US20090006424A1 - System, method and program product for determining if a user has received a redirected web page - Google Patents
System, method and program product for determining if a user has received a redirected web page Download PDFInfo
- Publication number
- US20090006424A1 US20090006424A1 US12/204,193 US20419308A US2009006424A1 US 20090006424 A1 US20090006424 A1 US 20090006424A1 US 20419308 A US20419308 A US 20419308A US 2009006424 A1 US2009006424 A1 US 2009006424A1
- Authority
- US
- United States
- Prior art keywords
- web page
- url
- application
- content
- redirected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 230000004044 response Effects 0.000 claims abstract description 17
- 238000004590 computer program Methods 0.000 claims description 10
- 230000009471 action Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99941—Database schema or data structure
- Y10S707/99942—Manipulating data structure, e.g. compression, compaction, compilation
Definitions
- the present invention relates generally to a method, system and computer program product for determining whether a web browser user has received a redirected web page, and more specifically, to a method, system and computer program product for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application.
- URL Uniform Resource Locator
- the World Wide Web (“WWW”) is well known today. Users of client computers with web browsers request web pages by specifying a URL, either by typing the URL into an address field or selecting a link for a URL. Typically, the user requests the web page using HTTP. Web pages are often a user interface to an application hosted by a server and contain information, such as product information, related to the application. Such web pages often include links to access other web pages or invoke services of the application. Other web pages are merely informational, and do not provide an operational interface to any application.
- the user's web browser In response to a user request for a web page (where the user request specifies a URL), the user's web browser obtains from a domain name server (“DNS”) an IP address of a server and application on the server represented by the URL. Then the web browser forwards the client request for the web page to the (IP address of the) server/application. In response, the requested application on the server returns the requested web page, and a return code of “2xx” indicating that the requested web page was successfully located and returned.
- DNS domain name server
- the server or application addressed by the user-specified URL redirects the user request to another server and/or application which returns a “redirected” web page (not the one represented by the user-specified URL).
- a user may request a web page for a presumed URL based on a generic product name, and a proxy server listed in a domain name server as responsible for that URL will redirect that request to another server and application which provides information or services relating to the generic product.
- a vulnerability scanning tool can simulate requests made by a person outside of a firewall or an enterprise being tested to determine if the person can access sensitive web pages from an application within the firewall or enterprise being tested.
- the server and application addressed by the tool will redirect the request to a default URL which returns a “Sorry, Page Not Found” web page and a return code other than “2xx” to indicate that the returned page was not the one requested.
- the server executing the connection may redirect the user to a web page indicating a request was not successful.
- a load balancer or network dispatcher which receives a user request for a URL that does not exist or is not accessible may redirect the user request to a default “page not found” web page.
- a “1xx” return code means that the server to which the request was sent is processing the request.
- a “2xx” return code means that the request was successfully received, understood and accepted.
- a “3xx” return code means that the request was redirected, and a user must take further action to complete the request such as to wait or to select another link on a redirection web page.
- a “4xx” return code means a client error such as bad syntax, and cannot be fulfilled.
- a “5xx” return code means a server error such that the server failed to fulfill an apparently valid request.
- the application which returns the redirected web page may be programmed to return a different return code for a variety of reasons. For example, the application which returns the redirected web page with the misleading return code may want to abstract or conceal the fact that the user request was redirected or may have a valid security reason for concealing the redirection.
- the redirected web page does not indicate anywhere else in the web page that the web page is redirected.
- the application which returns the redirected web page may be programmed to return a web page such as illustrated in FIG. 1 which does not include the proper “404” return code, but clearly states in text that the requested web page was not found. Even though this web page indicates in text that the web page was not found, if the requester is a program tool looking for a return code, then the program tool will not recognize this web page as redirected.
- the “user” is a person
- the “user” is a program executing on the user's workstation. For example, consider when the foregoing vulnerability scanning tool simulates requests made by a person, and the application addressed by the tool recognizes the tool as not authorized to access the web page. In such a case, instead of returning the sensitive web page, the addressed application redirects the request to a default application which returns a “Sorry, Page Not Found” web page.
- the vulnerability scanning tool may interpret the redirected web page as the one requested by the tool, and conclude that the sensitive web page was returned and a “hole” exists in the security system.
- FIG. 2 illustrates another type of known redirected web page.
- the user-requested application has redirected the user request to a known “time-out” application (because the user's connection to the user-requested application has timed-out).
- the time-out application returns a redirected web page requesting the user to logon again, instead of the web page to interface to the requested application.
- the “time-out” application included a “252” (non-redirected) status return code in the URL field: http://129.33.31.252/cgi-bin/ctguests.idc.
- the tool may interpret this web page as the one originally requested by the tool, calculate that the web page was returned after the expiration of the time-out period, and conclude that a “hole” exists in the security system.
- the present advantageously provides a system, method and computer program product for determining for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application.
- URL Uniform Resource Locator
- a web page received from an application is deemed a redirected web page if the content of the original web page matches the content of a second web page returned in response to sending the application an altered URL.
- a method for determining redirection of a URL sent by a web browser to an application.
- a first URL is sent to the application, and in response, a first web page is received from the application.
- a second URL is created by appending one or more characters to the first URL. The second URL is unrecognizable by the application.
- a request for the second URL is sent to the application, and in response, a second web page is received.
