What could be the point at the end of a domain name?
There is such a thing as a root domain , respectively, at the end of each domain there is a dot. Perhaps you do not suspect that your site is accessible by a domain name with a dot at the end (domain.zone.), Since browsers allow you to access sites with or without a dot at the end of the domain.
Here you can read more about the full and relative domain names.
If you do not take into account the fact that a user can accidentally enter a domain name with a dot at the end or follow a link from a "well-wisher" and get to the domain name of your site with a dot at the end, there is a possibility of the following unforeseen situations:
1) If the website is running on HTTPS, when accessing a domain name with a dot at the end, the browser will issue a warning about an untrusted connection, which the user will be somewhat surprised.
2) Authorization may not work, as A cookie is most often placed on a domain name without a dot at the end. In this case, the user will be perplexed for a long time why he cannot log in. It is noteworthy that if you install a cookie on a domain name with a dot at the end, it will NOT be transferred to a domain name without a dot at the end and vice versa.
3) JavaScript may break on the page if the probability of accessing the site by the domain name with a dot at the end is not taken into account, which is unacceptable for solid resources.
4) There may be problems with caching the site’s pages (for example, the same www.cloudflare.com just doesn’t allow you to clear the cache of individual pages with a dot at the end, indicating that the domain name is incorrect).
5) If you rely on a specific domain name ( % {HTTP_HOST} in Apache, $ http_host in Nginx) without conditions at the end in the configuration of the web server , a variety of unexpected situations can occur: unexpected redirects, miracles with basic authorization and etc.
6) If the web server is not configured to serve a domain name with a dot at the end, the user, accidentally typing a dot at the end of the domain, will see something like: Bad Request - Invalid Hostname.
7) Theoretically, search engines can consider that there is duplication of content on your resource if someone accidentally or intentionally places links to pages on your site with a dot at the end of the domain name (if you have information about whether domain search engines perceive domain. zone and domain.zone. as one domain - welcome to comments on the topic).
A redirect from a domain name with a dot to a domain name without a dot will allow you to avoid some of the above problems:
Apache (.htaccess)
Nginx (nginx.conf)
IIS (web.config)
Facebook
https://www.facebook.com.
Redirects to www.facebook.com (after agreement with an untrusted connection warning).
Megaupload
https://mega.co.nz./#login
Authorization successfully works, but after switching to a domain without a dot at the end of https://mega.co.nz , the user is considered unauthorized.
Stack Overflow
http://stackoverflow.com.
Bad Request - Invalid Hostname
HTTP Error 400. The request hostname is invalid.
GitHub
https://github.com./login
Authorization does not work.
Twitter
https://twitter.com.
404 - Page not found.
Yahoo
https://login.yahoo.com.
Authorization does not work.
Wikipedia
http://en.wikipedia.org./w/index.php?title=Special:UserLogin
Authorization does not work.
MSN
http://msn.com.
Bad Request - Invalid Hostname
HTTP Error 400. The request hostname is invalid.
Microsoft
http://microsoft.com.
Bad Request - Invalid Hostname
HTTP Error 400. The request hostname is invalid.
eBay
https://signin.ebay.com./ws/eBayISAPI.dll?SellItem
Authorization successfully fulfills.
Tumblr
http://www.tumblr.com.
Not found.
Flickr
http://www.flickr.com.
Sorry, Flickr does not allow embedding in iframes.
Dropbox
www.dropbox.com./login
Error (403) It seems you were trying to do something strange. Are you logged in to another Dropbox account in the next window?
VK
http://vk.com.
Authorization does not work.
JavaScript error: "NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN: Illegal document.domain value" vk.com. (line 41)
Alexa
https://www.alexa.com.
Redirects to www.alexa.com
Yandex-Mail
https://mail.yandex.ru.
Authorization successfully fulfills and a redirect occurs to mail.yandex.ru/neo2/#inbox
Yandex Search
www.yandex.ru .
JavaScript error: "NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN: Illegal document.domain value" www.yandex.ru. (line 5)
Habrahabr
http://habrahabr.ru./login/
Authorization does not work.
Mail.ru
http://mail.ru.
Redirect to mail.ru is configured
https://e.mail.ru./cgi-bin/login
Authorization does not work.
UPD:
1) In Nginx, you cannot configure a virtual server by specifying a fully-qualified domain name as server_name ( # comment_6011533 ):
Here you can read more about the full and relative domain names.
