I have a web site with privacy-enabled domain name, and a web contact form. The web page is served via AWS CloudFront. e.g. http://www.my-site.com.
The question is how to serve the form action script. My form has a GET action to http://form.my-site.com.
The script behind the form is very simple, and could be written in any language. It makes a simple call to my own server. Just a few lines of code.
What are your ideas for hosting in a way that the IP for the form action is a floating, common IP that could be shared by totally unrelated projects. i.e., so the form IP doesn't reveal or uniquely identify the owner. It should also be super reliable.
If you have your application post the form to CloudFront wouldn't that hide the backend server IP from the client?
Also, if your server were simply using a public IP assigned by AWS, wouldn't that be fairly anonymous?
Related
I purchased a domain name (we'll call it "exampledomain.com"). There is no website tied to the domain and there are no plans to do so.
I want to redirect all URL variants of this domain to an existing website I also own: (we'll call it "destinationdomain.com")
If a user types any of the following, I want to redirect them to https://www.destinationdomain.com/
https://exampledomain.com/
https://www.exampledomain.com/
http://exampledomain.com/
http://www.exampledomain.com/
How would I set this up?
What I believe I need to do is:
Add exampledomain.com as a Subject Alternative Name (SAN) to an existing SANs supported SSL I own for an existing website.
Point IPs of exampledomain.com to the IP used by destinationdomain.com
Add code to destinationdomain.com so that when it receives requests from the above exampledomain.com variants, it performs a 301 redirect to https://www.destimationdomain.com
POSSIBLE ALTERNATIVE?
Set up domain forwarding from exampledomain.com to https://www.destinationdomain.com/
Add exampledomain to destinationdomain.com's Subject Alternative Names (SANs)?
Is this accurate, or can I achieve this without step 3?
Thank you in advance.
Point IPs of exampledomain.com to the IP used by destinationdomain.com
You need to point it somewhere. It doesn't have to be the same server as you are using for your other site. (e.g. I might do this all in AWS and use an S3 bucket to do the redirect).
Add code to destinationdomain.com so that when it receives requests from the above exampledomain.com variants, it performs a 301 redirect to https://www.destimationdomain.com
The server that you point the new domain to does need to issue a 301 redirect.
This doesn't need to be anything to do with the old domain though. Even if they are hosted on the same server, you can use Virtual Name Hosting to use separate server configurations.
Add exampledomain.com as a Subject Alternative Name (SAN) to an existing SANs supported SSL I own for an existing website.
You will need the domain in the certificate for whatever server is hosting it. If you're using the same server then setting it up as a SAN makes sense.
I'm curious whether if it's possible to set up a server to respond with html fetched from another domain rather than simply redirect the requester to that domain.
For example, I set up a simple node express server that has a GET route /google, which fetches google.com, and then responds with the response from the fetch. However, in this case, it does not respond with the google webpage as I would expect.
It is not only possible but quite common especially in larger server environments. The term you are looking for is reverse-proxy.
Proxying is typically used to distribute the load among several servers, seamlessly show content from different websites, or pass requests for processing to application servers over protocols other than HTTP.
Source: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
Most major web servers support it.
More than likely the response you're getting from google (and passing on) is some kind of redirection. Try it with a static web page of your own to rule out any redirection shenanigans.
I need to do a setup, where users would be able to access URL sub1.domain1.com that would be mapped by DSN to sub2.domain2.com, so all further communication would appear to be with sub1.domain1.com, however in reality it would just be "redirected" to sub2.domain2.com. HTTPS is required too, so simple CNAME wouldn't do it.
So far I have found out about SAN certificate. With that certificate it seems like it would be possible to accomplish this. However it has one drawback for me - with every new domain that is added to this certificate, all other domain owners must confirm this. And this is not very suitable for my case, because I expect new domains to be added on regular basis.
All domains would point to one certain subdomain (for example: sub1.domain1.com -> sub2.domain2.com,sub3.domain3.com ->sub2.domain2.com, sub4.domain4.com->sub2.domain2.com ..), so the certificate doesn't have to allow redirection between all domains mutually, but it would be enough to allow redirection from all domains to one certain domain (sub2.domain2.com)
Are there more suitable alternatives to accomplish this?
If, when user types https://sub4.domain4.com in their browser's address bar, you don't want (when the page is displayed) address in the bar to change to https://sub2.domain2.com then technically there is no HTTP redirection involved. You just have one website/webapp which is reachable via multiple hostnames (which is nothing unusual).
You need
CNAMEs to be in place
If you can't get (or it is complicated to maintain - which is expected, especially if you do not own the domains) one SSL/TLS cert with all hostnames, then you can always configure your webserver with multiple virtual hosts, each with their own certificate, and keep adding virtual hosts as needed. All virtual hosts can be configured to serve the same content (or just reverse proxy requests to the same one webapp running behind the proxy). Technical implementation depends on the platform used, but is typically not complicated.
I recently succeeded in building a page that loads data via an ajax get call to a REST interface (that runs on my server) and then uses the data to construct a map overlay for Google maps via JS.
I managed to do this but now I have concerns about the security of my data. Obviously everybody could just use curl to load the overlay data from my REST interface. However, I do not want to make my data so easily available, since they are kind of the business value of my page...
Is saw many solutions on the web that all require a login of the user.
However, this should not be required on my page.
Is there an easy solution to this problem, without the user having to use a log in or something? Basically I only want to allow my web application to query data from my REST interface, but not anyone else.
One solution that came to my head is to pass the data directly from php into JS, when the page is loaded. However this looks like a real ugly solution to me...
On a RESTful interface, I suppose you want to avoid login into a session. You have basically 2 more ways :
use IP address filtering if the web application run on a private network with known IP addresses
pass an identification token in the request headers or as a request parameter. The token has to be passed along in all the requests.
We have registered a domain at Crystone and the site is since previously hosted at appharbor. For the start I've setup the domain to redirect using frame forwarding but I've started to run into problems when using google index. Google want me to prove that the site is mine and there is several methods for proving this. Either I can place a file at the root or enter some tags in the index file but since when using frame forwarding the primary index file is encapsulated in a frame both these methods fails.
At Crystone I can't really access the frame that forwards the domain so I can't handle this page. I know that frame forwarding isn't the best to use but I really want to avoid that the visitors to the site doesn't have to see the hosted address.
Can/should I use CName records for the redirect? I cannot use an A records since I don't know the ip-adress to appharbor and my site.