- the content of the second web page is compared to the content of the first web page. If the content of the second web page matches the content of the first web page, a record is made indicating that the first web page is a redirected web page.
- a system for determining redirection of a URL includes an application, a web browser, and a processor.
- the web browser is communicatively coupled to the application and the processor.
- the web browser operates to send a first URL to the application, and in response, receive a first web page from the application.
- the web browser further operates to send a request to the application for a second URL, the second URL being unrecognizable by the application, and in response, receive a second web page.
- the processor operates to create the second URL by appending one or more characters to the first URL.
- the processor further operates to compare content of the second web page to content of the first web page, and if the content of the second web page matches the content of the first web page, make a record indicating that the first web page is a redirected web page.
- a computer program product for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application includes program instructions stored on a computer readable medium.
- the first program instructions send a first URL to the application, and in response, receive a first web page from the application.
- the second program instructions create a second URL by appending one or more characters to the first URL.
- the second URL is unrecognizable by the application.
- Third program instructions send a request to the application for the second URL, and in response, receive a second web page.
- Fourth program instructions compare the content of the second web page to the content of the first web page. If the content of the second web page matches the content of the first web page, fifth program instructions make a record indicating that the first web page is a redirected web page.
- FIG. 1 is a redirected web page according to the Prior Art.
- FIG. 2 is another redirected web page according to the Prior Art.
- FIG. 3 is a block diagram of a user workstation which includes a web browser according to the prior art, and a web page analysis program according to the present invention.
- FIG. 4 is a flow chart of the web page analysis program of FIG. 3 .
- FIG. 3 illustrates a user's workstation 10 which includes a web browser 12 such as Microsoft Explorer or Netscape Navigator web browser.
- Web browser 12 includes the known functions of requesting web pages based on a user-specified URL and receiving and displaying the returned web pages.
- Workstation 10 also includes a web page analysis program 13 according to the present invention to determine whether the returned web page is the one requested by the user or whether the returned web page is instead a redirected web page.
- Workstation 10 also includes a known CPU 14 to execute web browser 12 and web analysis program 13 , a RAM 16 , a ROM 18 , disk storage 20 and a TCP/IP interface 21 to the Internet 22 .
- Workstation 10 is coupled via Internet 22 to a server 32 .
- Server 32 includes a known CPU 44 , RAM 46 , ROM 48 and disk storage 50 .
- CPU 44 executes an application program 34 requested by a user of workstation 10 .
- the user of workstation 10 may request a web page from application 34 by specifying a URL representing application 34 and the web page.
- Server 32 also includes a redirected application program 36 which supplies to the user at workstation 10 a redirected web page, when application 34 redirects the user request to application program 36 .
- There are many possible reasons why application 34 redirects the user request to application 36 For example, the user may have requested an application by a generic name, and there is no such application at the user-specified URL. As other examples, the user may have requested a sensitive web page which the user is not allowed to access, or the user's session with the user-specified application may have timed-out. The reason for the redirection is not part of the present invention.
- program 13 determines whether the web page which is returned to the user is the one requested by the user or is instead, a redirected web page.
- FIG. 4 illustrates the web page analysis program 13 in more detail.
- program 13 fetches the returned web page from memory or storage of workstation 10 .
- the web page is in HTML form with text fields and image fields enclosed by respective symbols.
- Program 13 can be used to analyze all returned web pages or only those of concern.
- the workstation 10 can execute a vulnerability scanning program tool 19 .
- Tool 19 identifies several returned web pages as sensitive web pages which should not have been returned, i.e.
- program 13 can be invoked to test these returned web pages to determine whether they are the requested web pages, in which case they represent security “holes,” or whether they are redirected web pages, in which case they do not represent security “holes.”
- program 13 scans the text within the HTML for commonly used text phrases found on redirected web pages (step 102 ). For example, such text can be “page not found,” “page does not exist,” or “bad request.”
- Program 13 obtains a list of such commonly used text phrases from a file 104 within RAM 16 . If one of the text phrases stored in file 104 is found on the returned web page (decision 104 , yes branch), then program 13 concludes that the returned web page is a redirected web page (step 106 ). However, if one of the text phrases stored in file 104 is not found (decision 104 , no branch), then program 13 creates a “dummy” URL by adding a bogus text extension to the URL of the returned web page (step 110 ).
- the bogus text extension comprises text that is not likely to match any real application, such as “NoWayThisPageExists.” (The actual character string is not important as long as it is not likely to match a real application.) For example, if the URL of the returned web page is “http:/www.IBM.com,” then the “dummy” URL can be “http:/www.IBM.com/NoWayThisPageExists.” Program 13 forwards the dummy URL to web browser 12 when requests the corresponding web page. The same application which returned the web page will likely receive the dummy URL because the dummy URL has the same beginning as that of the returned web page. However, the application which returned the web page will not likely recognize the extension.
- program 13 will compare the text and graphics in the redirected web page returned by the default application to the text and graphics in the web page returned earlier (step 120 ). If they are the same (decision 122 , yes branch), then program 13 concludes that the web page returned earlier was a redirected web page (step 106 ).
- the program 13 concludes that the web page returned earlier was not a redirected web page (step 126 ). It is possible that there are two or more different redirected web pages for the originally specified application, and the dummy URL may return a different redirected web page than the redirected web page that was originally returned. In such a case, program 13 will conclude that the web page that was originally returned was not redirected, which is incorrect.
