Can redirect website/page when site server is down (This Site Can't Be Reached)? - html

is there any possibility to redirect the website or a page on my site, in case the server crashes (is down) ? I mean, I get sometimes the error "This Site Can't Be Reached", because of my hosting servers, and somehow I want to redirect to another website only when this error appears.
can be done, somehow?

Not directly. You can't send an instruction to the browser to redirect if it can't make a connection to your site in the first place.
You can put another service, with better uptime, in front of your site (e.g. Amazon CloudFront) and have your visitors request from their services instead of directly from yours. Obviously this doesn't work so well if you have personalised content.

CloudFront or another edge-cache would do this for you. It stores a copy of your website in a cache that sits in-front of your website. When it detects your website is unhealthy (i.e. down), it can display some predefined html that you store in e.g. an S3 bucket. In terms of redirecting to another website, you could put a link in that html, but it wouldn't be an automatic 'failover' where if your site is down, another entire web page loads.

Related

Can images from another website create cookies on my site?

I have a static website, it only contains html and css. No javascript, no php, no databases. On this site, I'm using images, which I get from image-hosting websites (like imgur).
I've noticed when I visit my website (on Google Chrome at least), if I click the information button next to the URL, it says there are cookies on this site. If I click on the cookies button, it says The following cookies were set when you viewed this page and has a list from cookies, including from those sites that I use for image-hosting.
If I delete them, they come back after a while, but not immediately. I'm trying to avoid cookies as the site is very simple. Are they considered part of my site? If so, is there anything I can do, except hosting the images myself?
I always though that if you link to an image directly (as in a link ending in .png for example) it would be the same as if you were hosting the image yourself, and there would be no javascript being run (to save cookies).
Are they considered part of my site?
That depends on your perspective.
The browser doesn't consider them to be part of your site. Cookies are stored on a per-domain basis, so a cookie received in response to a request for an image from http://example.com will belong to http://example.com and not to your site.
However, for the purpose of privacy laws (such as GDPR) then they are considered part of your site and, if they are used by the third party to track personally identifiable information, you are required to jump through the usual GDPR hoops.
If so, is there anything I can do, except hosting the images myself?
Not really.
I always though that if you link to an image directly (as in a link ending in .png for example) it would be the same as if you were hosting the image yourself, and there would be no javascript being run (to save cookies).
Cookies are generally set with HTTP response headers, not with JavaScript.
Whenever a browser requests a file from a server it automatically forwards any cookie data along with the request. Image Hosting services may use that for different purposes.
I always though that if you link to an image directly (as in a link ending in .png for example) it would be the same as if you were hosting the image yourself, and there would be no javascript being run (to save cookies).
So the question is, how to they set these cookies?
Let's say, you use a simple img tag to load an image from a hoster.
<img src="imageHoster.tld/123xyz.png">
The site imageHoster.tld can handle that request by redirecting all requests to e.g. requestHandler.php and that file can set the cookie before sending the image with a simple
<?
setcookie("cookieName", "whateverValue", time()+3600);
header('content-type: image/png');
...
?>
What happens there is actually the same as if you would set the image source like that:
<img src="imageHoster.tld/requestHandler.php?img=123xyz">
Are they considered part of my site?
Since these so called third party cookies are set when visiting your site one could consider them as part of your site. To be on the safe side I would at least mention the use of third party services in the data privacy statement.
If so, is there anything I can do, except hosting the images myself?
Third party cookies can be disabled in the clients browser. But you can't disable them for the visitors of your site. So no, to avoid third parties setting cookies on client browsers visiting your site you can only avoid using their services.

I have an SSL but the pages are not showing lock signs which I need for my order page

I have an old site I am just about well enough (broken arm + cancer) to start working on again and I have already moved it to another server OVH and added an SSL/TLS certificate to it.
However in Chrome when I visit any page on the site, especially https://www.strictly-software.com/plugins/order.asp it shows either (don't know why refreshes would change it but they do sometimes) the insecure sign with the red line through the https:// part of the URL in the address bar or an information circle.
In Firefox however I get a secure lock sign. It maybe some add-on I have used like a popup blocker or something but I am at a loss to find out what is causing these insecure signs to appear when I need locks, especially on the order page
This morning I spent hours going through loads of JavaScript and CSS (background:http://blah.jpg) etc and changing it so it is local and cannot be changed remotely as well as making any http references into src="//" or href="//" etc.
I thought it must be one of the images on the "add this" pop up but cannot see anything in their code. Then I thought the Twitter scroller might be showing images from http destinations but Twitter wraps them all in their own URL format.
Does anyone know from looking at the generated source code what is making the page insecure?
Surely there should be a list somewhere in the browser that shows what content isn't secure and offers you to load or not load it? I know the information icon lets you load or not lot Flash, images or JavaScript but do you know of how I can find out what content isn't secure on these pages without asking visitors?
Thanks in advance.

Can I show my domain name in links in a URL frame, or similar setup?

I want something between a URL frame and URL redirect.
I have a domain called http://www.mydomain.com.
I have pages on my site. When I click on "page1.html", I would like the address bar of my browser to show "http://www.mydomain.com/page1.html". I want it to show this because then users can click "back" or "forward" in their browsers.
Right now, my domain name provider (Namecheap) has two choices:
URL Frame: This always shows "http://www.mydomain.com", which messes up "back" and "forward" because the subpages aren't shown.
URL Redirect: This causes the address bar to show "http://www.uglydomain.com/subfolder/subsubfolder/page1.html".
What is the best solution? A silly, slightly incomplete solution would be to hard-code all of my links on my pages to "http://www.mydomain.com/page1.html". Can I achieve what I want through .htaccess, redirect rules, or something else?
In theory, if you had access to the site hosting the frame document, you could implement something with pushState and postMessage, but its highly unlikely that you do.
The only real solution is to get proper DNS hosting and point the DNS for the domain at the server hosting your website, and to have sufficiently good hosting that you can set up a virtual name host for the domain on your web server.

how to open https(X-Frame-Options) website in iframe or any html page

I've an app, which loads data from database. In a table I'm storing some URLs EX: https://facebook.com. Remember these URLs are dynamic and are controlled in admin panel.
Now, I need to get contents of these URLs and display it inside iFrame or inside a div within my app. Idea here is user should not go away from my app.
When I tried to load https://facebook.com it never loads because they've (X-Frame-Options) enabled.
Is there any solution for this?
You cannot tell the browser to ignore the security instructions provided by the third party site. That would defeat the object of having them in the first place.
If you want to display the content on your site, then you will have to display it from your own server (e.g. by using a server side process to read the data from the third party site and serve it from your own). Obviously, this will mean that you cannot (for example) load Facebook using the user's own credentials.

URL in Address Bar not Changing for NodeJS powered website

I'm building a website that's entirely hosted on my own VPS using NodeJS since I don't want to pay for hosting and I already had the VPS so I figured why not use it.
The issue I'm having is whenever I click on a link from the homepage and navigate to that page, the website does exactly what it's supposed to do but the url doesn't update in the address bar.
Say my url is www.examplesite.com and when I click a link, it goes to www.examplesite.com/application. The second url isn't reflected in the address bar so when I refresh www.examplesite.com/application, because it says www.examplesite.com in the address bar of Chrome, it reloads the home page.
Is there a way to fix that via node or will I just have to suck it up and buy web hosting? I'll do it eventually but not for a while.
Perhaps you never call res.end(); in your server function?