

Ask HN: How to block links created by URL redirection sites - christefano

Is there a way to block traffic from links created by URL redirection sites? Last week, a short URL was posted to Twitter that erroneously told the world about our staging site. It was later deleted but the damage was done (it shows up in Tweleted and has been saved by countless Twitter clients).<p>I haven't been able to find an answer to this, in spite of all the recent attention that URL shortening services have received lately. Detecting the HTTP referrer doesn't work since referrers don't appear when there's a redirect. Sniffing the browser history (with Aza Raskin's SocialHistory.js trick) doesn't work either, since URL redirection sites only rarely and unpredictably serve images.<p>Is there anything that can be done other than moving the staging site?
======
pclark
How would it be different to them posting the full url?

~~~
christefano
It's possible that it isn't actually any different than posting the un-
shortened URL. Unless I'm mistaken, of course. That's why I'm asking.

------
mikeyur
Why not just password protect the staging site? Would that not help?

Anything publicly accessible is fair game. It's your responsibility to protect
it.

~~~
christefano
I never said that the staging site was publicly accessible. That's beside the
point. What I'm trying to figure out is if there's a way to block or redirect
incoming traffic if it comes from a URL redirection site.

~~~
gojomo
I don't quite understand; why do you care if it comes via URL redirection or a
direct link?

(You could crawl the declared referring URL, and if it does not contain your
URL, but does contain known redirect-site URLs, you could guess -- or deduce
by trying them all -- that one of those links goes to your site.)

------
GrandMasterBirt
The fact is if your url is public with no restrictions whatsoever than you god
bad security

The goal should be to ensure people going to your site know what your real
address is.

~~~
christefano
Believe it or not, this isn't a question about security practices. My question
is if there's a way to block or redirect incoming traffic from a URL
redirection site.

------
skwiddor
I call shenanegins and this talk of a staging site is bullshit