- Web page analysis program 13 can be loaded into workstation 10 from a computer storage medium such as magnetic disk, CD-ROM or DVD, or downloaded from the Internet 22 via TCP/IP interface 21 .
Abstract
System, method and program product determine redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application. A first URL is sent to the application, and in response, a first web page is received from the application. A second URL is created by appending one or more characters to the first URL. The second URL is unrecognizable by the application. A request for the second URL is sent to the application, and in response, a second web page is received. The content of the second web page is compared to the content of the first web page. If the content of the second web page matches the content of the first web page, a record is made indicating that the first web page is a redirected web page.
Description
- This application is a continuation of patent application Ser. No. 11/122,663, filed May 5, 2005, entitled System, Method and Program Product for Determining if a User has Received A Redirected Web Page, the entirety of which is incorporated herein by reference.
- n/a
- The present invention relates generally to a method, system and computer program product for determining whether a web browser user has received a redirected web page, and more specifically, to a method, system and computer program product for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application.
- The World Wide Web (“WWW”) is well known today. Users of client computers with web browsers request web pages by specifying a URL, either by typing the URL into an address field or selecting a link for a URL. Typically, the user requests the web page using HTTP. Web pages are often a user interface to an application hosted by a server and contain information, such as product information, related to the application. Such web pages often include links to access other web pages or invoke services of the application. Other web pages are merely informational, and do not provide an operational interface to any application.
- In response to a user request for a web page (where the user request specifies a URL), the user's web browser obtains from a domain name server (“DNS”) an IP address of a server and application on the server represented by the URL. Then the web browser forwards the client request for the web page to the (IP address of the) server/application. In response, the requested application on the server returns the requested web page, and a return code of “2xx” indicating that the requested web page was successfully located and returned.
- Occasionally, the server or application addressed by the user-specified URL redirects the user request to another server and/or application which returns a “redirected” web page (not the one represented by the user-specified URL). For example, a user may request a web page for a presumed URL based on a generic product name, and a proxy server listed in a domain name server as responsible for that URL will redirect that request to another server and application which provides information or services relating to the generic product. As another example, a vulnerability scanning tool can simulate requests made by a person outside of a firewall or an enterprise being tested to determine if the person can access sensitive web pages from an application within the firewall or enterprise being tested. If so, this represents a security “hole.” If not, the server and application addressed by the tool will redirect the request to a default URL which returns a “Sorry, Page Not Found” web page and a return code other than “2xx” to indicate that the returned page was not the one requested. As another example, if a hyperlink requested by a user is not functioning, the server executing the connection may redirect the user to a web page indicating a request was not successful. As another example, a load balancer or network dispatcher which receives a user request for a URL that does not exist or is not accessible may redirect the user request to a default “page not found” web page.
- When a server returns a web page other than the one requested by the user, i.e. other than the one represented by the user-specified URL, the server typically provides with the web page a return code other then a “2xx.” An RFC2068 industry standard defines five classifications for HTTP return codes: A “1xx” return code means that the server to which the request was sent is processing the request. A “2xx” return code means that the request was successfully received, understood and accepted. A “3xx” return code means that the request was redirected, and a user must take further action to complete the request such as to wait or to select another link on a redirection web page. A “4xx” return code means a client error such as bad syntax, and cannot be fulfilled. A “5xx” return code means a server error such that the server failed to fulfill an apparently valid request. However, the application which returns the redirected web page may be programmed to return a different return code for a variety of reasons. For example, the application which returns the redirected web page with the misleading return code may want to abstract or conceal the fact that the user request was redirected or may have a valid security reason for concealing the redirection. In many cases, the redirected web page does not indicate anywhere else in the web page that the web page is redirected. In other cases, the application which returns the redirected web page may be programmed to return a web page such as illustrated in
FIG. 1 which does not include the proper “404” return code, but clearly states in text that the requested web page was not found. Even though this web page indicates in text that the web page was not found, if the requester is a program tool looking for a return code, then the program tool will not recognize this web page as redirected. - There are various situations where the user needs to know that the web page which was returned was not the one requested. In some of these cases the “user” is a person, and in other cases the “user” is a program executing on the user's workstation. For example, consider when the foregoing vulnerability scanning tool simulates requests made by a person, and the application addressed by the tool recognizes the tool as not authorized to access the web page. In such a case, instead of returning the sensitive web page, the addressed application redirects the request to a default application which returns a “Sorry, Page Not Found” web page. If the default application does not return the industry standard “404” code (representing “page not found”), the vulnerability scanning tool may interpret the redirected web page as the one requested by the tool, and conclude that the sensitive web page was returned and a “hole” exists in the security system.
-
FIG. 2 illustrates another type of known redirected web page. The user-requested application has redirected the user request to a known “time-out” application (because the user's connection to the user-requested application has timed-out). The time-out application returns a redirected web page requesting the user to logon again, instead of the web page to interface to the requested application. Even though this is a redirected web page, the “time-out” application included a “252” (non-redirected) status return code in the URL field: http://129.33.31.252/cgi-bin/ctguests.idc. Consequently, if the “user” is the foregoing vulnerability scanning tool, the tool may interpret this web page as the one originally requested by the tool, calculate that the web page was returned after the expiration of the time-out period, and conclude that a “hole” exists in the security system. - Therefore, a need exists to enable a web browser or associated program to better detect when a user request for a web page has been redirected.
- The present advantageously provides a system, method and computer program product for determining for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application. Generally, a web page received from an application is deemed a redirected web page if the content of the original web page matches the content of a second web page returned in response to sending the application an altered URL.
- In accordance with one aspect of the present invention, a method is provided for determining redirection of a URL sent by a web browser to an application. A first URL is sent to the application, and in response, a first web page is received from the application. A second URL is created by appending one or more characters to the first URL. The second URL is unrecognizable by the application. A request for the second URL is sent to the application, and in response, a second web page is received. The content of the second web page is compared to the content of the first web page. If the content of the second web page matches the content of the first web page, a record is made indicating that the first web page is a redirected web page.
- In accordance with another aspect of the present invention, a system for determining redirection of a URL includes an application, a web browser, and a processor. The web browser is communicatively coupled to the application and the processor. The web browser operates to send a first URL to the application, and in response, receive a first web page from the application. The web browser further operates to send a request to the application for a second URL, the second URL being unrecognizable by the application, and in response, receive a second web page. The processor operates to create the second URL by appending one or more characters to the first URL. The processor further operates to compare content of the second web page to content of the first web page, and if the content of the second web page matches the content of the first web page, make a record indicating that the first web page is a redirected web page.
- In accordance with yet another aspect of the present invention, a computer program product for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application includes program instructions stored on a computer readable medium. The first program instructions send a first URL to the application, and in response, receive a first web page from the application. The second program instructions create a second URL by appending one or more characters to the first URL. The second URL is unrecognizable by the application. Third program instructions send a request to the application for the second URL, and in response, receive a second web page. Fourth program instructions compare the content of the second web page to the content of the first web page. If the content of the second web page matches the content of the first web page, fifth program instructions make a record indicating that the first web page is a redirected web page.
- A more complete understanding of the present invention, and the attendant advantages and features thereof, will be more readily understood by reference to the following detailed description when considered in conjunction with the accompanying drawings wherein:
-
FIG. 1 is a redirected web page according to the Prior Art. -
FIG. 2 is another redirected web page according to the Prior Art. -
FIG. 3 is a block diagram of a user workstation which includes a web browser according to the prior art, and a web page analysis program according to the present invention. -
FIG. 4 is a flow chart of the web page analysis program ofFIG. 3 . - The present invention will now be described in detail with reference to the figures.
FIG. 3 illustrates a user'sworkstation 10 which includes aweb browser 12 such as Microsoft Explorer or Netscape Navigator web browser.Web browser 12 includes the known functions of requesting web pages based on a user-specified URL and receiving and displaying the returned web pages.Workstation 10 also includes a webpage analysis program 13 according to the present invention to determine whether the returned web page is the one requested by the user or whether the returned web page is instead a redirected web page.Workstation 10 also includes a knownCPU 14 to executeweb browser 12 andweb analysis program 13, aRAM 16, aROM 18,disk storage 20 and a TCP/IP interface 21 to theInternet 22.Workstation 10 is coupled viaInternet 22 to aserver 32.Server 32 includes a knownCPU 44,RAM 46,ROM 48 anddisk storage 50.CPU 44 executes anapplication program 34 requested by a user ofworkstation 10. The user ofworkstation 10 may request a web page fromapplication 34 by specifying aURL representing application 34 and the web page.Server 32 also includes a redirectedapplication program 36 which supplies to the user at workstation 10 a redirected web page, whenapplication 34 redirects the user request toapplication program 36. There are many possible reasons whyapplication 34 redirects the user request toapplication 36. For example, the user may have requested an application by a generic name, and there is no such application at the user-specified URL. As other examples, the user may have requested a sensitive web page which the user is not allowed to access, or the user's session with the user-specified application may have timed-out. The reason for the redirection is not part of the present invention. - As noted above,
program 13 determines whether the web page which is returned to the user is the one requested by the user or is instead, a redirected web page.FIG. 4 illustrates the webpage analysis program 13 in more detail. Instep 100,program 13 fetches the returned web page from memory or storage ofworkstation 10. Typically, the web page is in HTML form with text fields and image fields enclosed by respective symbols.Program 13 can be used to analyze all returned web pages or only those of concern. For example, theworkstation 10 can execute a vulnerability scanning program tool 19. Tool 19 identifies several returned web pages as sensitive web pages which should not have been returned, i.e. security “holes.” In such a case,program 13 can be invoked to test these returned web pages to determine whether they are the requested web pages, in which case they represent security “holes,” or whether they are redirected web pages, in which case they do not represent security “holes.” - Next,
