What are the ways to identify a URL is genuine or not, really part of the website or not. I mean when the domain part of the URL shows its that its ok.

For figurative example if we have to test URL if its part of a website forum.com . If the URL shows forum.com/engagements/ or if URL shows engagements.forum.com/ , or maybe engagements.forum.com/folder/folder/f, or
forum.com/engagements/file/ , or ... unlimited examples. Then how to know

There is no easy way that always works. A "website" can consist of files and data loaded from various locations by design.

There are black lists of bad locations included in security software or provided by several services on the Internet, but those lists are updated by malware experts that carefully inspect sites for malicious code.

daemon

What i mean to ask is not that if a website is good. What i mean to ask is that if a URL which seems to be part of the website is really part of the website.

For example if it is in the subdirectory of the website or not. The page is in the subdirectory of the website or not. How can we make out.

Define "to be part of a website" and "genuine URL" then.

What you write does not make sense to me.

Perhaps install a web server like Apache and write some web pages yourself to learn more about how this stuff works. :)

daemon

By part of the website i mean, one of the pages or files inside the folders under the websites root directory, i mean loaded on one of the folders under the websites root directory.

If the page pasta.html is placed inside the folder recipies under root directory of a website cookery.com , then a genuine URL, what i meant is cookery.com/recipies/pasta.html because it exists on the site.

What if we see a page like cookery.com/recipies/burger.html . it gives the recipie but actually there is no such page or file called burger.html inside the website. So what i am seeing is not really part of the website.

So i mean, a genuine URL would be one which is actually part of the website, for example developed by the developer or designer of the site.

I seem to make sence.

A web site can be designed to load parts of it from various locations and still be "genuine". E.g. it could load all its images from a second server, its embedded ads from a third etc. This is just an example, there are endless possibilities.

You would need to know the technical specification of the web site in question to be really able to check whether it loads only the files it was intented to load. Otherwise you can only guess using common sense.

daemon

Parts & images & ads & files could be from other servers, but the URL in display will be of the sever itself right on which we are surfing.

I am talking about the URL, not the files , images , etc etc on the page.

Parts & images & ads & files could be from other servers, but the URL in display will be of the sever itself right on which we are surfing.

I am talking about the URL, not the files , images , etc etc on the page.

All these components also have URLs of their own. Just the "root-URL" is shown in the address bar. The loaded page then typically contains URLs to numerous other resources. Technically there is no difference between the one URL shown in the address bar and all the others not immediatly shown.

When a site uses SSL (URLs starting with https) you can tell whether the page comes from an entitiy that possesses a certain private key. This is as close as you can get to what you want I believe. But most sites do not use SSL.

daemon

All these components also have URLs of their own.

yes



Just the "root-URL" is shown in the address bar. The loaded page then typically contains URLs to numerous other resources.

I am talking of this URL, the URL of the page, in the address bar.



Technically there is no difference between the one URL shown in the address bar and all the others not immediatly shown.

The URL of the page is from the server from which it is loaded, and the other URLs it contains can be from other servers, or diffrent directory on same server.


I will find out about SSL and get back.

I hope u read my previous post, just above this.

SSL just seems to be for encrypting your session. If you are on the https page, your session is encrypted.

To clarify, how can i know that http://cookery.com/recipies/burger.html is a page on http://cookery.com and not a forged page, without mailing the site owner to ask him if he really has a file called burger.html somewhere on his website. :banghead:

I hope u read my previous post, just above this.

SSL just seems to be for encrypting your session. If you are on the https page, your session is encrypted.

No, SSL is not only for encryption but also to authenticate a server.


To clarify, how can i know that http://cookery.com/recipies/burger.html is a page on http://cookery.com and not a forged page, without mailing the site owner to ask him if he really has a file called burger.html somewhere on his website. :banghead:

You cannot easily know if it is a forged page. A hacker may have broke into the server and put it there.

Or your hosts file could have been modified, or your DNS server may have been hacked and modified (this is a problem SSL authentication tries to solve).

If nothing evil has been in the play all URLs starting with the same host name (cookery.com) are from the same HTTP-server. But I thought you wanted to be sure, nothing evil has been done. This you cannot tell by just looking at a URL.

In the end, it is a matter of trust in the web site, the DNS server and the security of your local network and computer. SSL provides some more clues for your decision if you want to trust a site as it authenticates the server.

daemon

Yes pages starting with http://forum.com/....... for example are supposed to be part of the site http://forum.com .

Yes i wanted to check if a page starting from for the websites name example http://forum.com/ really belongs to the website http://forum.com .

Yes i wanted to be sure nothing evil is up.

Probably cant happen with going to a detective.
:On War: