http-referer

Block user access to internals of a site using HTTP_REFERER

I have control over the HttpServer but not over the ApplicationServer or the Java Applications sitting there but I need to block direct access to certain pages on those applications. Precisely, I don't want users automating access to forms issuing direct GET/POST HTTP requests to the appropriate servlet. So, I decided to block users ba...

Determining Referer in PHP

What is the most reliable and secure way to determine what page either sent, or called (via AJAX), the current page. I don't want to use the $_SERVER['HTTP_REFERER'], because of the (lack of) reliability, and I need the page being called to only come from requests originating on my site. Edit: I am looking to verify that a script that ...

Which browsers/plugins block HttpReferer from being sent?

I am trying to interpret HttpReferer strings in our server logs. It seems like there is quite a high number of empty values. I am wondering how many of these empty values are due to direct hits from people entering our URL directly into a browser and how many might be due to some kind of blocking utility that prevents the Referer from b...

HTTP_REFERER substitute that IE 6 will provide?

So IE (6, at least) won't help me with $_SERVER["HTTP_REFERER"] that I request with PHP. But I'm new to Javascript and have just used a little routine in a pop-up to refresh the page from which the popup was called (i.e. parent). Works beautifully in FireFox, Safari, etc. There's NO security issue - I'd just like to the user loaded ...

Basic php form help - referer title

I now have it set up so that when people go to a "thank you" page after filling out a form, they go to a page that says: thanks for coming <a href="<?php echo $_SERVER['HTTP_REFERER'] ?>here's a link back to where you came from</a> What I want is for it to say: thanks for coming <a href="<?php echo $_SERVER['HTTP_REFERER'] ?>h...

Is this method good/secure enough for showing errors to users? - PHP

Hi I'm developing a website, and due to user-input or by other reason, I need to show some error messages. For this, I have a page named error.php, and I get the error number using $_GET. All error messages are stored in a array. Example: header( 'Location: error.php?n=11' ); But I don't want the users to the enter the error code in...

php/html - http_referer

Hi I am creating a website and on one particular page, am wanting to send the user back to the previous page. I am fairly new to PHP/HTML and have been using some existing code for ideas and help. The existing code uses the following method: if (! empty($HTTP_REFERER)) { header("Location: $HTTP_REFERER"); } else { header("Lo...

How do you spoof HTTP_REFERER?

I need to try and spoof the HTTP_REFERER passed my another page so that in the destination page, I can determine of the request is coming in from the "right" page and perform appropriate logic. How do I do that in JavaScript (AJAX)? Can I do that in ASP.Net? TIA rams ...

how should we validate http header referrer in aspx .net

I want to ensure ensure nothing untoward gets into the referrer on an error page. What should I be checking in order to validate the http header. below is my current code: // Ensure the referrer header is good if (this.Request.UrlReferrer.IsWellFormedOriginalString() && this.Request.UrlReferrer.Host.Equals(this.Request.Url.Host)) ...

PHP - Referer redirect script

Often, when searching for answers, I have found that certain websites will allow you to read the information they offer if the referer is, for example, google.com. Yet, if you link directly to the information, it will be unavailable. What I am looking for is the smallest PHP script that will set a referer of my choice, and a destination...

Where do i 'setcookie' to record http_referer in Drupal 6?

I've got my php working to set a cookie storing the http_referer the visitor came from, but how(or where) do i put this code in my Drupal theme/installation, to make it set cookie when a visitor first lands on my Drupal site? ...

in what situation does the HTTP_REFERER not work?

i have used the REFERER before in foo.php to decide whether the page iframing myself is of a particular URL. (using $_SERVER['HTTP_REFERER']) it turned out that most of the time, it worked (like 98%), but it also seemed like some users who didn't change their browser setting didn't have REFERER provided to foo.php and therefore broke t...

is it possible to know where the user is coming from when he uses the back button?

For example, if user goes to google -> example.com -> newwebsite.com If he goes back to example.com, the http-referrer page will still be google.com How can I detect that he went to newwebsite.com ...

Is it possible to capture search term from Google search?

This may be a stupid question, but is it possible to capture what a user typed into a Google search box, so that this can then be used to generate a dynamic page on the landing page on my Web site? For example, let's say someone searches Google for "hot dog", and my site comes up as one of the search result links. If the user clicks the...

What are the most common reasons for requests without referrer?

I have a service with a large share of requests with an empty value for HTTP_REFERER. I'd like to interpret this correctly and wonder about the most common reasons for that. I understand that HTTP_REFERER is an optional header field, but most browsers with default setting seem to send them. Common reasons I have found so far: proxie...

how to log which page was "not found"? (Trying custom error page with htaccess, php, http_referer)

Hi I was just wondering how to get the link of the webpage which was not found on my website. With following .htaccess code, when a non-existing page is requested, user is redirected to my_404.php. Options -Indexes ErrorDocument 404 http://mysite.com/my_404.php If I have to track down what was the link of the page, which was not ...

How can I append HTTP_REFERER to query string using htaccess?

In my .htaccess file I have a set of rules as follows: RewriteRule ^dir/page1$ /bleh/docs/?id=12 [L,QSA] RewriteRule ^dir/page2$ /bleh/docs/?id=13 [L,QSA] RewriteRule ^dir/page3$ /bleh/docs/?id=14 [L,QSA] Sometimes one of these rules may be accessed via a redirect from another site (referer). I would like to be able to append the refe...

AJAX modal dialog, fire onload if referer == <whatever>

Hi folks, I'm trying to change my index.html to show a modal window if the referer to my site == (eg, if they come from Google, show a "Welcome Googler" dialog box with an image inside of it). I'm using FancyBox, but I'm not married to it. Any suggestions on how to code it? I'm a C++ programmer -- Javascript isn't my forte, so strai...

Sending refer(r)er though it's turned off in the browser?

Hello everyone, I was wondering if there was a way to send a referer with a http-request though it is turned of in the browser (e.g. with javascript)? The problem I have when the referrer is not sent: I am trying to minimize the changes of attacks, so whenever a page is loaded I am changing the sessionkey ... the sessionid stays the s...

PHP HTTP_REFERRER - how to detect last page?

Hiya, I need to detect where the user has just clicked from - as my AJAX content needs to be displayed differently depending on the source page it is to be inserted into. If it's to go into about.php it needs to be data only, but if it's to go into about-main.php it needs to be the whole middle column so needs a header/footer wrapper...