program 13 scans the text within the HTML for commonly used text phrases found on redirected web pages (step 102). For example, such text can be “page not found,” “page does not exist,” or “bad request.”Program 13 obtains a list of such commonly used text phrases from afile 104 withinRAM 16. If one of the text phrases stored infile 104 is found on the returned web page (decision 104, yes branch), thenprogram 13 concludes that the returned web page is a redirected web page (step 106). However, if one of the text phrases stored infile 104 is not found (decision 104, no branch), thenprogram 13 creates a “dummy” URL by adding a bogus text extension to the URL of the returned web page (step 110). The bogus text extension comprises text that is not likely to match any real application, such as “NoWayThisPageExists.” (The actual character string is not important as long as it is not likely to match a real application.) For example, if the URL of the returned web page is “http:/www.IBM.com,” then the “dummy” URL can be “http:/www.IBM.com/NoWayThisPageExists.”Program 13 forwards the dummy URL toweb browser 12 when requests the corresponding web page. The same application which returned the web page will likely receive the dummy URL because the dummy URL has the same beginning as that of the returned web page. However, the application which returned the web page will not likely recognize the extension. Consequently, the application which returned the web page will redirect the request to a default application which handles improperly addressed URLs. This default application, which may be the same as the application which returned the web page, will return a redirected web page. Then,program 13 will compare the text and graphics in the redirected web page returned by the default application to the text and graphics in the web page returned earlier (step 120). If they are the same (decision 122, yes branch), thenprogram 13 concludes that the web page returned earlier was a redirected web page (step 106). It should be noted that if the originally returned web page includes a graphical drawing of “Page Not Found” or a text phrase which is not included infile 106 but nevertheless indicates a redirection, this will not be detected instep 102, but will be detected instep 120. Referring again todecision 122, no branch where the two web pages are not the same, then theprogram 13 concludes that the web page returned earlier was not a redirected web page (step 126). It is possible that there are two or more different redirected web pages for the originally specified application, and the dummy URL may return a different redirected web page than the redirected web page that was originally returned. In such a case,program 13 will conclude that the web page that was originally returned was not redirected, which is incorrect. Nevertheless, in most cases, there is only one redirected web page for each user-specified URL. So, when the web page that was originally returned does not match the one returned from the dummy URL, it is likely that the web page that was originally returned was the one requested by the user, and not a redirected web page. For those applications where the present invention is used to check whether unauthorized/sensitive web pages have been returned to a vulnerability checking tool,program 13 can identify as redirected (and therefore, not security violations) most of the web pages identified by the vulnerability checking tool as unauthorized security violations. So, the present invention will reduce the number of web pages that an operator will need to check manually. - Web
page analysis program 13 can be loaded intoworkstation 10 from a computer storage medium such as magnetic disk, CD-ROM or DVD, or downloaded from theInternet 22 via TCP/IP interface 21. - Based on the foregoing, a system, method and program product have been disclosed for determining if a web page returned to a web browser is a redirected web page. However, numerous modifications and substitutions can be made without deviating from the scope of the present invention. Therefore, the present invention has been disclosed by way of illustration and not limitation, and reference should be made to the following claims to determine the scope of the present invention.
Claims (20)
1. A method for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application, said method comprising the steps of:
sending a first URL to said application, and in response, receiving a first web page from said application;
creating a second URL by appending one or more characters to said first URL, said second URL being unrecognizable by said application;
sending a request to said application for said second URL, and in response, receiving a second web page;
comparing content of said second web page to content of said first web page; and
responsive to determining that said content of said second web page matches said content of said first web page, making a record indicating that the first web page is a redirected web page.
2. The method as set forth in claim 1 , further comprising the steps of:
responsive to determining that said content of said second web page does not match said content of said first web page, making a record indicating that said first web page was not determined to be a redirected web page.
3. The method as set forth in claim 1 , wherein said one or more characters are chosen such that said second URL is not likely to be recognized by said application.
4. The method as set forth in claim 1 , wherein the comparing step comprises comparing text of said second web page to text of said first web page.
5. The method as set forth in claim 4 , wherein the comparing step further comprises comparing graphics of said second web page to graphics of said first web page.
6. The method as set forth in claim 1 , wherein the comparing step comprises comparing graphics of said second web page to graphics of said first web page.
7. The method as set forth in claim 1 , further comprising the step of scanning content of said first web page for a text phrase indicative of a redirected web page.
8. The method as set forth in claim 7 , wherein said text phrase indicative of a redirected web page includes at least one of “page not found,” “page does not exist,” “bad request” and “404”.
9. A system for determining redirection of a Uniform Resource Locator (“URL”), said system comprising:
an application;
a web browser communicatively coupled to the application, the web browser operating to:
send a first URL to said application, and in response, receive a first web page from said application; and
send a request to said application for a second URL, said second URL being unrecognizable by said application, and in response, receive a second web page; and
a processor communicatively coupled to the web browser, said processor operating to:
create said second URL by appending one or more characters to said first URL;
compare content of said second web page to content of said first web page; and
responsive to determining that said content of said second web page matches said content of said first web page, make a record indicating that the first web page is a redirected web page.
10. The system as set forth in claim 9 , wherein responsive to determining that said content of said second web page not match said content of said first web page, said processor is further operable to make a record indicating that said first web page was not determined to be a redirected web page.
11. The system as set forth in claim 9 , wherein said one or more characters are chosen such that said second URL is not likely to be recognized by said application.
12. The system as set forth in claim 9 , wherein the processor compares text of said second web page to text of said first web page.
13. The system as set forth in claim 12 , wherein the processor further operates to compare graphics of said second web page to graphics of said first web page.
14. The system as set forth in claim 9 , wherein the processor further operates to scan content of said first web page for a text phrase indicative of a redirected web page.
15. The system as set forth in claim 14 , wherein said text phrase indicative of a redirected web page includes at least one of “page not found,” “page does not exist,” “bad request” and “404”.
