Hi guys,

I need a redirect script that WORKS on modern browsers. Seems suddenly that NONE of the redirect scripts that I have work with ANYBODY anymore, no matter WHAT browser that they use...IE, Firefox, etc.

When certain IP addresses come to my site I want to be able to redirect them to another page.

Six months ago the scripts all worked just fine fine.

Suddenly...I'm guessing several security updates later...it now appears I no longer have the power to redirect ANYONE...not just in IE8, but in ANY browser.

Anybody have any idea what's going on?

Anybody have any script ideas that will WORK?

Thanks,

Todd

Do you have PHP? What was the code you had previously?

Certainly some redirects work still. What set of "redirects" do you find not to work?

Here are some types to look into (each with varying positive and negative aspects, mostly that the easier-to-use options aren't as reliable):
-Javascript redirects (change the page's location, but this requires JS is enabled and not blocked somehow)
-HTML Meta Tag redirects (can be blocked, but they're a pretty stable way to do it)
-Header redirects (generated from PHP for example, these are quite reliable and I'd say more so now than in the past-- some browsers didn't deal with them, but they're high level enough that I doubt they'd be really ignored by most modern browsers) [a header is the data sent before any text [html] output to the browser with a page]
-server configured redirects [such as using .htaccess]
-mod_rewrite (an apache module that doesn't redirect but instead actually serves a different page (undetectably) than what was requested by the user, based on some rules. This is based on usually the incoming URL, but you could also use IP in it I believe)
-Error pages (while not true redirects, they work similarly, such as a 404 page being served instead of a non-existing page)
-DNS level redirects [configure this based on your domain name]


Finally remember that for ALL of these options it is very common to output a page that says "Redirecting in 5 seconds. If your browser does not redirect you please click the link below:".
(For example, see the login to this forum.)
This is rarely needed any more as far as I know, but for some older browsers or users with very high security restrictions, and of course some of the less powerful mobile devices, this may be required. It also may be needed for automated web usage, such as search engine spiders (though I expect that some of the spiders are probably advanced enough to deal with redirects).

Well, I have a couple - neither of which seem to work, anymore...

1) This is s short one that I THINK once came from here, but I can't locate it anymore...

<SCRIPT LANGUAGE=javascript>
<!--
var temp;
temp = document.referrer;
if (temp.lastIndexOf("216.194.144.254") != -1)
location.href = "http://www.afn.org/~skywarn/index.html";
//-->
</SCRIPT>

2) This actually comes from someplace else, which I hope doesn't violate any policies here (don't mean to), but I list it here to show the actual script that does not work...

<script type="text/javascript">

// Block IP address script- By JavaScriptKit.com (http://www.javascriptkit.com)
// For this and over 400+ free scripts, visit JavaScript Kit- http://www.javascriptkit.com/
// This notice must stay intact for use.

//Enter list of banned ips, each separated with a comma:
var bannedips=["23.23.23.23", "11.11.11.11"]

var ip = '<!--#echo var="REMOTE_ADDR"-->'

var handleips=bannedips.join("|")
handleips=new RegExp(handleips, "i")

if (ip.search(handleips)!=-1){
alert("Your IP has been banned from this site. Redirecting...")
window.location.replace("http://www.google.com")
}

</script>

Neither of these scripts work. At first I thought it was just an IE8 thing, but then I noticed that that sother users not being redirected are also using Firefox 3.6.

I should probably add that I'm aware that I may be running into a situation where people may actually have JS turned OFF. I think that could be one problem.

Mostly where I'm finding need to use these scripts is to stop people from hitting a site that normally gets 15 its a day if LUCKY ...150 times. I think it's obvious what they're doing when that happens and when it does I like to temporarily redirect them "Is there something I can help you with?" page listing contact information. Normally, they never contact me back and then it becomes obvious that if they didn't want to contact me that their intentions were probably along the lines of copyright theft. :) But it allows me to deal with those oddball behaviors without completely removing the page and causing disruption for anyone other than the oddball individual. See?

So I guess what I need to be able to do is...

- Use something that can't be thwarted by turning it OFF (such as turning off Java or JavaScript)
- Use something that every browser can handle
- Use something that doesn't require that a server have CSS or else it won't work

That being said, what is PHP?

(And thanks for the quick replies, everybody.)

Todd

PHP is a server-side language and is processed on the server before the page loads so client requirements (javascript being on, etc.)arent required by it, and it is independent of browsers.

You're going to need to log the users coming to you page and come up with a circumstance where when the user passes a number of visits in a period of time they get the page. This should be done in a database I'd propose because cookies can be altered/deleted and the session can be cleared. If you have a list of all users you can filter by the IP address and then by the time and number of views.

http://us.php.net/tut.php
http://www.tizag.com/phpT/
http://en.wikipedia.org/wiki/PHP

If you have php we could recommend some code for you to do this although this will probably get a bit complicated. If you have a list of IP addresses already it'd be easier.

Certainly some redirects work still. What set of "redirects" do you find not to work?

