RE: HTTPS redirections

["Sergii Khomenko" <sergey.khomenko () gmail com>]

Anthony,

Like Jason said this can be done by using http header information - referer field.

By javascript for example you can access referer and depending on referer send a visitor to a page(site) you prefer.

Here is an example how to access referer field by javascript http://www.netmechanic.com/news/vol4/javascript_no14.htm

sergii

> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Jason Ross
> Sent: Saturday, August 25, 2007 12:13 AM
> To: anthony () synt3gra com
> Cc: security-basics () securityfocus com
> Subject: Re: HTTPS redirections
>
> On 8/24/07, anthony () synt3gra com <anthony () synt3gra com> wrote:
> > I have noticed how some websites only allow access to a particular
> > page if a link within the page has been 'clicked' ie. user cannot
> > paste link address in browser bar to get to desired page.
> > For security purposes I would like to create a script and achieve
> > similar results.
>
> I believe that (at least one way) this is done is by checking the
> referer header. In PHP this can be accessed via the predefined
> variable: $_SERVER['HTTP_REFERER'], other languages should have
> similar methods of obtaining this.
>
> AFAIK, there is not a difference between HTTP and HTTPS as far as
> this method is concerned.
>
> --
> Jason