16. A computer program product for determining redirection of a Uniform Resource Locator (“URL”) sent by a web browser to an application, said computer program product comprising program instructions stored on a computer readable medium, the program instructions comprising:
first program instructions to send a first URL to said application, and in response, receive a first web page from said application;
second program instructions to create a second URL by appending one or more characters to said first URL, said second URL being unrecognizable by said application;
third program instructions to send a request to said application for said second URL, and in response, receive a second web page;
fourth program instructions to compare content of said second web page to content of said first web page; and
responsive to determining that said content of said second web page matches said content of said first web page, fifth program instructions to make a record indicating that the first web page is a redirected web page.
17. The computer program product as set forth in claim 16 , wherein said one or more characters are chosen such that said second URL is not likely to be recognized by said application.
18. The computer program product as set forth in claim 16 , further comprising responsive to said content of said second web page not matching said content of said first web page, sixth program instructions to make a record that said first web page was not determined to be a redirected web page.
19. The computer program product as set forth in claim 16 , further comprising sixth program instructions to scan content of said first web page for a text phrase indicative of a redirected web page.
20. The computer program product as set forth in claim 19 , wherein said text phrase indicative of a redirected web page includes at least one of “page not found,” “page does not exist,” “bad request” and “404”.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/204,193 US20090006424A1 (en) | 2005-05-05 | 2008-09-04 | System, method and program product for determining if a user has received a redirected web page |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/122,663 US7467146B2 (en) | 2005-05-05 | 2005-05-05 | System, method and program product for determining whether a web page returned to a web browser is a redirected web page |
US12/204,193 US20090006424A1 (en) | 2005-05-05 | 2008-09-04 | System, method and program product for determining if a user has received a redirected web page |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/122,663 Continuation US7467146B2 (en) | 2005-05-05 | 2005-05-05 | System, method and program product for determining whether a web page returned to a web browser is a redirected web page |
Publications (1)
Publication Number | Publication Date |
---|---|
US20090006424A1 true US20090006424A1 (en) | 2009-01-01 |
Family
ID=37395202
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/122,663 Expired - Fee Related US7467146B2 (en) | 2005-05-05 | 2005-05-05 | System, method and program product for determining whether a web page returned to a web browser is a redirected web page |
US12/204,193 Abandoned US20090006424A1 (en) | 2005-05-05 | 2008-09-04 | System, method and program product for determining if a user has received a redirected web page |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/122,663 Expired - Fee Related US7467146B2 (en) | 2005-05-05 | 2005-05-05 | System, method and program product for determining whether a web page returned to a web browser is a redirected web page |
Country Status (1)
Country | Link |
---|---|
US (2) | US7467146B2 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110231511A1 (en) * | 2008-08-26 | 2011-09-22 | Alibaba Group Holding Limited | In-Server Redirection of HTTP Requests |
CN103390019A (en) * | 2012-05-11 | 2013-11-13 | 索尼公司 | Information processing apparatus, information processing method, and program |
US9832200B2 (en) | 2015-12-14 | 2017-11-28 | Bank Of America Corporation | Multi-tiered protection platform |
US9832229B2 (en) | 2015-12-14 | 2017-11-28 | Bank Of America Corporation | Multi-tiered protection platform |
US9992163B2 (en) | 2015-12-14 | 2018-06-05 | Bank Of America Corporation | Multi-tiered protection platform |
CN110209982A (en) * | 2019-05-28 | 2019-09-06 | 北京金堤科技有限公司 | Page data processing and device |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7774459B2 (en) | 2006-03-01 | 2010-08-10 | Microsoft Corporation | Honey monkey network exploration |
US20070288473A1 (en) * | 2006-06-08 | 2007-12-13 | Rajat Mukherjee | Refining search engine data based on client requests |
US7877396B1 (en) * | 2006-10-12 | 2011-01-25 | At&T Intellectual Property Ii, L.P. | Method and apparatus for detecting and extracting information from dynamically generated web pages |
US20090300012A1 (en) * | 2008-05-28 | 2009-12-03 | Barracuda Inc. | Multilevel intent analysis method for email filtration |
US8800040B1 (en) * | 2008-12-31 | 2014-08-05 | Symantec Corporation | Methods and systems for prioritizing the monitoring of malicious uniform resource locators for new malware variants |
US8346229B2 (en) * | 2010-02-26 | 2013-01-01 | Research In Motion Limited | Scheduling and delivering ad meetings |
US9430581B2 (en) * | 2010-06-02 | 2016-08-30 | Paypal, Inc. | Method and system for detecting slow page load |
US9065885B2 (en) | 2010-06-02 | 2015-06-23 | Ebay Inc. | Method and system for detecting slow page load |
US8832283B1 (en) * | 2010-09-16 | 2014-09-09 | Google Inc. | Content provided DNS resolution validation and use |
JP5824974B2 (en) * | 2011-08-31 | 2015-12-02 | ブラザー工業株式会社 | Image processing device |
