mailing list archives
RE: HTTPS redirections
From: anthony () synt3gra com
Date: Mon, 27 Aug 2007 16:45:32 -0400 (EDT)
and this information lends the next direction in which to proceed. I'll
&& Indeed they are using http referrers to check if it's a direct link or a
&& clicked one from another site, please bare in mind that unless you check
&& origin, google will be a valid referrer as well as other search engines.
&& RCT Internet solutions.
&& -----Original Message-----
&& From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
&& Behalf Of Jason Ross
&& Sent: Saturday, August 25, 2007 12:13 AM
&& To: anthony () synt3gra com
&& Cc: security-basics () securityfocus com
&& Subject: Re: HTTPS redirections
&& On 8/24/07, anthony () synt3gra com <anthony () synt3gra com> wrote:
&&> I have noticed how some websites only allow access to a particular
&&> page if a link within the page has been 'clicked' ie. user cannot
&&> paste link address in browser bar to get to desired page.
&&> For security purposes I would like to create a script and achieve
&&> similar results.
&& I believe that (at least one way) this is done is by checking the
&& referer header. In PHP this can be accessed via the predefined
&& variable: $_SERVER['HTTP_REFERER'], other languages should have
&& similar methods of obtaining this.
&& AFAIK, there is not a difference between HTTP and HTTPS as far as
&& this method is concerned.
_synt3gra IT Solutions
52 Sullivan St.