views:

693

answers:

2

I want to ensure ensure nothing untoward gets into the referrer on an error page.

What should I be checking in order to validate the http header.

below is my current code:

// Ensure the referrer header is good
if (this.Request.UrlReferrer.IsWellFormedOriginalString() &&
    this.Request.UrlReferrer.Host.Equals(this.Request.Url.Host))
{

this will fail an acunetix scan that uses %3C and %3E instead of < and > for example so I obviously need to cover html encoding - is there anything else I am missing?

Update I can catch all the acunetix scans using the code below:

if (this.Request.UrlReferrer.IsWellFormedOriginalString() &&
    this.Request.UrlReferrer.Host.Equals(this.Request.Url.Host) &&
    !Regex.IsMatch(this.Request.UrlReferrer.ToString(),
                   "%3C",
                   RegexOptions.IgnoreCase))
{
A: 

this.Request.UrlReferrer may be null, if no referrer was provided or has participated.

Program.X
true - i haven't included the full code here but i do check for null before i reach the code above
dice
+1  A: 

I want to ensure ensure nothing untoward gets into the referrer on an error page.

Then always HTML-escape any string — including referrer URLs — that you output to the error page.

Trying to pick out and blacklist input containing potentially dangerous characters on a case-by-case basis is doing it backwards. You probably won't catch all possible attacks, and you'll unnecessarily disallow valid URLs. (It's perfectly reasonable to have a URL with ‘%3C’ in.)

bobince