CN106547806B (en) * | 2015-09-23 | 2020-12-18 | 阿里巴巴集团控股有限公司 | Page loading method and device |
US11271933B1 (en) * | 2020-01-15 | 2022-03-08 | Worldpay Limited | Systems and methods for hosted authentication service |
Citations (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5712979A (en) * | 1995-09-20 | 1998-01-27 | Infonautics Corporation | Method and apparatus for attaching navigational history information to universal resource locator links on a world wide web page |
US5860071A (en) * | 1997-02-07 | 1999-01-12 | At&T Corp | Querying and navigating changes in web repositories |
US5941944A (en) * | 1997-03-03 | 1999-08-24 | Microsoft Corporation | Method for providing a substitute for a requested inaccessible object by identifying substantially similar objects using weights corresponding to object features |
US6269362B1 (en) * | 1997-12-19 | 2001-07-31 | Alta Vista Company | System and method for monitoring web pages by comparing generated abstracts |
US6401077B1 (en) * | 1999-05-28 | 2002-06-04 | Network Commerce, Inc. | Method and system for providing additional behavior through a web page |
US6438125B1 (en) * | 1999-01-22 | 2002-08-20 | Nortel Networks Limited | Method and system for redirecting web page requests on a TCP/IP network |
US20020116411A1 (en) * | 2001-02-16 | 2002-08-22 | Peters Marcia L. | Self-maintaining web browser bookmarks |
US6449765B1 (en) * | 1999-08-09 | 2002-09-10 | Acceleration Software International Corporation | Varying web page link based on user and web page status |
US6470027B1 (en) * | 1999-04-30 | 2002-10-22 | At&T Corp. | System and method for providing message redirection in networked environments |
US20030037250A1 (en) * | 2001-06-29 | 2003-02-20 | Doodlebug Online, Inc. | System and method for securely accessing data on content servers using dual encrypted paths from a central authorization host |
US20030220912A1 (en) * | 2002-05-24 | 2003-11-27 | Fain Daniel C. | Method and apparatus for categorizing and presenting documents of a distributed database |
US20040107282A1 (en) * | 2002-12-03 | 2004-06-03 | Krishnendu Chakraborty | System and method for preserving post data on a server system |
US20050015512A1 (en) * | 2003-05-23 | 2005-01-20 | International Business Machines Corporation | Targeted web page redirection |
US20050076051A1 (en) * | 2003-10-07 | 2005-04-07 | Carobus Alexander Paul | Serving content-targeted ADS in e-mail, such as e-mail newsletters |
US20050165800A1 (en) * | 2004-01-26 | 2005-07-28 | Fontoura Marcus F. | Method, system, and program for handling redirects in a search engine |
US20050232480A1 (en) * | 2000-05-26 | 2005-10-20 | Swift Dana B | Evaluating graphic image files for objectionable content |
US20050251496A1 (en) * | 2002-05-24 | 2005-11-10 | Decoste Dennis M | Method and apparatus for categorizing and presenting documents of a distributed database |
US20060015573A1 (en) * | 2004-06-30 | 2006-01-19 | Microsoft Corporation | System and method for automatic redirection to stored web resources upon access failure |
US20060031382A1 (en) * | 2004-06-04 | 2006-02-09 | Arvind Pradhakar | System and method for translating fully qualified domain name access in a browser environment |
US20060112089A1 (en) * | 2004-11-22 | 2006-05-25 | International Business Machines Corporation | Methods and apparatus for assessing web page decay |
US7401287B2 (en) * | 2003-11-28 | 2008-07-15 | Fuji Xerox Co., Ltd. | Device, method, and computer program product for generating information of link structure of documents |
US7627613B1 (en) * | 2003-07-03 | 2009-12-01 | Google Inc. | Duplicate document detection in a web crawler system |
-
2005
- 2005-05-05 US US11/122,663 patent/US7467146B2/en not_active Expired - Fee Related
-
2008
- 2008-09-04 US US12/204,193 patent/US20090006424A1/en not_active Abandoned
Patent Citations (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5712979A (en) * | 1995-09-20 | 1998-01-27 | Infonautics Corporation | Method and apparatus for attaching navigational history information to universal resource locator links on a world wide web page |
US5860071A (en) * | 1997-02-07 | 1999-01-12 | At&T Corp | Querying and navigating changes in web repositories |
US5941944A (en) * | 1997-03-03 | 1999-08-24 | Microsoft Corporation | Method for providing a substitute for a requested inaccessible object by identifying substantially similar objects using weights corresponding to object features |
US6269362B1 (en) * | 1997-12-19 | 2001-07-31 | Alta Vista Company | System and method for monitoring web pages by comparing generated abstracts |
US6438125B1 (en) * | 1999-01-22 | 2002-08-20 | Nortel Networks Limited | Method and system for redirecting web page requests on a TCP/IP network |
US6470027B1 (en) * | 1999-04-30 | 2002-10-22 | At&T Corp. | System and method for providing message redirection in networked environments |
US6401077B1 (en) * | 1999-05-28 | 2002-06-04 | Network Commerce, Inc. | Method and system for providing additional behavior through a web page |
US6449765B1 (en) * | 1999-08-09 | 2002-09-10 | Acceleration Software International Corporation | Varying web page link based on user and web page status |
US20050232480A1 (en) * | 2000-05-26 | 2005-10-20 | Swift Dana B | Evaluating graphic image files for objectionable content |
US20020116411A1 (en) * | 2001-02-16 | 2002-08-22 | Peters Marcia L. | Self-maintaining web browser bookmarks |
US20030037250A1 (en) * | 2001-06-29 | 2003-02-20 | Doodlebug Online, Inc. | System and method for securely accessing data on content servers using dual encrypted paths from a central authorization host |
US20030220912A1 (en) * | 2002-05-24 | 2003-11-27 | Fain Daniel C. | Method and apparatus for categorizing and presenting documents of a distributed database |
