Redirecting domain without changing URL

Get Started
1

Hi Everyone,

I have what might seem, a very simple problem to solve.

A few months ago I wanted to deactivate/temporarily delete my domain
www.ellekorhaliller.co.uk
and therefore I think I deleted the index.html page that was redirecting to my tumblr portfolio site
www.ellekorhalillerweb.tumblr.com

I must admit that my web developing skills are very rusty and so I can’t seem to figure out why I am getting this 403 Forbidden error message on my domain.
As a side note, yesterday I followed these steps to redirect my domain to my tumblr website http://www.tumblr.com/docs/en/custom_domains and so my A record DNS’s were changed.

I thought that the problem might be solved if I simply add an empty index.html page via ftp however when I do this, this just shows a blank page.

If anybody could share some light on how I simply redirect
www.ellekorhaliller.co.uk
to
www.ellekorhalillerweb.tumblr.com
without showing the change in URL in the address bar, I would be most grateful.

1 Like
2

Imagine if you could take people who go to one page, to a completely different page, without them being able to see that in their URL bar.

In fact, this is what phishers would love to do. But since they can’t (not without a full-sized malicious iframe hidden on the first page), they try to make subdomains that look like the legal site.

http://ellekorhaliller.co.uk/index.html is 404.

I don’t know what kind of server you’re running, but let’s pretend it’s Apache.

In Apache (and I’m sure most other servers), there’s a thing called DirectoryIndex, where you tell the server what to do if someone wants to go to a directory on your site.

So most people have mysite.com/index.html, and to avoid people needing to write the “index.html” or seeing it, they set their DirectoryIndex to “index.html”. For php sites like wordpress this might be index.php (which then runs and renders the home page).

And if you had a directory like
mydomain.com/puppies/
and there were images of puppies in there, and you did NOT want people to just be able to type in “mydomain.com/puppies” and get a directory listing, you’d set DirectoryIndex to index.html and then if there’s no index.html, the rest of the directory is forbidden (403).
There’s another directive that does something similar and complementary, I forget its name but you can say whether people can have access to directories without an index.html.
edit I looked it up, here http://viralpatel.net/blogs/htaccess-directory-listing-enable-disable-allow-deny-prevent-htaccess-directory-listing/ <–this link is talking about htaccess, which is the crappy file you would need to use if you’re on shared hosting and don’t have direct access to the actual config file. If you have access to the actual config file, use that instead. It’s faster.

So probably your server is set up something like that, and because your main domain doesn’t have an index.html, you’re getting the forbidden message instead.

Either put an index.html page there, or turn off whatever setting is on the server (in the server’s config file) that doesn’t allow people to see directories. (edit this is not generally a safe thing to do, this is just you debugging what’s going on. It’s a good idea to have directories not all loose and open like a guy wearing only a trenchcoat)

As for redirects, the Tumbler page looks like it says “this is how you turn yourname.tumbler.com to yourcustomdomain.com.” Tumbler can do things to requests people send to them. But in your post you are asking how to do it the other way around.

Tumbler can’t make someone else’s domain redirect to them, otherwise every criminal everywhere would make paypal.com (or whatever) redirect to their istealmoney.ru or whatever.

Instead, to redirect requests sent to your server to Tumbler, that’s in your server config too. You’d set a 301 (permanent) redirect to all requests for mydomain.com to mycustom.tumbler.com.

1 Like
3

Well since @Stomme_poes describe the underline mechanism behind this, i’ll just jump start to your index file.
create a index.html file and put below code inside it

<html >
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="refresh" content="1;url=http://www.ellekorhalillerweb.tumblr.com">
        <script type="text/javascript">
            window.location.href = "http://www.ellekorhalillerweb.tumblr.com"
        </script>
        <title>Page Redirection</title>
    </head>
    <body>

    </body>
</html>
4

Thank you very much @Stomme_poes and @AnjanaWijesundara for taking the time to reply.

I simply replaced the index.html page and I was no longer faced with the 403 Forbidden page.

@AnjanaWijesundara This code certainly does the trick on redirecting to the correct url… But I would really like the URL to not change from www.ellekorhaliller.co.uk once it has redirected to the site that is hosted by tumblr.
I would like the URL in the address bar to stay the same to make it seem as though my visitors are seeing this site on my domain name but it has actually, sneakily redirected itself to my tumblr site.

I’ve googled and googled and can’t seem to find a way around this … but there must be?!

5

@elifflower Ohh… Well then you have to change /create a .htaccess file ( This is assuming you are using Apache server )

RewriteCond %{HTTP_HOST} ^www.ellekorhaliller.co.uk
RewriteRule ^(.*) http://www.ellekorhalillerweb.tumblr.com/$1 [P]

Try this out, Think this will work as you wish. If not your last option is to load it using iframe.

6

Hi @AnjanaWijesundara thanks so much but that seems to do exactly the same thing.
Changed my .htaccess file and uploaded it by ftp.

You said the only other option is to load it as an iframe?

I tried some frame sets before but these didn’t work…

7

[quote]I would like the URL in the address bar to stay the same to make it seem as though my visitors are seeing this site on my domain name but it has actually, sneakily redirected itself to my tumblr site.

I’ve googled and googled and can’t seem to find a way around this … but there must be?![/quote]

But see, if istealmoney.ru sent you an email pretending to be your bank and said “click here to update your account”, and you went to istealmoney.ru but the URL bar said yourSafeBank.com, that would totally break the interwebs.

So that’s why the “sneakily redirect” instructions aren’t on the web. One could probably hack a particular individual’s web browser to show the wrong URL, but there’s (luckily) no web way to do that.

This is for safety reasons. People should always be able to see which domain they are actually visiting.

What some phishers do instead is something like,
if they own some very short-named spammy site like fu.ru
and they wanted you to think you were at mySafeBank.com
then sometimes they’ll make a subdomain “mySafeBank-com”

so that the unwary and not careful surfer might see
mySafeBank-com.fu.ru
and not notice the real domain tacked on the end.

I’ve seen people do it with paypal in phishing emails I’ve gotten.

The iframe thing is a technique that’s also used in something called clickjacking, although usually with clickjacking the evildoer only makes the iframe as large as the image of the clickable whatever they hope the user clicks on.

Like, the safe-but-hacked page has a button like “log in” and the clickjacker, who has captured control of the once-safe page, has injected an iframe and positioned it to sit directly over that login button, invisibly. When the user clicks the button they see, they’re actually clicking on an iframe. This basically tricked a user into clicking a link to a malicious website. The malicious website can be styled to look like theSafeWebPage entirely, but luckily the malicious website cannot fake the URL.

So in your case, you’d have the iframe just loading the tumbler page and users would see and interact actually with the tumbler page. The “outside” of your page remains your original domain, so the URL is still of your domain.

However as this is a technique like “how do I remove my victim’s blood from the carpeting in my car’s trunk?”, googling for how to do this will likely take you to some darker areas of the interwebs.

I would recommend that you not do it. It’s kinda mean to your users. : )

1 Like
8

Well W3 web stand clearly specify what you are trying to do as URL hijacking and it’s usually not encourage to do. (because this allow hackers to redirect users to fraud sites.) So may be your own browser prevent this from happening… Either way if that is the case i guess, you have no way of doing this. These are the only options that available for do this ( according to u knowledge).
sorry i couldn’t give you more useful answer than this.