Ephemerurls are ephemeral redirection URLs, which only function for a limited period of time. Until the configured time, an ephemerurl 307 redirects to the original URL; after expiration, it's 410 GONE.
Why? Because users of the Web should have soft limits on sharing as well as hard security restrictions, and ephemerality of URLs is one such step. More specifically, if I want to point people to something that's in progress and not to be made publicly accessible, an ephemerurl can be archived in mailing lists or chat logs, or re-shared via email, without extending access forever.
How To Use
- Go to a URL at
- Add "/until6pm" between the domain and the rest of the URL, e.g.
- Get the provided
/u/URL and share it with your friends -- it'll only work until the specified time.
How To Install
- Place the
ephemerurldirectory on your web server.
- Create a sqlite database
urls.dbwith a single table
Urlmaps, with three text columns (
- Configure a
.htaccessfile to direct all
- Optional: add
ephemerurl.js(or similar) to target pages, to tell users who arrive via this redirection to share the ephemerurl.
- create standalone .sql file to create the sqlite database
I couldn't successfully execute a trivial XSS attack, but I would welcome reports that such attacks are possible or recommendations for code to give stronger assurances that they aren't possible. Proof of concepts are great, but please don't intentionally do harm to users.
There's no app-level protection against denial of service (e.g. authentication or rate-limiting), an attacker could use up all the nice short URLs or create collisions.