开发者

How to prevent our site from visitor access via domain masking or url masking

开发者 https://www.devze.com 2023-01-05 05:20 出处:网络
Example real site http://stackoverflow.com/ URL Masking http://masking.com/stackoverflow Question How to switch the URL masking http://maskin开发者_开发知识库g.com/stackoverflow to original URL htt

Example real site http://stackoverflow.com/

URL Masking http://masking.com/stackoverflow

Question

How to switch the URL masking http://maskin开发者_开发知识库g.com/stackoverflow to original URL http://stackoverflow.com/

Let me know how can be done in PHP or JavaScript


Masking site urls are done with frames. All you need to do is add a frame-breaking script.

Just add this in your header:

<script type="text/javascript">
if (parent.frames.length > 0) {
parent.location.href = self.document.location
}
</script>


A rogue technique of domain masking I've encountered is where multiple domains will intentionally configure their DNS settings to point to my server, so that it appears they are hosting my website as well.

Originally I thought it was done via an iframe or other method until my hosting company confirmed the real reason (and the only reason they knew is because the malicious domains were also purchased via them so they could see its settings).

To fix this, you should configure your web server to deny all requests that don't originate from your domain.

In Apache 2.4, this mean modifying the VirtualHost settings in your Apache site .conf file:

<VirtualHost *:80>
ServerName youractualdomain.com
ServerAlias www.youractualdomain.com
<Location />
    Require all granted
</Location>

This will allow requests from your domain - both its www and non-www formats.

<VirtualHost *:80>
ServerName dummy
<Location />
    Require all denied
</Location>

This will block all other requests and serve a HTTP 403 Forbidden response. Note that Apache will no longer serve even when using your server's direct IP address.

0

精彩评论

暂无评论...
验证码 换一张
取 消