Security Basics mailing list archives
RE: HTTPS redirections
From: "Sergii Khomenko" <sergey.khomenko () gmail com>
Date: Mon, 27 Aug 2007 14:41:26 +0300
Anthony, Like Jason said this can be done by using http header information - referer field. By javascript for example you can access referer and depending on referer send a visitor to a page(site) you prefer. Here is an example how to access referer field by javascript http://www.netmechanic.com/news/vol4/javascript_no14.htm sergii
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jason Ross Sent: Saturday, August 25, 2007 12:13 AM To: anthony () synt3gra com Cc: security-basics () securityfocus com Subject: Re: HTTPS redirections On 8/24/07, anthony () synt3gra com <anthony () synt3gra com> wrote:I have noticed how some websites only allow access to a particular page if a link within the page has been 'clicked' ie. user cannot paste link address in browser bar to get to desired page. For security purposes I would like to create a script and achieve similar results.I believe that (at least one way) this is done is by checking the referer header. In PHP this can be accessed via the predefined variable: $_SERVER['HTTP_REFERER'], other languages should have similar methods of obtaining this. AFAIK, there is not a difference between HTTP and HTTPS as far as this method is concerned. -- Jason
Current thread:
- HTTPS redirections anthony (Aug 24)
- Re: HTTPS redirections Jason Ross (Aug 24)
- RE: HTTPS redirections whip (Aug 27)
- RE: HTTPS redirections Sergii Khomenko (Aug 28)
- RE: HTTPS redirections theog (Aug 28)
- RE: HTTPS redirections anthony (Aug 27)
- <Possible follow-ups>
- Re: Re: HTTPS redirections sf (Aug 28)
- Re: HTTPS redirections Jason Ross (Aug 24)