URL Manipulation

Jani Reinikainen, devel (at) reinikainen.net

21. March 2003

Introduction

Suppose you have a website and that website also has a nice domain-name, but
no webspace to point it to, except for your ISP’s website with that horrible
http://websites.myisp.com/letter/username/abcd1234/-type address. What to do?
Well, here’s what I did.

Apache’s mod_rewrite

First of all, Apache’s mod_rewrite is an excellent tool for this job. I used
it for one of my domains like this (I placed this inside my httpd.conf file):

<VirtualHost *>
ServerName mydomain.org
DocumentRoot /var/www/mydomain.org/
RewriteEngine on
RewriteRule /g/(.*) http://websites.myisp.com/letter/username/abcd1234/$1 [R]
</VirtualHost>

This rewrites my URLs like this: when a user requests the page
http://mydomain.org/g/page.html Apache rewrites the URL to
http://websites.myisp.com/letter/username/abcd1234/page.html. Now this makes
your website accessible through your domain, though your files are stored on
your ISP’s servers. Now, just change all your links to point to the “forward
URL”. This way it’ll look as if all requests are sent to your domain (which
they actually are, but the data doesn’t come from there). The downside with
this technique is that both servers have to be online for your site to be
accessable. See the documentation for mod_rewrite for more info. If you
haven’t got access to the Apache config files (or if you aren’t running
Apache), you might use a simple PHP-script like this one:

<?php

// DO NOT INCLUDE LAST SLASH IN URL
$realurl = "http://websites.myisp.com/letter/username/abcd1234";
header("Location: $realurl/" . $_SERVER['QUERY_STRING']);

?>

Then call the script like this http://mydomain.org/get.php?page.html (I
named it get.php, but it doesn’t really matter what it’s named). This script
will forward the user to the URL specified in the $realurl variable, and add
the requested page’s name to it. Next, let’s do some URL cloacking (hiding).

URL Cloacking

Neither mod_rewrite’s or the PHP-script’s redirection hide the URL in the
users’ browsers once they’ve been forwarded, i.e. they will still see
your ISP’s ugly URL. To hide the URL, you can use a simple HTML trick using
frames, by opening up a frame before the redirection. Create an index.html or
some page similar to this:

<?xml version="1.0" encoding="iso-8859-1" ?>
<!DOCTYPE html PUBLIC
 "-//W3C//DTD XHTML 1.0 Frameset//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html lang="en" xml:lang="en">
<head>
<title>My Website</title>
</head>

<frameset rows="*">
 <noframes>
  <body>
   Your browser doesn't seem to understand frames. Due to this fact, the website
   you're trying to access will most likely not be displayed correctly.<br />
   Please update your browser as soon as possible!<br /><br />
   The website you are looking for is located at
   <a href="http://websites.myisp.com/letter/username/abcd1234/">
   http://websites.myisp.com/letter/username/abcd1234/</a>, but please, always use
   http://mydomain.org/ when accessing this website. Thank you.
  </body>
 </noframes>

 <frame src="http://websites.myisp.com/letter/username/abcd1234/" frameborder="0" noresize="noresize" />

</frameset>

</html>

For those of you familiar with (X)HTML, this is no big deal. If you’re having
problems with some browsers, you might try to add another “frame src”, since
we’ve only used one in this example. It’s generally a good idea to have a
noframes section too, since some users use text-only browsers from, for
example, shell accounts. Unfortunately, if not browsing with frames, the
URL cloacking will not work. Also, URL cloacking is effective only for small
websites. If you run a larger website, please buy at least some virtual
hosting.

Basically, the browser opens an “invisible” frame containing the real
content of the site. Usually free forwarding services use this technique
extensivly, including www.tk
and many others. To the user it will look like they never left your domain.
The downside with this method is that the URL is not updated when the user
browses to a new page, since the page is opened in the frame, and that you
can’t have page-specific titles, due to the same fact. Sometimes this could
be an upside though, for example, if you do not wish to reveil the paths to
your files. This also makes direct linking a bit harder, since the users
cannot see the URL they are currently browsing, but just the domainname.

Related documents

• Module mod_rewrite: URL Rewriting Engine
• A Users Guide to URL Rewriting with the Apache Webserver

Tags: http, linux, manipulation, url

This entry was posted on Saturday, October 3rd, 2009 at 11:33 and is filed under Quick notes. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.