RE: HTTPS redirections

[anthony () synt3gra com]

Thank you for your responses.  I have never been much of a javascripter
and this information lends the next direction in which to proceed.  I'll
read javascript referential material more closely now.



&& Indeed they are using http referrers to check if it's a direct link or a
&& clicked one from another site, please bare in mind that unless you check
&& the
&& origin, google will be a valid referrer as well as other search engines.
&&
&& RCT Internet solutions.
&& http://dir.rct.co.il
&& http://www.rct.co.il
&& -----Original Message-----
&& From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
&& On
&& Behalf Of Jason Ross
&& Sent: Saturday, August 25, 2007 12:13 AM
&& To: anthony () synt3gra com
&& Cc: security-basics () securityfocus com
&& Subject: Re: HTTPS redirections
&&
&& On 8/24/07, anthony () synt3gra com <anthony () synt3gra com> wrote:
&&> I have noticed how some websites only allow access to a particular
&&> page if a link within the page has been 'clicked' ie. user cannot
&&> paste link address in browser bar to get to desired page.
&&> For security purposes I would like to create a script and achieve
&&> similar results.
&&
&& I believe that (at least one way) this is done is by checking the
&& referer header. In PHP this can be accessed via the predefined
&& variable: $_SERVER['HTTP_REFERER'], other languages should have
&& similar methods of obtaining this.
&&
&& AFAIK, there is not a difference between HTTP and HTTPS as far as
&& this method is concerned.
&&
&& --
&& Jason
&&
&&


-- 
_synt3gra IT Solutions
646.413.8153
52 Sullivan St.
Suite 364
NYC
10012