URL Manipulation

Jani Reinikainen,

Introduction

Suppose you have a website and that website also has a nice domain-name, but no webspace to point it to, except for your ISP's website with that horrible http://websites.myisp.com/letter/username/abcd1234/-type address. What to do? Well, here's what I did.

Apache's mod_rewrite

First of all, Apache's mod_rewrite is an excellent tool for this job. I used it for one of my domains like this (I placed this inside my httpd.conf file):

<VirtualHost *>
ServerName mydomain.org
DocumentRoot /var/www/mydomain.org/
RewriteEngine on
RewriteRule /g/(.*) http://websites.myisp.com/letter/username/abcd1234/$1 [R]
</VirtualHost>

This rewrites my URLs like this: when a user requests the page http://mydomain.org/g/page.html Apache rewrites the URL to http://websites.myisp.com/letter/username/abcd1234/page.html. Now this makes your website accessible through your domain, though your files are stored on your ISP's servers. Now, just change all your links to point to the "forward URL". This way it'll look as if all requests are sent to your domain (which they actually are, but the data doesn't come from there). The downside with this technique is that both servers have to be online for your site to be accessable. See the documentation for mod_rewrite for more info. If you haven't got access to the Apache config files (or if you aren't running Apache), you might use a simple PHP-script like this one:

<?php

// DO NOT INCLUDE LAST SLASH IN URL
$realurl = "http://websites.myisp.com/letter/username/abcd1234";
header("Location: $realurl/" . $_SERVER['QUERY_STRING']);

?>

Then call the script like this http://mydomain.org/get.php?page.html (I named it get.php, but it doesn't really matter what it's named). This script will forward the user to the URL specified in the $realurl variable, and add the requested page's name to it. Next, let's do some URL cloacking (hiding).

URL Cloacking

Neither mod_rewrite's or the PHP-script's redirection hide the URL in the users' browsers once they've been forwarded, i.e. they will still see your ISP's ugly URL. To hide the URL, you can use a simple HTML trick using frames, by opening up a frame before the redirection. Create an index.html or some page similar to this:

<?xml version="1.0" encoding="iso-8859-1" ?>
<!DOCTYPE html PUBLIC
 "-//W3C//DTD XHTML 1.0 Frameset//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html lang="en" xml:lang="en">
<head>
<title>My Website</title>
</head>

<frameset rows="*">
 <noframes>
  <body>
   Your browser doesn't seem to understand frames. Due to this fact, the website
   you're trying to access will most likely not be displayed correctly.<br />
   Please update your browser as soon as possible!<br /><br />
   The website you are looking for is located at
   <a href="http://websites.myisp.com/letter/username/abcd1234/">
   http://websites.myisp.com/letter/username/abcd1234/</a>, but please, always use
   http://mydomain.org/ when accessing this website. Thank you.
  </body>
 </noframes>

 <frame src="http://websites.myisp.com/letter/username/abcd1234/" frameborder="0" noresize="noresize" />

</frameset>

</html>

For those of you familiar with (X)HTML, this is no big deal. If you're having problems with some browsers, you might try to add another "frame src", since we've only used one in this example. It's generally a good idea to have a noframes section too, since some users use text-only browsers from, for example, shell accounts. Unfortunately, if not browsing with frames, the URL cloacking will not work. Also, URL cloacking is effective only for small websites. If you run a larger website, please buy at least some virtual hosting.

Basically, the browser opens an "invisible" frame containing the real content of the site. Usually free forwarding services use this technique extensivly, including www.tk and many others. To the user it will look like they never left your domain. The downside with this method is that the URL is not updated when the user browses to a new page, since the page is opened in the frame, and that you can't have page-specific titles, due to the same fact. Sometimes this could be an upside though, for example, if you do not wish to reveil the paths to your files. This also makes direct linking a bit harder, since the users cannot see the URL they are currently browsing, but just the domainname.

Related documents

• Module mod_rewrite: URL Rewriting Engine
• A Users Guide to URL Rewriting with the Apache Webserver