{"id":2437,"date":"2019-01-31T19:53:40","date_gmt":"2019-01-31T14:23:40","guid":{"rendered":"https:\/\/www.idslogic.com\/blog\/?p=2437"},"modified":"2025-02-24T14:52:52","modified_gmt":"2025-02-24T09:22:52","slug":"open-redirect-protection-is-now-included-in-sitefinity-cms11-1-here-is-how-it-functions","status":"publish","type":"post","link":"https:\/\/www.idslogic.com\/blog\/open-redirect-protection-is-now-included-in-sitefinity-cms11-1-here-is-how-it-functions","title":{"rendered":"Open Redirect Protection Is Now Included in Sitefinity CMS11.1: Here Is How It Functions"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_72 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.idslogic.com\/blog\/open-redirect-protection-is-now-included-in-sitefinity-cms11-1-here-is-how-it-functions\/#Introducing_the_Open_Redirect_Protection_as_Part_of_the_Web_Security_Module\" title=\"Introducing the Open Redirect Protection as Part of the Web Security Module\">Introducing the Open Redirect Protection as Part of the Web Security Module<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.idslogic.com\/blog\/open-redirect-protection-is-now-included-in-sitefinity-cms11-1-here-is-how-it-functions\/#How_Sitefinity_111_CMS_Helps\" title=\"How Sitefinity 11.1 CMS Helps?\">How Sitefinity 11.1 CMS Helps?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p><span style=\"font-size: 14pt;\">Website security is one of the most important things that needs to be considered by the developers to protect it against any cyber-attacks. Sitefinity CMS is a leading software that allows business owners to create rich and functional websites.\u00a0 <\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Having a basic web security habit is important. Considering this <span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"\/blog\/what-to-expect-from-sitefinity-11-1-beta-release\">Sitefinity 11.1 Version<\/a><\/span> has come up with a built in redirect validation mechanism that helps to protect the site against any redirect vulnerabilities. This helps to reduce attacks from the hackers.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">To keep your website safe, it is recommended that you should adopt the basic web security habits of checking the hyperlinks before clicking them.\u00a0 <\/span><\/p>\n<p><span style=\"font-size: 14pt;\">But in real life and with a busy schedule and having to open hundreds of links to gather information, this appears to be infeasible at times. The truth is, users never have so much time to inspect every link to check if they are unsafe to use.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sitefinity 11.1 has taken a lot of burden out of your plate by-<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Introducing_the_Open_Redirect_Protection_as_Part_of_the_Web_Security_Module\"><\/span><span style=\"font-size: 18pt; color: #008000;\">Introducing the Open Redirect Protection as Part of the Web Security Module<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<blockquote><p><span style=\"color: #000080; font-size: 14pt;\"><em>I will discuss the problem in details and help you understand how Sitefinity CMS helps to solve the issue:<\/em><\/span><\/p><\/blockquote>\n<p><span style=\"font-size: 14pt;\">Let\u2019s assume that you are the owner of a popular ecommerce website and the URL is <strong>http:\/\/testwebsite.com<\/strong> it has some logic assigned based on the query string value which redirects the users to the desired payment provider. <\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Now a cyber-attacker exploits this vulnerability by creating a site that has a similar look and feel having a payment provider that you are using.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Since your site is a popular one, it is also easy for the attackers to send fraud emails having \u201cConfirm your payment details\u201d subject line to the users.\u00a0 <\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Now this email will contain a hyperlink that will lead to your site, but in the query string they will pass the URL of the duplicate site. Here is how it functions for the unsuspecting user:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\">The user gets the link in the email and clicks it<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">A browser opens to serve the link, and then sends a request to the server.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Now the server processes the query and sends the answer to the browser, thereby asking it to take the user to another location i.e. the duplicate site<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">The user doesn\u2019t notice the problem and proceeds by making their payment details.<\/span><\/li>\n<\/ol>\n<p><a href=\"https:\/\/www.idslogic.com\/dedicated-sitefinity-developer\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-2971 size-full\" src=\"https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer.png\" alt=\"Hire Sitefinity Developer\" width=\"790\" height=\"94\" srcset=\"https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer.png 790w, https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer-300x36.png 300w, https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer-768x91.png 768w, https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer-560x67.png 560w\" sizes=\"auto, (max-width: 790px) 100vw, 790px\" \/><\/a><\/p>\n<hr \/>\n<h3><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"How_Sitefinity_111_CMS_Helps\"><\/span><span style=\"color: #003300; font-size: 18pt;\"><strong>How Sitefinity 11.1 CMS Helps? <\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">The web security modules work by verifying a detected redirect attempt against the whitelist of trusted domains. If in case the module detects a redirection to a domain that is not trusted, it intercepts the attempt and displays a warning message instead of redirecting it to the malicious site.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"> The users can now decide on whether to proceed or not, thereby offering higher security to the original website. The redirect validation feature is smart to detect any attempts to external domains. <\/span><\/p>\n<p><span style=\"font-size: 14pt;\">But the redirect validation will not provide any protection if the user clicks on the link which directly points to the external domain.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Redirect validation is now enabled by default for all Sitefinity CMS based projects so that you remain protected from any false transactions. <\/span><\/p>\n<p><span style=\"font-size: 14pt;\">This feature in not present by default for any upgraded projects, so make sure to add it to your upgrade to-do checklist.<\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.idslogic.com\/how-sitefinity-cms-integration-with-other-systems-can-boost-the-organizations-productivity\/\"><span style=\"color: #ff0000;\">Sitefinity Integration with Other Systems: Benefits<\/span><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Website security is one of the most important things that needs to be considered by the developers to protect it against any cyber-attacks. Sitefinity CMS is a leading software that allows business owners to create rich and functional websites.\u00a0 Having&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2438,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[251],"tags":[750,226,751],"class_list":["post-2437","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sitefinity","tag-sitefinity-11-1-version","tag-sitefinity-development","tag-sitefinity-open-redirection-protection"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/comments?post=2437"}],"version-history":[{"count":4,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2437\/revisions"}],"predecessor-version":[{"id":10540,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2437\/revisions\/10540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media\/2438"}],"wp:attachment":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media?parent=2437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/categories?post=2437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/tags?post=2437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}