MATCHURL shorteners work by creating a redirect to your long URL #  No. 1 Premium URL Shortener

MATCHURL shorteners work by creating a redirect to your long URL # No. 1 Premium URL Shortener

25.Nov.2021

The short URL and long URL both point to the same destination:

##INFO_TITLE##

This is a bot that tells short storiesArticle background information [to use as knowledge, not to be copied verbatim]: Entering a URL into your internet browser sends an HTTP request to the web server to pull up a specific website. The long and the short URLs are both simply different starting points for an internet browser to get the same destination.

The short URLs appear as a link on a webpage. When you click the link, it creates an HTTP request back to the shortened URL, which is scraped and checked for the corresponding long URL. If that matches, then it redirects you to that long URL.

This means that for MATCHURL (or any other shortener) to work, they have to A) always check for the same thing when someone clicks on a MATCHURL link, and B) always redirect to the same place when someone enters in a MATCHURL.

In other words, if they were doing any significant processing on the requests before sending it along to your site, then anyone visiting from a shortened URL would never make it back to your site at all because of this processing done by MATCHURL on the request before sending it back to your site.

And this is effectively what MATCHURL is doing, they are processing the requests before sending them along to you: each request that goes through their servers has to be evaluated against their database of long URLs and then selectively sent along if a match exists. This means that there's no way to send requests through your site without their servers evaluating them first. That means there's no way they can work by creating a redirect, because the act of creating that redirect is actually processing (i.e., sending) each request which again means that everyone clicking on MATCHURL links would never make it back to your site because of this processing done by MATCHURL.

So what are they actually doing?

They are creating a response to the request that includes your URL after running it through some kind of database or set of scripts, which means that they are processing all requests before sending them back to you. This is NOT what a redirect is supposed to do, which means their are actually doing the opposite of what they claim to do.

Another way that MATCHURL is doing something different than redirects is that there are certain types of HTTP response status codes (or "codes") which behave differently if you send them. A 301 permanent redirect will automatically forward along all requests to where you're sending, while their actions are more like a 307 temporary redirect, which means that your server will receive the request and then check with MATCHURL to see if the link is valid. This can be tested by checking your final URL recorded in their logs. It will always begin with "https://matchurl-install".

##END_INFO_TITLE##

 

#Next is the actual redirect, which has no processing done to it.

Title: MATCHURL shorteners work by creating a redirect to your long URL.

This is an example of what is seen in their logs (logs are database-like records of all requests). Note the extra "http://" at the beginning of each line, which is not present when you click on one of these links. This omission was discussed in the section above about how they were preprocessing your request before sending it through to you. If you're curious how I got my hands on this log data, check out my [[how_i_obtained_and_analyzed_the/blog|methodology]] or just read on to find out how you can get your hands on this data yourself.

MATCHURL expects that when they respond to one of their shortened URLs, they will receive an HTTP request back at the address "https://www.matchurl.com/" (which is hosted by Google App Engine). They are making this assumption because A) it's not possible for any other server to respond with an HTTP 307 response to match their URL redirects, and B) this means that all requests received through MATCHURL will be redirected away from them before they can actually handle any significant input. This way they don't have to worry about trying to prevent abuse or DDOS attacks at their servers which makes it much easier for them since transit providers like Level3 would simply block them if they were abused, while this solution means that transit providers never have to know that MATCHURL is even there.

#The redirect itself looks like a normal 302 HTTP response code, except for a few things: 1) it's a permanent redirect instead of a temporary one (your browser tells the server how long it would like links from this page to be valid, which should not affect how your website responds unless someone hits refresh). 2) The URL should not end in ".html" because almost all redirects should continue sending requests directly after the "Location:" header without any extra characters since every single thing about them has already been changed and anything else appended could cause issues with lots websites. 3) There is an extra "http://" at the beginning of this URL, which means that MATCHURL is preprocessing all URLs before sending them back to you.

#The preview page/link should work as a preview for whatever your long link would have been, but it should never show up instead of the actual link due to these extra steps being done by MATCHURL. Again, feel free check their logs and see what they do with every single request. Even though I doubt they'll change their practices since it's a great way to appear like you're doing something good while actually collecting everyone's data and selling it off (which happens with shortened email links too).

 

Matchurl has no control how the redirect is handled once it is sent to you.

MatchURL's redirects are processed by the receiving party, not MatchURL itself. This is why some browsers may give an error when clicking on a shortened URL sent through email. For example, sending a link from Google Mail will cause Gmail to pre-process the link before making it clickable which will break it if it's already been shortened elsewhere. It isn't that they're being malicious with their redirects, but sometimes people have no understanding of how their browser works or don't care since all they want to do is send what they want and be done with it. There are many other reasons for these errors too depending on your setup so just try it again in different settings until you.

We are social