US20050251496A1 (en) * | 2002-05-24 | 2005-11-10 | Decoste Dennis M | Method and apparatus for categorizing and presenting documents of a distributed database |
US20040107282A1 (en) * | 2002-12-03 | 2004-06-03 | Krishnendu Chakraborty | System and method for preserving post data on a server system |
US7237030B2 (en) * | 2002-12-03 | 2007-06-26 | Sun Microsystems, Inc. | System and method for preserving post data on a server system |
US20050015512A1 (en) * | 2003-05-23 | 2005-01-20 | International Business Machines Corporation | Targeted web page redirection |
US7627613B1 (en) * | 2003-07-03 | 2009-12-01 | Google Inc. | Duplicate document detection in a web crawler system |
US7203684B2 (en) * | 2003-10-07 | 2007-04-10 | Google, Inc | Serving content-targeted ADS in e-mail, such as e-mail newsletters |
US20050076051A1 (en) * | 2003-10-07 | 2005-04-07 | Carobus Alexander Paul | Serving content-targeted ADS in e-mail, such as e-mail newsletters |
US7401287B2 (en) * | 2003-11-28 | 2008-07-15 | Fuji Xerox Co., Ltd. | Device, method, and computer program product for generating information of link structure of documents |
US20050165800A1 (en) * | 2004-01-26 | 2005-07-28 | Fontoura Marcus F. | Method, system, and program for handling redirects in a search engine |
US20060031382A1 (en) * | 2004-06-04 | 2006-02-09 | Arvind Pradhakar | System and method for translating fully qualified domain name access in a browser environment |
US20060015573A1 (en) * | 2004-06-30 | 2006-01-19 | Microsoft Corporation | System and method for automatic redirection to stored web resources upon access failure |
US20060112089A1 (en) * | 2004-11-22 | 2006-05-25 | International Business Machines Corporation | Methods and apparatus for assessing web page decay |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110231511A1 (en) * | 2008-08-26 | 2011-09-22 | Alibaba Group Holding Limited | In-Server Redirection of HTTP Requests |
US9065865B2 (en) * | 2008-08-26 | 2015-06-23 | Alibaba Group Holding Limited | In-server redirection of HTTP requests |
US9241042B2 (en) | 2008-08-26 | 2016-01-19 | Alibaba Group Holding Limited | In-server redirection of HTTP requests |
US9344513B2 (en) | 2008-08-26 | 2016-05-17 | Alibaba Group Holding Limited | In-server redirection of HTTP requests |
US9986056B2 (en) | 2008-08-26 | 2018-05-29 | Alibaba Group Holding Limited | In-server redirection of HTTP requests |
CN103390019A (en) * | 2012-05-11 | 2013-11-13 | 索尼公司 | Information processing apparatus, information processing method, and program |
US9832200B2 (en) | 2015-12-14 | 2017-11-28 | Bank Of America Corporation | Multi-tiered protection platform |
US9832229B2 (en) | 2015-12-14 | 2017-11-28 | Bank Of America Corporation | Multi-tiered protection platform |
US9992163B2 (en) | 2015-12-14 | 2018-06-05 | Bank Of America Corporation | Multi-tiered protection platform |
US10263955B2 (en) | 2015-12-14 | 2019-04-16 | Bank Of America Corporation | Multi-tiered protection platform |
CN110209982A (en) * | 2019-05-28 | 2019-09-06 | 北京金堤科技有限公司 | Page data processing and device |
Also Published As
Publication number | Publication date |
---|---|
US20060253454A1 (en) | 2006-11-09 |
US7467146B2 (en) | 2008-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7467146B2 (en) | System, method and program product for determining whether a web page returned to a web browser is a redirected web page | |
JP5254656B2 (en) | Client-side protection through referrer checks against drive-by farming | |
US8893282B2 (en) | System for detecting vulnerabilities in applications using client-side application interfaces | |
US6965939B2 (en) | Method and apparatus for processing requests in a network data processing system based on a trust association between servers | |
US8365271B2 (en) | Controlling access of a client system to access protected remote resources supporting relative URLs | |
KR100320976B1 (en) | Mapping web server objects to tcp/ip ports | |
JP4912400B2 (en) | Immunization from known vulnerabilities in HTML browsers and extensions | |
US6247133B1 (en) | Method for authenticating electronic documents on a computer network | |
US20050021791A1 (en) | Communication gateway apparatus, communication gateway method, and program product | |
JP2004164617A (en) | Automated detection of cross site scripting vulnerability | |
CA2429761A1 (en) | Targeted web page redirection | |
CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
MXPA06002206A (en) | System and method for highlighting a domain in a browser display. | |
US20040010710A1 (en) | Method and system for filtering requests to a web site | |
US20070239732A1 (en) | Method and system for providing improved URL mangling performance using fast re-write | |
CA2437273C (en) | Network conduit for providing access to data services | |
WO2001052078A1 (en) | Dead hyper link detection method and system | |
EP1969817B1 (en) | Method and system for externalizing http security message handling with macro support | |
US8650214B1 (en) | Dynamic frame buster injection | |
EP2760183A1 (en) | System for detecting hyperlink faults | |
US20060161660A1 (en) | Method for automatic browsing in interposition mode | |
US20020147812A1 (en) | System and method for enabling applet execution in networks utilizing proxy servers | |
JP2009116407A (en) | Information processor and client/server system | |
CN116910751A (en) | Information security detection method and device, electronic equipment and storage medium | |
CN117201136A (en) | Teacher homepage malicious request current limiting method and system based on bucket leakage principle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |