Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

http refer?

Options
  • 01-05-2001 12:15am
    #1
    Hecate
    Registered Users Posts: 2,518 ✭✭✭


    I need to put some security on a directory whereby people can only get to it by clicking on a link in a certain page, not typing it in on the browser's address bar. Now I know there is a way to do this using a one of the variables in the apache web server, i think it's http_refer or httpreferer (or somthing along those lines), anyone got the exact variable? smile.gif


Comments

  • Options
    #2
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    That variable is under the control of the user, and therefore offers no security advantage.

    One possible solution would be to set a variable when the first page is called (assuming you are using something session aware such as php, asp, jsp, servlets etc) and check that the variable has been set before displaying the second page. Such sessions are vulnerable to hijacking, but you can probably eliminate this risk with ssl if you have the option to use it.

    [This message has been edited by X_OR (edited 01-05-2001).]


  • Options
    #3
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    HTTP_REFERER


  • Options
    #4
    Hecate
    Registered Users Posts: 2,518 ✭✭✭Hecate


    yeah its an apache/freebsd job with php4 installed (thats what i was going to use)

    now .htaccess seems to be disabled for some reason so this is my only option but it's nothing too sensitive or important, just experimenting really.


Advertisement