Home of the ColdFusion Community
September 06, 2008
For ColdFusion hosting try HostMySite.com. |
Home /
Groups /
ColdFusion Talk (CF-Talk)
CGI HTTP REFERER
Okay. I'm stumped. I had this whole lovely plan for something I'm workingCornillon, Matthieu 07/27/02 06:52 P The syntax on the first one is correct. Are you referencing it after a pageDouglas Brown 07/27/02 07:04 P I'm checking it in my Application.cfm. I want to see whether the pageCornillon, Matthieu 07/27/02 07:51 P Hmmmm not sure it will work in application.cfm due to that being the firstDouglas Brown 07/27/02 08:02 P Which web server and version of CF are running on this server? On my CF5/IIS5Jim McAtee 07/27/02 08:24 P Turn on "Debugging" on you development box. This should showJoe Eugene 07/27/02 08:30 P Some firewalls (such as Norton's - I know this from personal experience),mark brinkworth 07/27/02 11:12 P The correct spelling is the American spelling - i.e. cgi.http_referer evenMichael Kear 07/27/02 11:31 P I have always regarded the use of HTTP_Referer as a security measure to bemark brinkworth 07/28/02 12:03 A > A firewall would have to _strip_ the referer header fromDave Watts 07/28/02 05:58 P
Author: Cornillon, Matthieu
Okay. I'm stumped. I had this whole lovely plan for something I'm working on. It involved looking at the value of CGI.HTTP_REFERER. But that value isn't coming up on my radar. It doesn't matter what browser I use. It's just not there. I've tried different spellings (REFERRER, REFERER), looped through every variable available, put a reference without a variable scope prefix, everything. It just doesn't show up. I understand that the CGI variables returned are based on the server configuration. So I guess my entire pile of questions is: A) Am I doing something simple and obviously stupid? B) What would I have to do to my server to get it to return this variable: is it on the CFAS side, or on the HTTP-server-software side? Thanks for any help anyone can give. I need this blasted variable!! Matthieu
Author: Douglas Brown
The syntax on the first one is correct. Are you referencing it after a page request or form submittal? Douglas Brown Email: dbrown@socal.rr.com ----- Original Message ----- From: "Cornillon, Matthieu" <Matthieu.Cornillon@pfizer.com> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Saturday, July 27, 2002 3:49 PM Subject: CGI.HTTP_REFERER
Author: Cornillon, Matthieu
I'm checking it in my Application.cfm. I want to see whether the page before the current page is from my site or not. If not, I want to do something different. I am guessing that my company's firewall is set to block outgoing referer information from the browser. I am checking into this with my IT department. Thanks anyway, Matthieu The syntax on the first one is correct. Are you referencing it after a page request or form submittal? Douglas Brown Email: dbrown@socal.rr.com ----- Original Message ----- From: "Cornillon, Matthieu" <Matthieu.Cornillon@pfizer.com> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Saturday, July 27, 2002 3:49 PM Subject: CGI.HTTP_REFERER > Okay. I'm stumped. I had this whole lovely plan for something I'm working > on. It involved looking at the value of CGI.HTTP_REFERER. But that value > isn't coming up on my radar. It doesn't matter what browser I use. It's > just not there. I've tried different spellings (REFERRER, REFERER), looped
Author: Douglas Brown
Hmmmm not sure it will work in application.cfm due to that being the first file processed by CF. It needs to have a referring page, hence the name. Douglas Brown Email: dbrown@socal.rr.com ----- Original Message ----- From: "Cornillon, Matthieu" <Matthieu.Cornillon@pfizer.com> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Saturday, July 27, 2002 4:48 PM Subject: RE: CGI.HTTP_REFERER
Author: Jim McAtee
Which web server and version of CF are running on this server? On my CF5/IIS5 server, I always have the exact same set of CGI variable (including CGI.HTTP_REFERER), but some of them will sometimes have a zero length string as there value. A firewall would have to _strip_ the referer header from the HTTP request... a lot of work, and I can't imagine what additional security would be gained from doing this. Jim ----- Original Message ----- From: "Cornillon, Matthieu" <Matthieu.Cornillon@pfizer.com> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Saturday, July 27, 2002 4:49 PM Subject: CGI.HTTP_REFERER
Author: Joe Eugene
Turn on "Debugging" on you development box. This should show you all the values in the CGI scope. Joe Okay. I'm stumped. I had this whole lovely plan for something I'm working on. It involved looking at the value of CGI.HTTP_REFERER. But that value isn't coming up on my radar. It doesn't matter what browser I use. It's just not there. I've tried different spellings (REFERRER, REFERER), looped through every variable available, put a reference without a variable scope prefix, everything. It just doesn't show up. I understand that the CGI variables returned are based on the server configuration. So I guess my entire pile of questions is: A) Am I doing something simple and obviously stupid? B) What would I have to do to my server to get it to return this variable: is it on the CFAS side, or on the HTTP-server-software side? Thanks for any help anyone can give. I need this blasted variable!! Matthieu
Author: mark brinkworth
Some firewalls (such as Norton's - I know this from personal experience), block or change the http_referer that is sent from the browser to the server. In the case or Norton, it gets changed to http_weferer, and consists of a rather random looking alphabet soup. Cheers, Mark
Author: Michael Kear
The correct spelling is the American spelling - i.e. cgi.http_referer even though my outlook insists on arguing with me and changing it to referrer. But as you have discovered, not all browsers send the parameter, because the anti-spamming measures adopted by a lot of people block it. This hasn't been much of a worry until recently. But a site I'm working on has a rapidly increasing number of users with this problem, and I'm having to re-write a whole application which relied on http_referer to verify the user had access. Computers are increasingly being delivered to users with personal firewalls installed and that gives rise to the problem. IN short, if you're planning an application that's going to need http_referer, my advice is to re-think it! Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks Some firewalls (such as Norton's - I know this from personal experience), block or change the http_referer that is sent from the browser to the server. In the case or Norton, it gets changed to http_weferer, and consists of a rather random looking alphabet soup. Cheers, Mark
Author: mark brinkworth
I have always regarded the use of HTTP_Referer as a security measure to be rather poor, as it can easily be spoofed. So my sites don't rely on it, although occassionally they may use it to refine error messages. Cheers
Author: Dave Watts
> A firewall would have to _strip_ the referer header from > the HTTP request... a lot of work, and I can't imagine what > additional security would be gained from doing this. Imagine that you've got a relatively unsavory site with a bunch of links to less unsavory sites. You might not want to have the "good" site log the fact that you came from the "bad" site. A minor issue, but there are those concerned enough about their privacy to care about this. In any case, it's not a lot of work for a firewall to strip that one header. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444
|
Mailing Lists
|
Latest Fusion Authority Articles
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
