473,385 Members | 1,640 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > problem with document.referrer (urgent)

Join Bytes to post your question to a community of 473,385 software developers and data experts.

problem with document.referrer (urgent)

Hello,

I have a page that cannot be accessed by typing is url. It should only be
accessed by a link in another web page. The following scrip works fine:

<script>
<!--
var validreferrals=new Array()
validreferrals[0]="http://pdc/test/index.htm"
validreferrals[1]="http://pdc/test/index2.htm"

var passed=0

for (r=0;r<validreferrals.length;r++){
if (document.referrer.indexOf(validreferrals[r])!=-1){
passed=1
break
}
}

if (passed==0) {
alert("Access denied!")
history.go(-1)
}

//-->
</script>

My problem is that on one of the pages, (index2.htm) i use
window.location="http://pdc/test/index3.htm" (this is the protected page) to
access it, and it looks like the referrer is empty in this way. Is that any
any to solve my problem?

Best regards

Hugo Sousa

PS: Hope this is clear. If someone need more explanation, don't exitate to
post here asking for a more clear description
Jul 20 '05 #1
4 13188
On 03.7.28 11:25 AM, Hugo Sousa wrote:
Hello,

I have a page that cannot be accessed by typing is url. It should only be
accessed by a link in another web page. The following scrip works fine:

<script>
<!--
var validreferrals=new Array()
validreferrals[0]="http://pdc/test/index.htm"
validreferrals[1]="http://pdc/test/index2.htm"

var passed=0

for (r=0;r<validreferrals.length;r++){
if (document.referrer.indexOf(validreferrals[r])!=-1){
passed=1
break
}
}

if (passed==0) {
alert("Access denied!")
history.go(-1)
}

//-->
</script>

My problem is that on one of the pages, (index2.htm) i use
window.location="http://pdc/test/index3.htm" (this is the protected page) to
access it, and it looks like the referrer is empty in this way. Is that any
any to solve my problem?


You're wasting your time. Anyone can look at your pages just by turning
Javascript off in their browser.

If you want to restrict pages to particular referrers, then you have to use
server-side scripting.

Phil

--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)
Jul 20 '05 #2
Philip Ronan wrote:
On 03.7.28 11:25 AM, Hugo Sousa wrote:
Hello,

I have a page that cannot be accessed by typing is url. It should only be
accessed by a link in another web page. The following scrip works fine:

<script>
<!--
var validreferrals=new Array()
validreferrals[0]="http://pdc/test/index.htm"
validreferrals[1]="http://pdc/test/index2.htm"

var passed=0

for (r=0;r<validreferrals.length;r++){
if (document.referrer.indexOf(validreferrals[r])!=-1){
passed=1
break
}
}

if (passed==0) {
alert("Access denied!")
history.go(-1)
}

//-->
</script>

My problem is that on one of the pages, (index2.htm) i use
window.location="http://pdc/test/index3.htm" (this is the protected page) to
access it, and it looks like the referrer is empty in this way. Is that any
any to solve my problem?


You're wasting your time. Anyone can look at your pages just by turning
Javascript off in their browser.

If you want to restrict pages to particular referrers, then you have to use
server-side scripting.

Phil


While it's true that he could use server-side technology to restrict his page to
particular referers, it's also a waste of time. HTTP_REFERER can be easily
forged/spoofed/altered by non-browser applications. What referer he is allowing to
visit the page would be hidden of course, but depending on the design of the site,
it might be easy enough to figure out what pages/referers he's allowing to visit
the restricted page.

--
| Grant Wagner <gw*****@agricoreunited.com>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/...ce/frames.html

* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/a...ence_entry.asp

* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 6/7 and Mozilla
* http://www.mozilla.org/docs/web-deve...upgrade_2.html
Jul 20 '05 #3
On 03.7.28 4:19 PM, Grant Wagner wrote:
HTTP_REFERER can be easily
forged/spoofed/altered by non-browser applications.


I never knew that =:-O

Is this documented anywhere? I'm kind of curious because a lot of form->mail
server side scripts seem to rely on referrer checks. Obviously that would be
a useful way for spammers to remain anonymous...

Phil
--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)
Jul 20 '05 #4
Philip Ronan <ph***********@virgin.net> writes:
On 03.7.28 4:19 PM, Grant Wagner wrote:
HTTP_REFERER can be easily
forged/spoofed/altered by non-browser applications.
I never knew that =:-O

Is this documented anywhere?


It's in the HTTP protocol. It is a plain text protocol, so I can use
telnet and manually construct a HTTP requrest. That way I can enter
any value for the HTTP_REFERER header. Most HTTP utilities have
options to set the header values. You can check, e.g., "wget".
I'm kind of curious because a lot of form->mail
server side scripts seem to rely on referrer checks. Obviously that would be
a useful way for spammers to remain anonymous...


It's probably too much work for a spammer. There are suffciently many
open SMTP relays that they don't need to invest even the small amount
of work needed to guess the allowed hosts.

/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
Art D'HTML: <URL:http://www.infimum.dk/HTML/randomArtSplit.html>
'Faith without judgement merely degrades the spirit divine.'
Jul 20 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Hit Counter / Session Problem
by: wetchman | last post by:
Hey, I've got a little counter program written to log individual hits to a page without counting the same person twice. The problem is, it's counting the same people twice. Here's the logic: ...
ASP / Active Server Pages
3
Urgent problem, repeat, Urgent problem.
by: Rob | last post by:
I have a form - when you click the submit button, it appends a variable to the URL (e.g. xyz.cgi?inputID=some_dynamic_variable) It also opens a new page. Now, that some_dynamic_variable is...
Javascript
9
document.referrer question for tracking hits and visits
by: goks | last post by:
I'm using document.referrer method for tracking visits on my site. But it seems that, when someone finds my site with google, this method returns only: "google.com/search?q=xxxxx" (good) or...
Javascript
1
when document.referrer give blockedReferrer?
by: kuok benny | last post by:
Hi, I am trying to use the document.referrer to get the referrer of my home page. Occationally, I get the value of 'blockedReferrer'. Actually how this happen, how the client blocked the...
Javascript
9
document.referrer..
by: Frances Del Rio | last post by:
if I put alert(document.referrer) in code of a file that was linked from another it returns blank... pls, need to get document.referrer, don't why it's not working... read up on oreilly, don't...
Javascript
2
simple regular expression problem with document.referrer
by: Goober | last post by:
I have to determine the document.referrer of the individual coming to my site. I want to send everyone not coming from one of those sites to an alternate location (The names below are just used as...
Javascript
2
document.referrer value to text input
by: X l e c t r i c | last post by:
Hi, I'm trying to put the last URL visited to a text input using history.previous for WebTV (because I can't get document.referrer to work with WebTV) and document.referrer for PC. This is for...
Javascript
5
document referrer
by: Nospam | last post by:
does anyone know if there is anything wrong with this code? <SCRIPT LANGUAGE="JavaScript">document.referrer.indexOf("http://www.example.com") != -1){ ...
Javascript
1
document.referrer result being truncated!
by: gocre8 | last post by:
hope someone can advise! . . . i'm using this code... <SCRIPT LANGUAGE="JavaScript"> document.write("<INPUT type=hidden NAME=referrer VALUE=" + 'document.referrer' + ">"); </SCRIPT> to...
Javascript
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!