Re: Bad referrer!
Some computers have special security settings to hide the refferer, you need
to find a way to disable the security setting.
Sara [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
There was a script which people were using remotely, so I have to add this
simple subroutine
to check referrers. Currently, the site is getting approx. 20,000 hits per
day.
NO one, not even a single person claimed that they have experienced any
problem after
implementing this change, except for the owner of the site. I am webmaster
for the site.
And now she is pushing to undo this change immediately because she is
constantly
getting error(bad_referrer) and unable to use this script and we both
know
she is the only one
experiencing this problem.
Is there something wrong below? If yes, then why others are not getting
any
bad referrer error.
If no, what could be the possible reasons that owner is the only person
getting bad referrer error?
TIA,
Sara.
@referers = ('http://www.foo.com', 'http://foo.com');
sub check_url {
local($check_referer) = 0;
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
$check_referer = 1;
last;
}
}
}
if ($check_referer != 1) { error('bad_referer') }
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
What are you *really* trying to do? If you are trying to add a security
mechanism to a set of scripts this is definitely NOT the way to do it.
Yep, I want to add the security mechanism and want to protect my work from
the vultures who
are eating up my band width.
Can you please steer me in the right direction?
Thanks for your help.
Sara.
- Original Message -
From: Wiggins d'Anconia [EMAIL PROTECTED]
To: Sara [EMAIL PROTECTED]; beginperl [EMAIL PROTECTED]
Sent: Sunday, December 07, 2003 3:20 AM
Subject: Re: Bad referrer!
Sara wrote:
There was a script which people were using remotely, so I have to add
this
simple subroutine
to check referrers. Currently, the site is getting approx. 20,000 hits
per
day.
I don't think you are using the correct ENV variable. The referer tells
you what page the user was linking from when they made the submission,
which among other things is very spoofable so really shouldn't be used
for much of anything, especially supposed security. It can allow you
assuming someone isn't messing with you to track a users path through a
site, etc. but beyond that is pretty much worthless.
NO one, not even a single person claimed that they have experienced any
problem after
implementing this change, except for the owner of the site. I am
webmaster
for the site.
And now she is pushing to undo this change immediately because she is
constantly
getting error(bad_referrer) and unable to use this script and we both
know
she is the only one
experiencing this problem.
Sounds like it is bookmarked or she is typing it in directly in
whichcase there will be no referer (at least for most clients (browsers)).
Is there something wrong below? If yes, then why others are not getting
any
bad referrer error.
If no, what could be the possible reasons that owner is the only person
getting bad referrer error?
What are you *really* trying to do? If you are trying to add a security
mechanism to a set of scripts this is definitely NOT the way to do it.
TIA,
Sara.
@referers = ('http://www.foo.com', 'http://foo.com');
The above is not scoped, which means you are still not using 'strict'
and 'warnings' which you have been warned of.
sub check_url {
local($check_referer) = 0;
This is a misuse of 'local'.
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
$check_referer = 1;
last;
}
}
}
if ($check_referer != 1) { error('bad_referer') }
}
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Bad referrer!
There was a script which people were using remotely, so I have to add this
simple subroutine
to check referrers. Currently, the site is getting approx. 20,000 hits per
day.
NO one, not even a single person claimed that they have experienced any
problem after
implementing this change, except for the owner of the site. I am webmaster
for the site.
And now she is pushing to undo this change immediately because she is
constantly
getting error(bad_referrer) and unable to use this script and we both know
she is the only one
experiencing this problem.
Is there something wrong below? If yes, then why others are not getting any
bad referrer error.
If no, what could be the possible reasons that owner is the only person
getting bad referrer error?
TIA,
Sara.
@referers = ('http://www.foo.com', 'http://foo.com');
sub check_url {
local($check_referer) = 0;
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
$check_referer = 1;
last;
}
}
}
if ($check_referer != 1) { error('bad_referer') }
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
Sara wrote:
There was a script which people were using remotely, so I have to add this
simple subroutine
to check referrers. Currently, the site is getting approx. 20,000 hits per
day.
NO one, not even a single person claimed that they have experienced any
problem after
implementing this change, except for the owner of the site. I am webmaster
for the site.
And now she is pushing to undo this change immediately because she is
constantly
getting error(bad_referrer) and unable to use this script and we both know
she is the only one
experiencing this problem.
Is there something wrong below? If yes, then why others are not getting any
bad referrer error.
If no, what could be the possible reasons that owner is the only person
getting bad referrer error?
TIA,
Sara.
@referers = ('http://www.foo.com', 'http://foo.com');
sub check_url {
local($check_referer) = 0;
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
$check_referer = 1;
last;
}
}
}
if ($check_referer != 1) { error('bad_referer') }
}
Is the owner of the site perhaps accessing the site via an internal IP address or an
internal hostname instead of the visible outside hostname?
--
Andrew Gaffney
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
Sara wrote:
There was a script which people were using remotely, so I have to add this
simple subroutine
to check referrers. Currently, the site is getting approx. 20,000 hits per
day.
I don't think you are using the correct ENV variable. The referer tells
you what page the user was linking from when they made the submission,
which among other things is very spoofable so really shouldn't be used
for much of anything, especially supposed security. It can allow you
assuming someone isn't messing with you to track a users path through a
site, etc. but beyond that is pretty much worthless.
NO one, not even a single person claimed that they have experienced any
problem after
implementing this change, except for the owner of the site. I am webmaster
for the site.
And now she is pushing to undo this change immediately because she is
constantly
getting error(bad_referrer) and unable to use this script and we both know
she is the only one
experiencing this problem.
Sounds like it is bookmarked or she is typing it in directly in
whichcase there will be no referer (at least for most clients (browsers)).
Is there something wrong below? If yes, then why others are not getting any
bad referrer error.
If no, what could be the possible reasons that owner is the only person
getting bad referrer error?
What are you *really* trying to do? If you are trying to add a security
mechanism to a set of scripts this is definitely NOT the way to do it.
TIA,
Sara.
@referers = ('http://www.foo.com', 'http://foo.com');
The above is not scoped, which means you are still not using 'strict'
and 'warnings' which you have been warned of.
sub check_url {
local($check_referer) = 0;
This is a misuse of 'local'.
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
$check_referer = 1;
last;
}
}
}
if ($check_referer != 1) { error('bad_referer') }
}
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