Possible problems
If you do not take into account the fact that a user can accidentally enter a domain name with a dot at the end or follow a link from a "well-wisher" and get to the domain name of your site with a dot at the end, there is a possibility of the following unforeseen situations:
1) If the website is running on HTTPS, when accessing a domain name with a dot at the end, the browser will issue a warning about an untrusted connection, which the user will be somewhat surprised.
2) Authorization may not work, as A cookie is most often placed on a domain name without a dot at the end. In this case, the user will be perplexed for a long time why he cannot log in. It is noteworthy that if you install a cookie on a domain name with a dot at the end, it will NOT be transferred to a domain name without a dot at the end and vice versa.
3) JavaScript may break on the page if the probability of accessing the site by the domain name with a dot at the end is not taken into account, which is unacceptable for solid resources.
4) There may be problems with caching the site’s pages (for example, the same www.cloudflare.com just doesn’t allow you to clear the cache of individual pages with a dot at the end, indicating that the domain name is incorrect).
5) If you rely on a specific domain name ( % {HTTP_HOST} in Apache, $ http_host in Nginx) without conditions at the end in the configuration of the web server , a variety of unexpected situations can occur: unexpected redirects, miracles with basic authorization and etc.
6) If the web server is not configured to serve a domain name with a dot at the end, the user, accidentally typing a dot at the end of the domain, will see something like: Bad Request - Invalid Hostname.
7) Theoretically, search engines can consider that there is duplication of content on your resource if someone accidentally or intentionally places links to pages on your site with a dot at the end of the domain name (if you have information about whether domain search engines perceive domain. zone and domain.zone. as one domain - welcome to comments on the topic).
Decision
A redirect from a domain name with a dot to a domain name without a dot will allow you to avoid some of the above problems:
Apache (.htaccess)
RewriteCond %{HTTP_HOST} !^domain\.zone$
RewriteRule ^(.*)$ http://domain.zone/$1 [L,R=301]
Nginx (nginx.conf)
if ($http_host != 'domain.zone') {
return 301 http://domain.zone$request_uri;
}
IIS (web.config)
Reconnaissance in battle
https://www.facebook.com.
Redirects to www.facebook.com (after agreement with an untrusted connection warning).
Megaupload
https://mega.co.nz./#login
Authorization successfully works, but after switching to a domain without a dot at the end of https://mega.co.nz , the user is considered unauthorized.
Stack Overflow
http://stackoverflow.com.
Bad Request - Invalid Hostname
HTTP Error 400. The request hostname is invalid.
GitHub
https://github.com./login
Authorization does not work.
https://twitter.com.
404 - Page not found.
Yahoo
https://login.yahoo.com.
Authorization does not work.
Wikipedia
http://en.wikipedia.org./w/index.php?title=Special:UserLogin
Authorization does not work.
MSN
http://msn.com.
Bad Request - Invalid Hostname
HTTP Error 400. The request hostname is invalid.
Microsoft
http://microsoft.com.
Bad Request - Invalid Hostname
HTTP Error 400. The request hostname is invalid.
eBay
https://signin.ebay.com./ws/eBayISAPI.dll?SellItem
Authorization successfully fulfills.
Tumblr
http://www.tumblr.com.
Not found.
Flickr
http://www.flickr.com.
Sorry, Flickr does not allow embedding in iframes.
Dropbox
www.dropbox.com./login
Error (403) It seems you were trying to do something strange. Are you logged in to another Dropbox account in the next window?
VK
http://vk.com.
Authorization does not work.
JavaScript error: "NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN: Illegal document.domain value" vk.com. (line 41)
Alexa
https://www.alexa.com.
Redirects to www.alexa.com
Yandex-Mail
https://mail.yandex.ru.
Authorization successfully fulfills and a redirect occurs to mail.yandex.ru/neo2/#inbox
Yandex Search
www.yandex.ru .
JavaScript error: "NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN: Illegal document.domain value" www.yandex.ru. (line 5)
Habrahabr
http://habrahabr.ru./login/
Authorization does not work.
Mail.ru
http://mail.ru.
Redirect to mail.ru is configured
https://e.mail.ru./cgi-bin/login
Authorization does not work.
UPD:
1) In Nginx, you cannot configure a virtual server by specifying a fully-qualified domain name as server_name ( # comment_6011533 ):
server {
server_name domain.zone. ;
...
}
Only registered users can participate in the survey. Please come in.
What do you do with a dot at the end of your resource domains?
- 45% I don’t plan to do anything 1511
- 43.3% Just found out that this is possible, I plan to do 1454
- 9.4% Redirect to a domain without a dot at the end of 318
- 2.2% I give 404 error "Page not found" 74