashes On to the Vhosts file.
As per https://httpd.apache.org/docs/2.0/mod/core.html#allowencodedslashes.
I have two SSL certificates on my server for these domains:
www.site-a.com
www.site-b.com
That means there are 8 combinations as follows:
site-a.com
www.site-a.com
https://site-a.com
https://www.site-a.com
.. and ..
site-b.com
www.site-b.com
https://site-b.com
https://www.site-b.com
So for the first two in both sites, I handle with redirects as follows in the <VirtualHost ..> container:
Redirect / https://www.site-a.com [or site-b.com, same thing]
That brings me to my problem!
https://site-a.com (which is not valid because I certified the www prefix) shows Site A indeed, albeit with a warning about the cert
https://site-b.com ALSO shows Site A (with the warning screen)!!
I have two questions about this:
Why is this happening? Apparently Apache2 thinks that it needs to serve the first site with a cert, alphabetically, when https://site-b.com is requested
How do I set a redirect so that https://site-b.com goes to https://www.site-b.com?
I can't stop the user from typing in https://site-b.com (though I can tell search engines it's not the preferred domain via canonical tags), but at minimum I'd like to not have the user see Site A's content.
Also this may or may not be related to [this link]How can I redirect from one SSL domain to the one with the correct common name? but I am not sure.
One final question that would be relevant, I would definitely like to know if the visitor got that "Insecure, continue?" message and wonder what logs that would be found in Apache, if any specific one.
We'd like to redirect all misspelled subdomains to a catch-all (primary domain), ex. dalls.domain.com needs to resolve to domain.com. Due to the very large number of subdomains we have, we can't simply create redirects for each possible spelling. Is there a way to wildcard redirect all non-registered subdomains to domain.com?
Thanks for any help or insight!
Not sure if this is exactly what you are looking for, but you can redirect all 404's quite easily with htaccess. The only downside is that all mispelled(or non-existent) directories and files will also redirect.
You can do this by adding this to your .htaccess:
ErrorDocument 404 http://domain.com
Hope this helps! I will edit this answer if I find a specific redirect for just wrong sub-domains.
I have domain.com to www.domain.com redirection set up, and all the requests to domain.com/ are redirected to www.domain.com/. The problem we face is with POST requests from third party services to domain.com, which during the redirection to www.domain.com, get converted to a GET requests and the parameters go missing.
I can work around this problem by using a reverse proxy setup to serve all the POST requests to domain.com. But is that the recommended approach?
This must be a common problem, faced by anyone who has set up domain.com to www.domain.com redirection. I would like to know about the possible solutions, and which is the recommended and most widely used approach.
Hey guys, have a question regarding apache. I have a site that's been re-engineered, but I want to capture all the 'old' links that people may have bookmarked or come from search engines to the old site which is under a new domain name. How do I get apache to redirect only 404 not found to the old site?
TIA,
J
You should first decide what status code you want to send. Sending both a 404 status code and a redirect is not possible.
But seth did already mention the right method, the ErrorDocument directive:
# local path
ErrorDocument 404 /local/path/to/error/document
# external URI
ErrorDocument 404 http://uri.example/to/error/document
If you use a local path, the 404 status code is sent. If you use an absolute URI, a 302 status code (temporary redirect) is sent.
And if you want to send a 301 redirect:
Redirect 301 / http://new.example.com/
Your old domain should capture all responses and return a '301 moved permanently' response with the new domain in the 'Location' field of the header. A 404 means 'not found' and in this case it's not strictly true.
Another option, similar to that proposed by #seth is to add the handler so it points to a static html page which you can use to explain to the user what happen, and present them with options.
You can include a meta redirect so that if they don't do anything after a few seconds they're automatically redirected.
Which option will work best is really up to you do decide.
You could set your 404 document to a CGI that redirects the user.
ErrorDocument 404 /cgi-bin/redirect-to-other.cgi