Filed under: Uncategorized
If you have a Web site, you use Web redirects or redirection (HTTP 301 and 302) to save dead links, recapture and redirect traffic, and to make URLs easy to type (yet get browsers to deeper, long URL content). Most of the time, this is managed in source code by a developer (scope out dead page code, put in a redirect to new link), and newer content management systems provide some basic redirection features.
So, where is the LinkDeny connection? You may not at first think that a security tool designed to protect against image and file leeching (and provide access control for sites) could ever be useful to manage traffic via redirects or add any value to the redirects you already have – the tool denies links, doesn’t it?
Well, if you look at how LinkDeny works, you will find that the granular access control of IIS Web server content, managed by details in the client or browser request (like IP address, referring URL, country or geographic location, length of user session type of web browser existence of cookie, or the http request header type or its content), can be used to make redirection of traffic more intelligent than a simple code redirect or a CMS-based redirect.
Here’s how you can do redirections with LinkDeny — and really add some power, logic, and delegation to your redirection efforts. Our goal in the steps below is to redirect the example link http://www.site.com/foo to www.site.com/directory/targetpage.html (these are not real sites or links but are just to be used for an example — we will show you a live example afterwards). Let’s take a look at the steps and options to turn LinkDeny into a redirection Swiss Army knife:
1) After installation of LinkDeny, go to the LinkDeny Settings Manager, and clear all of the default rules, as they are security focused — you can keep them safely, but if you only care to redirect links, they are not necessary.
2) Add a new rule. In the rule Add/Edit dialog, choose the selector type of Path -> Exact Match -> URL. Type in your match string (this is the part of the URL after your domain, after the first /, where you ID the link you want to redirect: /foo in this example). You can also use Wildcard to have one rule deal with match string cases like www.site.com/foo and www.site.com/foo.aspx; your match string for that would be /foo* in the LinkDeny rule.
3) Set the Rule type as Deny Requests. Yes, it is counter-intuitive, but here we want to deny that traffic from getting to /foo and do something else with it… redirect it!
4) Select the User-Agent test -> Edit Details -> Add. We are using the simplest method to capture all traffic by selecting the User-Agent or Web browsers test, basically applying this rule to all requests for /foo. You could also use the Referer test to manage traffic redirects based on the referring site that sent the traffic, or even do HTTP Request Conformance Test to look for the presence of a specific header to judge what to do with the traffic. That is one unique benefit of LinkDeny redirection: you can add some user-driven context to a redirection, because you may not want all users to be redirected to the same place. In the general case, however, the User-Agent test is a good, all-purpose LinkDeny “test” for redirection.
5) Choose the Wildcard match option in the User-Agent test dialog, and type in “*”, without the quotes. Here, we are telling LinkDeny to apply this rule for all browsers and search engines (engines do use the User-Agent header in search bot requests, so there is no search or SEO downside).
6) Select the Action Taken On Denial as Redirect, and in this case add in the target URL for the redirection, www.site.com/directory/targetpage.html (the link can be on your own site or you could redirect anywhere with an HTTP or HTTPS link – your choice).
7) Save and Apply your new settings in LinkDeny.
8) Now, test the redirect link, which should make a request to the example www.site.com/foo redirect to www.site.com/directory/targetpage.html…
At the time of writing this blog post, we wanted to provide a client example using LinkDeny for redirection management in production — from National Council of Teachers of Mathematics’ Web site, http://www.nctm.org/. A new site design left some older links like http://www.nctm.org/focalpoints in the cold, and they were generating errors (and hindering users from getting to the right place). With LinkDeny on the job, they now have the above link going to http://www.nctm.org/standards/content.aspx?id=270. Redirection accomplished!
Once you have set up one rule, from there you can either continue to use the Settings Manager GUI in LinkDeny to add new rules for each URL you want to redirect, or you can edit the Rules.ld file in the Web root of the site/virtual server with the redirection link… Just copy an old rule for the syntax for each URL you want to re-direct, changing the redirection URL and the target URL in the new rules. This can be done remotely, just by editing the Rules.ld file, so there no need to terminal/remote desktop into the server to change a rule — just edit in the Web root or use FTP to swap out the Rules.ld file. If you trust the marketing folks, you can even let them manage their own redirects (Yeah, right, keep marketing folks off the server and code if you can, but it is nice to have the option to delegate control and let them manage redirection on their own – again, it is nice to have choices!).
For more help on LinkDeny and specifically what all the codes are in the Rules.ld file code, please see the LinkDeny documentation at http://www.port80software.com/products/linkdeny/docs or contact us.
There is only one current downside: all LinkDeny redirects are currently 302 redirects, which means they are temporary. Best practices in SEO say redirects that are real should be 301 redirects or permanent redirects. An update to LinkDeny will soon allow you to control this by rule… For now, the redirects are fine as 301s, and search engines will index the redirect, but Port80 will get this feature for 302s in LinkDeny soon so that you have the control you need, long-term.
We did not think as many folks would want to have this type of granular control over redirection specifically, but we are happy to report LinkDeny is on the redirection job. Please contact us if you any questions on LinkDeny or anything else IIS and HTTP!