referer throwing Internal Server Error

2006-03-13 Thread David Gilden 
Greetings from Cow Tow!

Here is my little script and it throwing a Internal Server Error

#!/usr/bin/perl 

use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser);
use POSIX 'strftime';
use strict;

my $referer = referer; 

if ($referer !~ m|^https?://www\.coraconnection\.com|i) {
print "Your not authorized: Bad Referer: $referer \n";
} else {
print "all cool: $referer \n";
}


I can not figure out what is wrong here
and how secure is this, can it be spoofed easily??
Thanks.


Dave Gilden
(kora musician / audiophile / webmaster @ www.coraconnection.com  / Ft. Worth, 
TX, USA)

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: referer throwing Internal Server Error

2006-03-13 Thread Sara 

#!/usr/bin/perl

use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser);
use POSIX 'strftime';
use strict;
use warnings;

my $q = new CGI;

my $referer = $ENV{'HTTP_REFERER'} || 'foo.com';

print $q->header();

if ($referer !~ m|^https?://www\.coraconnection\.com|i) {
print "Your not authorized: Bad Referer: $referer \n";
} else {
print "all cool: $referer \n";
}



Sara.

- Original Message - 
From: "David Gilden" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, March 14, 2006 6:30 AM
Subject: referer throwing Internal Server Error


Greetings from Cow Tow!

Here is my little script and it throwing a Internal Server Error

#!/usr/bin/perl

use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser);
use POSIX 'strftime';
use strict;

my $referer = referer;

   if ($referer !~ m|^https?://www\.coraconnection\.com|i) {
   print "Your not authorized: Bad Referer: $referer \n";
   } else {
   print "all cool: $referer \n";
}


I can not figure out what is wrong here
and how secure is this, can it be spoofed easily??
Thanks.


Dave Gilden
(kora musician / audiophile / webmaster @ www.coraconnection.com  / Ft. 
Worth, TX, USA)


--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>



--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: referer throwing Internal Server Error

2006-03-13 Thread David Dorward 
On Mon, Mar 13, 2006 at 07:30:45PM -0600, David Gilden wrote:
> Here is my little script and it throwing a Internal Server Error

Try running it from the command line:

Software error:
Missing right curly or square bracket at - line 13, at end of line
syntax error at - line 13, at EOF
Execution of - aborted due to compilation errors.


> I can not figure out what is wrong here
> and how secure is this, can it be spoofed easily??

The referer header is optional and very easily spoofed.

e.g. (if you have LWP installed)

GET -H'Referer: http://another.example.net' http://www.example.com/

-- 
David Dorward  http://dorward.me.uk


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]