URL redirect refers to a technique used for redirecting a domain or web page's visitors to a different URL. There are different types of redirects: URL forwarding, HTTP code 3xx redirect, domain forwarding, and domain redirect.
Web developers often use HTTP 3xx series codes to redirect from an individual web page and the code is embedded in the HTML of that particular page. There are different codes in the series to signal the reason for the redirect:
-
300 offers multiple redirect choices. For instance, alternative languages can be selected.
-
301 is when a site is permanently moved, such as with a business name change.
-
302 is for an unspecified redirect.
-
303 indicates a previous resource, such as a common gateway interface (CGI) script, has been replaced.
-
307 is applied for temporary redirects, such as when a site is being redesigned.
There are a number of different reasons for implementing a website redirect, including:
-
A merger of two companies (and their associated websites)
-
A business name change
-
Landing page split testing for marketing tests
-
To direct content to a domain name that has been recently updated
-
To direct traffic to recently updated content (for example, after a website redesign)
-
To create a shorter URL that's easier to remember that links to a long, complex URL, typically through a link-shortening service
Without a redirect in place, a visitor trying to visit a page that no longer exists would receive a "404 - Not Found" error.
Redirects are also used by cyber attackers for nefarious activities such as phishing. Redirects have been used to subvert the results of search engine queries; however, most search engines are now capable of detecting such attempts. Hackers often insert malicious code into websites that redirect users to advertising or dangerous code that could damage users' systems. Website owners and operators must protect their sites from being hacked in this way. The best way to do this is to install a reliable security package, such as Comodo cWatch.
Comodo cWatch is a web security tool for websites and applications that provides a Web Application Firewall (WAF) provisioned over a Secure Content Delivery Network (CDN). It is a fully managed solution from a 24x7x365-staffed Cyber Security Operation Center (CSOC) of certified security analysts and is powered by a Security Information and Event Management (SIEM) capable of leveraging data from more than 85 million endpoints to detect and mitigate threats even before they occur.
Comodo cWatch also includes malware detection scanning, prevention methods, and removal services that enable organizations to adopt a proactive approach to protect their business and brand reputation from malware attacks and infections.
-
Web Application Firewall (WAF): Powerful, real-time edge protection for websites and web applications providing advanced filtering, security, and intrusion protection
-
Security Information and Event Management (SIEM): Advanced intelligence capable of leveraging existing events and data from 85M+ endpoints and 100M+ domains
-
PCI Scanning: Enables service providers and merchants to stay in compliance with PCI DSS
-
Secure Content Delivery Network (CDN): A global system of distributed servers to enhance the performance of web applications and websites
-
Malware Monitoring and Remediation: Detects malware, provides the methods and tools to remove it, and prevents future malware attacks
-
Cyber Security Operations Center (CSOC): A team of certified cybersecurity professionals providing round-the-clock surveillance and remediation services
Comodo cWatch Web provides protection against the OWASP Top 10, a published list of the top 10 forms of website attacks determined by polling experts to gain a broad consensus on which threats are of utmost concern. This list, which is helpful to focus mitigation attention, includes:
-
Unvalidated redirects and forwards
-
SQL injection
-
Missing function-level access control
-
Components with known vulnerabilities
-
Security misconfiguration
-
Cross-site scripting
-
Sensitive data exposure
-
Insecure direct object references
-
Cross Site Request Forgery (CSRF)
-
Broken authentication and session management