WebApp Sec mailing list archives
Re: HTTP REFERER not set in Internet Explorer
From: Saqib Ali <docbook.xml () gmail com>
Date: Thu, 17 Nov 2005 08:05:38 -0800
Hello All, Thank ya all for the responses. I am aware that the HTTP_REFERER can be easily forged. However I am using it in a context which makes it somewhat useful. Our application is NOT completely dependent on the HTTP_REFERER for security, there are other mechanisms involved as well. I am using HTTP_REFERER to: 1) Track users on the website. And use it to optimize the layout of the site. 2) Prevent direct linking to some of our web pages. Anti-leeching??? I know this can be forged, but I think it will prevent newbie webmasters from direct linking. The following are solution that were proposed. Thanks :) They are very helpful. ------------ Solution 1 ------------------ <script language="JavaScript"><!-- function goto_url() { // This JavaScript function, generate confirmation message for the license to be deleted. if (userPressesYes()) { return true; } else { return false; } } </script> <body> <a href="referer_test.php?action=output" onClick="return goto_url();">Click Here</a>; ------------------------------------------ -------------Solution 2 ------------------ location.href = 'script.php?href=' + escape( location.href ); ------------------------------------------ In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Re: HTTP REFERER not set in Internet Explorer, (continued)
- Re: HTTP REFERER not set in Internet Explorer Todd Hendricks (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Dean H. Saxe (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Greg Skouby (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Richard M. Smith (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Amichai Shulman (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Jeff Robertson (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Einecker, Leah (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Ory Segal (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 18)
- RE: HTTP REFERER not set in Internet Explorer drm (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
- Re: Re: HTTP REFERER not set in Internet Explorer mike (Nov 18)
- Re: Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 21)