Here are some types to look into (each with varying positive and negative aspects, mostly that the easier-to-use options aren't as reliable):
-Javascript redirects (change the page's location, but this requires JS is enabled and not blocked somehow)

Okay, that's what I was worried about. If it can be turned off then it won't work.

-HTML Meta Tag redirects (can be blocked, but they're a pretty stable way to do it)

Same answer.

-Header redirects (generated from PHP for example, these are quite reliable and I'd say more so now than in the past-- some browsers didn't deal with them, but they're high level enough that I doubt they'd be really ignored by most modern browsers) [a header is the data sent before any text [html] output to the browser with a page]

This sounds promising. But again, is this dependent upon whether the server (that I'm using) is PHP capable, or has it turned on itself?

-server configured redirects [such as using .htaccess]

Not familiar with this.

-mod_rewrite (an apache module that doesn't redirect but instead actually serves a different page (undetectably) than what was requested by the user, based on some rules. This is based on usually the incoming URL, but you could also use IP in it I believe)

This sounds promising. But you said "Apache". Does the server I'm on have to be Apache, then, or it won't work?

-Error pages (while not true redirects, they work similarly, such as a 404 page being served instead of a non-existing page)

Thought about doing something like this, too.

-DNS level redirects [configure this based on your domain name]

Not familiar with this.

Finally remember that for ALL of these options it is very common to output a page that says "Redirecting in 5 seconds. If your browser does not redirect you please click the link below:".
(For example, see the login to this forum.)
This is rarely needed any more as far as I know, but for some older browsers or users with very high security restrictions, and of course some of the less powerful mobile devices, this may be required. It also may be needed for automated web usage, such as search engine spiders (though I expect that some of the spiders are probably advanced enough to deal with redirects).

Well, I wouldn't want a delay. See where I want to use these things are odd hits. Let's say a page that normally doesn't get a whole lot of hits suddenly gets 200 inside an hour or two. This suggests someone cutting and pasting (while verifying links, thus generating the constant return hits). I might want to redirect them (and JUST them) to a "Can I help you?" page, listing contact information. Or maybe I want to find out if it's a bot. I'll send it to a blank page. If it keeps hitting, it implies mindless automation. If it suddenly stops, it implies shock/fear/guilt reaction and conscious, reactionary thinking on the other end. (So the theory goes, anyway.)

So yes, I need to be able to block attempts to thwart the redirect by turning off scripting, and to be able to single out an IP, or range of IPs, and redirect them to another page - preferably without announcement of the redirect. Just...taking them there, period.

But I've watched while a few users hittting some popular pages of mine have apparently found ways to get around my IP blocks/redirects and it's kinda scary because the only way to make these people stop what they're doing is to otherwise completely remove the page. But then they just come back the next day when I'm not watching and do it again. :( Then they come back a month later to catch changes.

I guess this new age of the Internet is teaching people that copyright isn't an important thing, and words like "originality", "ingenuity", and "improvisation" consist soley of the idea now of cutting and pasting someone ELSE'S work to your own and then attaching your name to it. This "change" to the work is then considered sufficient enough to call the new piece "your own work". LOL. :(

(Ew. I totally did NOT understand how the formatting in this editor works. Sorry about the mess in that previous message. My answers to the quoted message were supposed to be in italics while the replyer's reply was supposed to remain untouched. Ugh! I'm SO sorry about that!) :(

I've asked Alachua FreeNet if they support PHP. Awaiting their response.

How about Google's Blogspot? Anybody know if they support PHP and if PHP code can be placed into your blog, too?

PHP requires access to the server. So this means it won't be allowed on blogs (in most if not all cases). It's a security risk-- you could use it (easily) to hack the server [since you're already on the server], for example.

I'm not sure about your predictions here: if someone is visiting your page a lot, what makes you think they're stealing things? Why not just save [file>save] your page once then work from that local copy?

You might be right, but I'm not convinced. Perhaps it's the google bot indexing your page. Sometimes that can generate a lot of hits. Actually, I'm under the impression that the google bots "plays nice", but that some other bots (yahoo? msn?) tend to generate a huge number of hits in a short time.

Anyway, it may be any number of causes, but you can pursue blocking it if you'd like. A Javascript redirect is not really a smart way around it. Additionally, it's going to be very hard to figure out what's going on because you can't view the users doing this to your pages. It might be a bot that entirely ignores redirects or it might be a hacker who knows how to block them--- or it may just be a user who likes your pages and not will get confusingly redirect somewhere else.


Also, another possibility is that someone is using your page, such as in an iframe on their site. But that wouldn't explain the short time increase then decrease again.

Naw, it's some guy who checks in a lot. You can see him hitting my page once after another, starting at #AK, then #AL....down to #FL....#WA. The same page, but scrambling down one state after the next state, using the CONTENTS at the top of the page. He's not a bot since bots don't use the CONTENTS. :)

The Google/Yahoo/MSN/Yandex/etc bots I already know about and I know their IP addr ranges. This isn't them, tho.

But that's one reason why I like the redirects, yah...so that it can help me figure out what's bot and what's not. :)

Todd

Alright. Well for something that complex you should definitely go with PHP because it'll give you the control you need. You could also look into .htaccess for less controlability, but less difficulty in setting it up.