What is URL Redirection?

The uniform resource locator, or URL, of a webpage is like its address on the web. URL redirection allows one URL to lead a user directly to another. This redirection may be done for a wide range of reasons, both benign and malevolent.

There are a large number of ways to set up a URL redirection. Most website users are able to set it up directly through their host. Others involve the auto-refresh function common on some older browsers and the ‘3’ codes that indicate temporary or permanent redirections. Whichever the method, there are a number of reasons why users would want to redirect web traffic.

A common reason is to cover easy misspellings or variations of their website. A site named ‘Way-to-go.com' may find that several users attempt to type in ‘Waytogo.com’ or ‘Way-togo.com’ or even ‘Way-to-go.net.’ A site owner would purchase all of these names and set each of them to link back to the original site. That way, even mistyped addresses would end up in the right place.

Another common URL redirection involves multiple products on the same website. If a company owns the rights to several well-selling products, it may find that people are attempting to find the corporate site by searching with the product names. In order to make the process easier for customers, the corporate site may have several product sites, such as ‘www.product-one.com’ and ‘www.product-two.com,’ that all lead back to the corporate page.

The last common reason revolves around corporate buyouts. If a company has a well-known and highly used website, it pays to keep that address active. Should that company end up being bought out, then the new company will often set up a URL redirection, allowing users to continue using the original address.

In the past, URL redirection was often used to fool search engines, but this trend has nearly disappeared. Now, the most common reason to set up malicious redirection is as part of a phishing attack. A phishing attack is a method of getting a user to willingly give up personal information about herself. Common URL redirection phishing attacks target popular websites that require log-in information. The user mistypes an address and is redirected to a site that is nearly identical to the one she expected. When she attempts to log in, the site records her information and kicks her out of the system.