如何阻止我的网站重定向到其他网站
问题是我的网站使用另一个网站上的脚本向用户传递链接。但是,如果用户输入错误的内容,脚本只会重定向到其他站点,我不希望用户知道我的站点使用其他服务。
有没有办法使用 .htaccess 来阻止重定向到其他站点?我需要阻止的是另一个网站上名为“error.html”的页面,我也不想阻止整个网站。
另外,出于安全原因,我无法显示代码。
The problem is that my site uses a script on another site to deliver a link to a user. But if the user types something in incorrectly the script just redirects to the other site and I don't want users knowing that my site uses other services.
Is there a way to use .htaccess to block the redirection to the other site? All I need to block is one page on the other site called "error.html" and I don't want to block the entire site either.
Also I cannot show the code for security reasons.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您允许在您的网站上使用第三方 JavaScript,这些脚本可以对您的客户端行为执行任何操作,包括但不限于重定向。另外,您的 .htaccess 与 JavaScript 无关,因为它是服务器端,而 JavaScript 是客户端。这意味着您的 .htaccess 无法阻止浏览器执行 JavaScript 重定向。
“此外,出于安全原因,我无法显示代码。”是什么意思?您的意思是比在您的网站上允许第三方 JavaScript 更重要的安全原因吗?
If you allow third-party JavaScript on your site, these scripts can do anything with your client side behavior, including but not limited to redirection. Plus, your .htaccess has nothing to do with JavaScript since it's server-side and JavaScript is client side. Meaning your .htaccess can't prevent a browser from performing a JavaScript redirection.
And what's this "Also I cannot show the code for security reasons."? You mean a security reason bigger than you allowing third-party JavaScript on your site?
在重定向到另一个站点之前,您能否验证用户输入是否可以被另一个站点接受?看来阻止页面成功的可能性较小。如果您知道什么有效、什么无效,那么就不允许将任何无效的内容发送到其他站点。
Can you validate that user input is acceptable to the other site before redirecting there? It seems like blocking a page is less likely to be successful. If you know what works and what doesn't, then don't allow anything that won't work to be sent to the other site.