473,472 Members | 2,174 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

determine origin of request

How to determine if a request originated from a link click , or otherwise
( such as pasting the url the browser ).

This would seem to work ...

if (Request.Url.Host == Request.UrlReferrer.Host)
{
But what if Request.UrlReferrer == null ... ?

Any other ideas ?
Aug 28 '06 #1
4 8162
"John A Grandy" <johnagrandy-at-yahoo-dot-comwrote in message
news:OH**************@TK2MSFTNGP05.phx.gbl...
How to determine if a request originated from a link click , or otherwise
( such as pasting the url the browser ).

This would seem to work ...

if (Request.Url.Host == Request.UrlReferrer.Host)
{
But what if Request.UrlReferrer == null ... ?
Request.UrlReferrer, aka Request.ServerVariables["HTTP_REFERER"] cannot be
relied upon at all...
http://www.google.co.uk/search?hl=en...reliable&meta=

Just like the IP address, it is so easy to spoof it
(http://www.datatrendsoftware.com/spoof.html), to the extent where the best
advice I can give you is simply not to try. Think about why you *REALLY*
need to know this information, and then work around it...
Aug 28 '06 #2
Hmmm ...

Ok. Well, for sites with a tracking page that writes some tracking data to
db and then redirects to the target url, what are other solutions to stop
hackers from manipulating the tracking data ?

"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:ur**************@TK2MSFTNGP03.phx.gbl...
"John A Grandy" <johnagrandy-at-yahoo-dot-comwrote in message
news:OH**************@TK2MSFTNGP05.phx.gbl...
>How to determine if a request originated from a link click , or otherwise
( such as pasting the url the browser ).

This would seem to work ...

if (Request.Url.Host == Request.UrlReferrer.Host)
{
But what if Request.UrlReferrer == null ... ?

Request.UrlReferrer, aka Request.ServerVariables["HTTP_REFERER"] cannot be
relied upon at all...
http://www.google.co.uk/search?hl=en...reliable&meta=

Just like the IP address, it is so easy to spoof it
(http://www.datatrendsoftware.com/spoof.html), to the extent where the
best advice I can give you is simply not to try. Think about why you
*REALLY* need to know this information, and then work around it...

Aug 29 '06 #3
"John A Grandy" <johnagrandy-at-yahoo-dot-comwrote in message
news:eG**************@TK2MSFTNGP04.phx.gbl...
Ok. Well, for sites with a tracking page that writes some tracking data to
db and then redirects to the target url,
LOL! All that tells them is that the target URL has come from the tracking
page! The initial request to the tracking page could have come from
anywhere - don't you get it?
what are other solutions to stop hackers from manipulating the tracking
data ?
None that I know of, and this is another of those occasions where I would
dearly *love* to be proven wrong...

I've seen all sorts of "smoke and mirrors" solutions involving encrypted
querystrings and God knows what - none of them works...
Aug 29 '06 #4
Guess I'm not as cynical as you.

I do see a couple moves in the right direction :

1. checking Request.UrlReferrer.Host against Request.Url.Host at least
prevents against the simple hack of copy/pasting a url from a link button
into a brower.

2. hashing the track click url and tacking it onto the end as an additional
param and on link click re-constructing the hash server-side and comparing
to the link's hash would prevent against automated software that sent
endless tracking requests with small variations
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:u8**************@TK2MSFTNGP05.phx.gbl...
"John A Grandy" <johnagrandy-at-yahoo-dot-comwrote in message
news:eG**************@TK2MSFTNGP04.phx.gbl...
>Ok. Well, for sites with a tracking page that writes some tracking data
to db and then redirects to the target url,

LOL! All that tells them is that the target URL has come from the tracking
page! The initial request to the tracking page could have come from
anywhere - don't you get it?
>what are other solutions to stop hackers from manipulating the tracking
data ?

None that I know of, and this is another of those occasions where I would
dearly *love* to be proven wrong...

I've seen all sorts of "smoke and mirrors" solutions involving encrypted
querystrings and God knows what - none of them works...

Aug 29 '06 #5
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
how to determine is a FORM has displayed for first time?
by: bart plessers | last post by:
Hello, I have a form with some checkboxes, i.e. The default value of this checkbox is determined in a global file (config.asp), that is included in first line of the form, i.e. ShowFilenames...
ASP / Active Server Pages
2
Using ASP to determine the OS
by: Nathan Sokalski | last post by:
I want to determine the operating system using ASP (or VBScript inside of ASP). I tried to get it using the Request. ServerVariables(EnvironmentVariable) method. On the web page about ASP in which...
ASP / Active Server Pages
5
Determine closedate depending on a metatable and this closedate will be used in a query
by: Hennie de Nooijer | last post by:
Hi, This is a diffcult issue to explain. I hope to make my problem clear to you. SITUATION I'm building A SLA Query for a customer. This customer has an awkward way to determine the SLA results...
Microsoft SQL Server
13
Using javascript to determine if a web server is responding.
by: long5120 | last post by:
I am trying to use webpage with javascript to check if a web server is responding. I was thinking of using 2 frames. Frame1 will have the site, and the Frame2 will be a status bar (not really...
Javascript
2
HTTPRequest and Same Origin Policy
by: Randy Webb | last post by:
Is the HTTPRequest Object in IE limited to the Same Origin Policy when run from a webserver? <URL: http://www.hikksworld.com/HTTPRequestIE.html /> When run in IE, throws a "Permission Denied"...
Javascript
18
Determine the current event
by: Christopher W. Douglas | last post by:
I am writing a VB.NET application in Visual Studio 2003. I have written a method that handles several events, such as closing a form and changing the visible status of a form. I have some code...
.NET Framework
17
Origin and History of Dot Syntax
by: Keith H Duggar | last post by:
Can anyone point me to the origin and history of the dot syntax for accessing structures? Were there languages prior to C that used it? Who invented it? etc.
C / C++
3
Determine mouse movement direction
by: Paul L | last post by:
Anyone know a quick way of determining which direction the mouse cursor is moving (ie. up, down, left, right) from a specified origin? Thanks, Paul L
C# / C Sharp
4
Same origin policy in IE !
by: Turko | last post by:
Hi all. I m searching for the equivalent of : try { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); } catch (e) { alert("Permission UniversalXPConnect denied."); }
Javascript
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us