i want to check if a url is from youtube.com website or the mobile version of the site.
is there a robust way to do this?
checking the url contains "youtube.com" does not seem good to me.
whats the proper way to do it?
Use the Uri class to parse the URL and compare to the Host property.
Uri uri = new Uri(myURL);
return uri.Host.Equals("youtube.com", StringComparison.InvariantCultureIgnoreCase)
I don't know a foolproof way to make sure it's youtube.com coming in, but checking REFERER is really not all that solid: the page linking to you can fake its referer header any time it wants to:
http://www.stardrifter.org/refcontrol/
It'll be interesting to see how the security gurus answer this question.
-- pete
Related
So I have a google shortened Url, and once I click on it and hit my controller, I want to be able to see what the original goo.gl url was before it got resolved. How on earth do I do this?
I've tried Request.UrlReferrer.AboluteUri and System.Web.HttpContext.Current.Request.Url.AbsoluteUri but neither seem to work. They all simply return the resolved absolute uri. Any help on this would be greatly appreciated.
Here's an example of the shortened URL - http://goo.gl/WSrJ6
This would then take the user (in testing at least) to localhost:81/college/events/details/23
So basically, when I hit the Details Controller, how do I get the original shortened url back?
Ok, this feels like more of a workaround but...
I don't see any way to resolve the shortened url from the goog.gl service. However, you could send a web request to goog.gl that only uses the HEAD HTTP verb using the shortened url.
Then, in the response to the HEAD request, the location header will be the original url (because it will send back a redirect request 301).
You can check out the response by using this tool. Put in your shortened url and then choose the HEAD verb before posting.
https://developers.google.com/url-shortener/v1/getting_started
You do a get request with the following url and you get a Json with the long url
https://www.googleapis.com/urlshortener/v1/url?shortUrl=http://goo.gl/WSrJ6
Any normally configured browser sends the header HTTP_REFERER.
Doesn't a simple Request.UrlReferrer work? Or, something like HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] or ServerVariables["HTTP_REFERER"]?
That, depending on where you are coding, but the point is to grab the header from the request.
HTTP_REFERER should always contain the previous (referer) url. I don't see why you're getting the resolved url there, unless it's a second redirection (e.g. your shortener pointed to http://server.com and your web server is configured to redirect missing www to http://www.server.com).
HTH
Francisco
I have a form that users enters there website. Problem is some users put their email address in which I do not want. I want a way to check if the url is well structured. e.g. no #, must have a root domain. www subdomains are optional. I am unable to find this anywhere.
I have tried this code
if (!Uri.TryCreate("http://" + websiteurl, UriKind.Absolute, out uri) || null == uri)
returning false on error but my problem is that it still validates without a root domain e.g. I can put in
http://websitename
and validates fine which I do not want. It does return false when I have put in
http://websitename#.
Is there a way I can overcome this problem? also I added
http:// in the passthrough value because the url never validates.
You can use:
Uri.IsWellFormedUriString(inputUrl, UriKind.RelativeOrAbsolute)
Depending on your performance needs, maybe issuing a quick HttpWebRequest for the website url they give and verifying that you get back a success response might be a good option.
You could try with a regular expression.
Uri.IsWellFormattedUriString won't solve the problem here, which includes the ability to distinguish a valid Url from an email address. Both are well formatted Uris.
Use a regular expression. Here's one from the MS forums using C#:
Url validation with Regular Expression
But you should really validate this before it gets sent to the server. If you use the Peter Blum validators, he's already done the work for you.
Peter Blum's Validators
Or if you want to put in your own JavaScript file, check out this StackOverflow thread.
Url Validation using jQuery
In my Project i don't want to show query string values to users. For that case i used URL Rewriting in asp.net. So my URL Looks like below.
http://localhost/test/default.aspx?id=1
to
http://localhost/test/general.aspx
The first URL will be rewrites to second URL, but it will still executes the default.aspx page with that query string value. This is working fine.
But my question is that, is there any way the user can find that original URL in browser?
The answer is no.
The browser can't tell what actual script ended up servicing the request - it only knows what it sent to the server (unless the server issued a redirect, but then the browser would make a new request to the redirect target).
Since URL rewriting takes an incoming request and routes it to a different resource, I believe the answer is yes. Somewhere in your web traffic you are requesting http://localhost/test/default.aspx?id=1 and it is being rewritten as the new request http://localhost/test/general.aspx.
While this may hide the original request from displaying in the browser, at some point it did send that original URL as an HTTP GET.
As suggested, use Firebug or Fiddler to sniff the traffic.
I figured answer for my question. We can easily found the rewritten urls. If we saw the view source of that page in browser then we can see that original url with querystring values.
I'm searching for a c# function that takes a Url as a parameter and returns all the inbound url related to that url.
You can "download" webpages using the WebClient class:
String url = "http://www.google.com";
WebClient client = new WebClient();
String source = client.DownloadString(url);
Then you need to search all URLS. I'd love to write a RegEx for you, if you'd put effort in finding the answer which you didn't, apparently.
Writing one of those Regular Expressions is rather hard because there are so many different things you have to match:
Relative URL's
Absolute URL's
IP's
You have to consider the base tag
Only if they're in specific tags (a, img, link, script, and on and on)
Good luck with that
From your description you want to find "inbound"? url's to a URL. If that is the case you would need to connect to an API to retrieve that information. I don't think Google has one but I do know they exist.
One of our application will be run in an iframe, inside salesforce and I'm having troubles with accessing the referer. They'd like us to do some referer checks, to make sure the request is coming from salesforce and we've been given the IP addresses to check against.
My problem is that anytime I try to access the referer through either of the following two methods:
HttpContext.Current.Request.ServerVariables["HTTP_REFERER"]
HttpContext.Current.Request.UrlReferrer
it returns me null.
Any ideas how could I get hold of the referer?
PS: I'm aware that you can spoof the referer, but it's part of the requirement.
If I understand the question correctly you have client sites that refer to your site by embedding IFrames in their webpages the point to your site. You wish to "ensure" that the requests are coming from host page which itself is part of a designated set of sites. The set of designated sites is described by a set of IP addresses. Does that cover it?
Tricky. First off lets assume you've got a referer. You will need to aquire the host name from it (easy enough using the Uri type). Then you need to resolve the IP address for the host name using DNS (again not too difficult with .NET framework).
Of course you need to get a referer and that is the trickiest bit. Browsers do not always place a referer header in the request. This is especially true when the referee address is not in the same domain as the referer, which is the case here. IOW, this is a showstopper.
A better approach to solving this problem (and is not prone to spoofing) is to use some hash based authentication. Doesn't have to be too sophisticated (if the original requirements felt the referer testing was sufficient anyway).
A referrer is only there if the page was requested through a link. When a page is opened say from the address bar in a browser by typing in the address directly (or in your case y setting the src. of the IFRAME), the referrer will be empty.