Preventing Redirection Vulnerabilities

The most effective way to avoid arbitrary redirection vulnerabilities is to not

incorporate user-supplied data into the target of a redirect at all. There are var-

ious reasons why developers are inclined to use this technique, but there are

usually alternatives available. For example, it is common to see a user interface

that contains a list of links, each pointing to a redirection page and passing a

target URL as a parameter. Here, possible alternative approaches include the

following:

■■

Remove the redirection page from the application, and replace links to

■■

Maintain a list of all valid URLs for redirection. Instead of passing the

list. The redirect page should look up the index in its list and return a

redirect to the relevant URL.

If it is considered unavoidable for the redirection page to receive user-

controllable input and incorporate this into the redirect target, one of the fol-

lowing measures should be used to minimize the risk of redirection attacks:

■■

The application should use relative URLs in all of its redirects, and the

URL. It should verify that the user-supplied URL either begins with a

single slash followed by a letter or begins with a letter and does not

contain a colon character before the first slash. Any other input should

be rejected, not sanitized.

■■

The application should use URLs relative to the web root for all of its

http://yourdomainname

.com

to all user-supplied URLs before issuing the redirect. If the user-

prepended with 

http://yourdomainname.com/

.

■■

redirect page should verify that the user-supplied URL begins with

http://yourdomainname.com/

before issuing the redirect. Any other

input should be rejected.