I want to ensure ensure nothing untoward gets into the referrer on an error page.
What should I be checking in order to validate the http header.
below is my current code:
// Ensure the referrer header is good
if (this.Request.UrlReferrer.IsWellFormedOriginalString() &&
this.Request.UrlReferrer.Host.Equals(this.Request.Url.Host))
{
this will fail an acunetix scan that uses %3C and %3E instead of < and > for example so I obviously need to cover html encoding - is there anything else I am missing?
Update I can catch all the acunetix scans using the code below:
if (this.Request.UrlReferrer.IsWellFormedOriginalString() &&
this.Request.UrlReferrer.Host.Equals(this.Request.Url.Host) &&
!Regex.IsMatch(this.Request.UrlReferrer.ToString(),
"%3C",
RegexOptions.IgnoreCase))
{