Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

http refer?

  • 30-04-2001 11:15PM
    #1
    Hecate
    Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭


    I need to put some security on a directory whereby people can only get to it by clicking on a link in a certain page, not typing it in on the browser's address bar. Now I know there is a way to do this using a one of the variables in the apache web server, i think it's http_refer or httpreferer (or somthing along those lines), anyone got the exact variable? smile.gif


Comments

  • #2
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    That variable is under the control of the user, and therefore offers no security advantage.

    One possible solution would be to set a variable when the first page is called (assuming you are using something session aware such as php, asp, jsp, servlets etc) and check that the variable has been set before displaying the second page. Such sessions are vulnerable to hijacking, but you can probably eliminate this risk with ssl if you have the option to use it.

    [This message has been edited by X_OR (edited 01-05-2001).]


  • #3
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    HTTP_REFERER


  • #4
    Hecate
    Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭Hecate


    yeah its an apache/freebsd job with php4 installed (thats what i was going to use)

    now .htaccess seems to be disabled for some reason so this is my only option but it's nothing too sensitive or important, just experimenting really.


Advertisement