Re: Bad referrer!
Some computers have special security settings to hide the refferer, you need to find a way to disable the security setting. Sara [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] There was a script which people were using remotely, so I have to add this simple subroutine to check referrers. Currently, the site is getting approx. 20,000 hits per day. NO one, not even a single person claimed that they have experienced any problem after implementing this change, except for the owner of the site. I am webmaster for the site. And now she is pushing to undo this change immediately because she is constantly getting error(bad_referrer) and unable to use this script and we both know she is the only one experiencing this problem. Is there something wrong below? If yes, then why others are not getting any bad referrer error. If no, what could be the possible reasons that owner is the only person getting bad referrer error? TIA, Sara. @referers = ('http://www.foo.com', 'http://foo.com'); sub check_url { local($check_referer) = 0; if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) { $check_referer = 1; last; } } } if ($check_referer != 1) { error('bad_referer') } } -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
What are you *really* trying to do? If you are trying to add a security mechanism to a set of scripts this is definitely NOT the way to do it. Yep, I want to add the security mechanism and want to protect my work from the vultures who are eating up my band width. Can you please steer me in the right direction? Thanks for your help. Sara. - Original Message - From: Wiggins d'Anconia [EMAIL PROTECTED] To: Sara [EMAIL PROTECTED]; beginperl [EMAIL PROTECTED] Sent: Sunday, December 07, 2003 3:20 AM Subject: Re: Bad referrer! Sara wrote: There was a script which people were using remotely, so I have to add this simple subroutine to check referrers. Currently, the site is getting approx. 20,000 hits per day. I don't think you are using the correct ENV variable. The referer tells you what page the user was linking from when they made the submission, which among other things is very spoofable so really shouldn't be used for much of anything, especially supposed security. It can allow you assuming someone isn't messing with you to track a users path through a site, etc. but beyond that is pretty much worthless. NO one, not even a single person claimed that they have experienced any problem after implementing this change, except for the owner of the site. I am webmaster for the site. And now she is pushing to undo this change immediately because she is constantly getting error(bad_referrer) and unable to use this script and we both know she is the only one experiencing this problem. Sounds like it is bookmarked or she is typing it in directly in whichcase there will be no referer (at least for most clients (browsers)). Is there something wrong below? If yes, then why others are not getting any bad referrer error. If no, what could be the possible reasons that owner is the only person getting bad referrer error? What are you *really* trying to do? If you are trying to add a security mechanism to a set of scripts this is definitely NOT the way to do it. TIA, Sara. @referers = ('http://www.foo.com', 'http://foo.com'); The above is not scoped, which means you are still not using 'strict' and 'warnings' which you have been warned of. sub check_url { local($check_referer) = 0; This is a misuse of 'local'. if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) { $check_referer = 1; last; } } } if ($check_referer != 1) { error('bad_referer') } } http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Bad referrer!
There was a script which people were using remotely, so I have to add this simple subroutine to check referrers. Currently, the site is getting approx. 20,000 hits per day. NO one, not even a single person claimed that they have experienced any problem after implementing this change, except for the owner of the site. I am webmaster for the site. And now she is pushing to undo this change immediately because she is constantly getting error(bad_referrer) and unable to use this script and we both know she is the only one experiencing this problem. Is there something wrong below? If yes, then why others are not getting any bad referrer error. If no, what could be the possible reasons that owner is the only person getting bad referrer error? TIA, Sara. @referers = ('http://www.foo.com', 'http://foo.com'); sub check_url { local($check_referer) = 0; if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) { $check_referer = 1; last; } } } if ($check_referer != 1) { error('bad_referer') } } -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
Sara wrote: There was a script which people were using remotely, so I have to add this simple subroutine to check referrers. Currently, the site is getting approx. 20,000 hits per day. NO one, not even a single person claimed that they have experienced any problem after implementing this change, except for the owner of the site. I am webmaster for the site. And now she is pushing to undo this change immediately because she is constantly getting error(bad_referrer) and unable to use this script and we both know she is the only one experiencing this problem. Is there something wrong below? If yes, then why others are not getting any bad referrer error. If no, what could be the possible reasons that owner is the only person getting bad referrer error? TIA, Sara. @referers = ('http://www.foo.com', 'http://foo.com'); sub check_url { local($check_referer) = 0; if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) { $check_referer = 1; last; } } } if ($check_referer != 1) { error('bad_referer') } } Is the owner of the site perhaps accessing the site via an internal IP address or an internal hostname instead of the visible outside hostname? -- Andrew Gaffney -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
Sara wrote: There was a script which people were using remotely, so I have to add this simple subroutine to check referrers. Currently, the site is getting approx. 20,000 hits per day. I don't think you are using the correct ENV variable. The referer tells you what page the user was linking from when they made the submission, which among other things is very spoofable so really shouldn't be used for much of anything, especially supposed security. It can allow you assuming someone isn't messing with you to track a users path through a site, etc. but beyond that is pretty much worthless. NO one, not even a single person claimed that they have experienced any problem after implementing this change, except for the owner of the site. I am webmaster for the site. And now she is pushing to undo this change immediately because she is constantly getting error(bad_referrer) and unable to use this script and we both know she is the only one experiencing this problem. Sounds like it is bookmarked or she is typing it in directly in whichcase there will be no referer (at least for most clients (browsers)). Is there something wrong below? If yes, then why others are not getting any bad referrer error. If no, what could be the possible reasons that owner is the only person getting bad referrer error? What are you *really* trying to do? If you are trying to add a security mechanism to a set of scripts this is definitely NOT the way to do it. TIA, Sara. @referers = ('http://www.foo.com', 'http://foo.com'); The above is not scoped, which means you are still not using 'strict' and 'warnings' which you have been warned of. sub check_url { local($check_referer) = 0; This is a misuse of 'local'. if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) { $check_referer = 1; last; } } } if ($check_referer != 1) { error('bad_referer') } } http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response