Veeraswamy, Thanks for that. I have done the same.
Instead of HTTP_REFERER, I have used 'referer'. When I was working with ASP, I have done this with HTTP_REFERER and I tried the same with JSP-Struts application also. But it didn't work. Then I printed all the headers and noticed that it should be 'referer' instead of 'HTTP_REFERRER' This is working now. But I am wondering if this a good practice or not because I have not seen this as a standard anywhere. Sriram -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 10:27 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Disallow user to modify URL in browser address bar Importance: High You can check the "HTTP_REFERRER" host header info. If you click an url (hyperlink) http://localhost:8080/app/str/testview_srchpost.do which is given in http://localhost:8080/app/str/index.jsp page then the referrer would be http://localhost:8080/app/str/index.jsp if you just type the url in the location bar, then the referrer would be blank. You can check that out and send a status 500 in the header. > -----Original Message----- > From: Syed, Nazeer [mailto:[EMAIL PROTECTED] > Sent: Friday, August 22, 2003 7:11 PM > To: Struts Users Mailing List > Subject: RE: Disallow user to modify URL in browser address bar > > > > If testview_srchpost.do and testtwoview_srchpost.do are > valid action then you cannot restrict. This means > testview_srchpost.do, esttwoview_srchpost.do are in Struts > Config File > > If that testtwoview_srchpost.do not Valid action then It will > go default page or Error Page > > Thanks > Nazeer > > > -----Original Message----- > From: sriram [mailto:[EMAIL PROTECTED] > Sent: Friday, August 22, 2003 2:16 AM > To: 'Struts Users Mailing List' > Subject: Disallow user to modify URL in browser address bar > > How to identify if user has manipulated the URL in Address > Bar of the browser? > > For ex., the application displays a page with the following URL: > http://localhost:8080/app/str/testview_srchpost.do Now, the user modifies the URL in the address bard. Instead of testview_srchpost.do, user types testtwoview_srchpost.do and clicks ENTER. I want to restrict such types of URL modification Struts application. I should take the user to a default access denied page when ever user does such changes. How to identify this action of the user? Pl. give some ideas.
