April 2021 updates: new redirect matching settings, HSTS, HTTPS upgrade and custom 404 pages.

This month's improvements include improved redirection matching, various security enhancements and the ability to customize 404 page content.

TechnologistsBy urllo staff13.3.1214 mins
HSTS, HTTPS upgrade and custom 404 pages

In many ways urllo is an internet utility company; we perform a very necessary service that all websites require. Like any good infrastructure developer, we are always looking forward to ensure we are offering the best, most secure solution in an ever changing landscape. It’s with this in mind that we announce the general availability of some exciting enhancements to our URL redirection engine.

Case Insensitive Matching

This highly demanded new feature allows you to ignore case when matching paths and query parameters. When this setting is active, the urllo redirector engine will treat both uppercase and lowercase letters in the path and query parameters as equal. For example, with this setting enabled, the following requests would all be interpreted as the same request:

  • www.example.com/TestPath
  • www.example.com/testpath
  • www.example.com/TESTPATH

This new feature ensures an improved user experience and gets your traffic where it needs to go, regardless of how it’s typed or linked.

Ignore Ending Slashes on Paths

Another feature to improve your customer’s experience is the ability to ignore slashes at the end of the URL. Within urllo's URL redirector dashboard, you now have the option to “Ignore Ending Forward Slashes on Paths” setting. When enabled, the urllo engine will ignore any slashes present at the end of the requested path. For example, the following requests would all be interpreted as the same request:

  • www.example.com/testpath
  • www.example.com/testpath/
  • www.example.com/testpath// (any number of slashes at the end are equal)

New “Match Not Found” Settings and Custom 404 Pages

At its heart, urllo is here to help users avoid 404 pages, but they can still occur unexpectedly for a multitude of reasons… and sometimes you actually want them to happen. Thankfully with a custom 404 page you can do it with a smile. Because of this, we’ve added a “Match Not Found” option, so that if we receive a request on a hostname and we don’t find a matching URL redirect, you can control how urllo's redirector responds to the visitor. This can be to send them to a custom, branded 404 page or even a fallback URL redirect to a generic landing page like your homepage.

HSTS and HTTPS Security Enhancements

For our Business Plans and higher, we’ve given users the power to configure HTTP Strict Transport Security (HSTS) headers, such as a customizable max-age, includeSubDomains and preload, for even greater security control over your redirects. A best practice when enabling HSTS is to also enable HTTPS Upgrade. When this setting is enabled and we receive a HTTP (insecure) request on this hostname, we will first redirect to a HTTPS (secured) version of the URL on the same hostname before redirecting the visitor to the target URL you have configured. This ensures your visitors are guaranteed a secure connection every time.

Prevent Foreign Embedding and JavaScript

With this new security feature enabled, we will add several HTTP headers (X-Frame-Options, Content-Security-Policy and X-XSS-Protection) to all responses on the configured hostname in order to prevent foreign content from being embedded on your hostnames. This prevents what is commonly referred to as URL masking or URL cloaking and may help mitigate some cross-site-scripting and data injection attacks, further enhancing the security of your redirects. These headers are sometimes recommended by security audit services, so this feature will ensure your websites are compliant with those services.

It’s been a busy couple of months, but we’re excited to roll these changes out to enhance our user’s experiences and their confidence in our service. Stay tuned for more exciting announcements in the coming weeks!

Get expert content to help optimize your redirects