I'm struggling to grok what the use case is for IP allowlists, passwords, or expiry on shortlinks. Presumably if you need the content that's being referenced to be restricted to only specific people, you'd need to do that at the layer the content is being served?
If you apply the restrictions to the shortlink, they're lost the moment the first person bookmarks the resulting page.
The goal with REDR isn't to replace content-layer security but add a flexible, lightweight access layer at the link layer.
It adds a lighweight, link-level control layer for cases where you can't modify the target app or file. For example, you can password protect or set IP limits on shared dashboards, third-party docs or demo links - even if the destination itself does not support access control. It's basically a flexible security and tracking wrapper around any URL. This can help in a few key cases:
- Sharing sensitive internal resources where you do not control the hosting layer
- Setting temporary or expiring links for contractors, demos or limited-access content.
- Enforcing IP or Password restrictions on public or third party URLs without touching the underlying infrastructure.
IN short, REDR lets you apply access control on any link, even when you don't own the backend.
I'm struggling to grok what the use case is for IP allowlists, passwords, or expiry on shortlinks. Presumably if you need the content that's being referenced to be restricted to only specific people, you'd need to do that at the layer the content is being served?
If you apply the restrictions to the shortlink, they're lost the moment the first person bookmarks the resulting page.
The goal with REDR isn't to replace content-layer security but add a flexible, lightweight access layer at the link layer.
It adds a lighweight, link-level control layer for cases where you can't modify the target app or file. For example, you can password protect or set IP limits on shared dashboards, third-party docs or demo links - even if the destination itself does not support access control. It's basically a flexible security and tracking wrapper around any URL. This can help in a few key cases:
- Sharing sensitive internal resources where you do not control the hosting layer - Setting temporary or expiring links for contractors, demos or limited-access content. - Enforcing IP or Password restrictions on public or third party URLs without touching the underlying infrastructure.
IN short, REDR lets you apply access control on any link, even when you don't own the backend.
Except it doesn’t because anybody who follows the redirect gets a link that keeps working without any access controls.
It doesn’t matter if my IP changes once I have the backing URL