Security Basics mailing list archives
RE: HTTPS redirections
From: anthony () synt3gra com
Date: Mon, 27 Aug 2007 16:45:32 -0400 (EDT)
Thank you for your responses. I have never been much of a javascripter and this information lends the next direction in which to proceed. I'll read javascript referential material more closely now. && Indeed they are using http referrers to check if it's a direct link or a && clicked one from another site, please bare in mind that unless you check && the && origin, google will be a valid referrer as well as other search engines. && && RCT Internet solutions. && http://dir.rct.co.il && http://www.rct.co.il && -----Original Message----- && From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] && On && Behalf Of Jason Ross && Sent: Saturday, August 25, 2007 12:13 AM && To: anthony () synt3gra com && Cc: security-basics () securityfocus com && Subject: Re: HTTPS redirections && && On 8/24/07, anthony () synt3gra com <anthony () synt3gra com> wrote: &&> I have noticed how some websites only allow access to a particular &&> page if a link within the page has been 'clicked' ie. user cannot &&> paste link address in browser bar to get to desired page. &&> For security purposes I would like to create a script and achieve &&> similar results. && && I believe that (at least one way) this is done is by checking the && referer header. In PHP this can be accessed via the predefined && variable: $_SERVER['HTTP_REFERER'], other languages should have && similar methods of obtaining this. && && AFAIK, there is not a difference between HTTP and HTTPS as far as && this method is concerned. && && -- && Jason && && -- _synt3gra IT Solutions 646.413.8153 52 Sullivan St. Suite 364 NYC 10012
Current thread:
- HTTPS redirections anthony (Aug 24)
- Re: HTTPS redirections Jason Ross (Aug 24)
- RE: HTTPS redirections whip (Aug 27)
- RE: HTTPS redirections Sergii Khomenko (Aug 28)
- RE: HTTPS redirections theog (Aug 28)
- RE: HTTPS redirections anthony (Aug 27)
- <Possible follow-ups>
- Re: Re: HTTPS redirections sf (Aug 28)
- Re: HTTPS redirections Jason Ross (Aug 24)