Solved

need script (check referrer)

Posted on 2000-03-03
11
230 Views
Last Modified: 2012-05-04
I need to modify my already functional perl scripts to only be executed when they are being referred by a specific web page.  The scripts are being called directly from a frameset called "frameset.html" and each perl script is being executed in its own frame.  If the referring page is invalid (referring page isn't "frameset.html"), a new window will open with the page "NotAuthorized.html".  This is how I need to format the perl script:

1) Check referring page (frameset.html)

2) IF referring page is OK, THEN
    --some other perl stuff--
    print "content-type: text/html\n\n";
    print "<html><body>Blah..Blah..Blah</body></html>";

3) ELSE, If referring page is NOT OK,
    print "content-type: text/html\n\n";
    print "{script to open new window with NotAuthorized.html}"; (**this I CAN do**)

4) exit;

My final question concerning this script is..will the user have to have 'cookies' enabled for the script to work since it will be verifying the referring page?

I'm not too good at perl, so if I could get a fully funcional script (except for the stuff I can already do) and maybe a little explanation, I would be very appreciative.  Thanks!

Tim
     
0
Comment
Question by:GorGor1
  • 5
  • 5
11 Comments
 
LVL 3

Accepted Solution

by:
guadalupe earned 150 total points
ID: 2580808
$referer_path = "http://yourdomain.com.ar/your_dir/referer.htm";

if ($ENV{HTTP_REFERER} eq $referer_path)
{
    #SHOW PAGE
}

{
    #SHOW Denied Message
}

0
 
LVL 3

Expert Comment

by:guadalupe
ID: 2580815
$referer_path = "http://yourdomain.com.ar/your_dir/referer.htm";

if ($ENV{HTTP_REFERER} eq $referer_path)
{
    #SHOW PAGE
}
else
{
    #SHOW Denied Message
}

0
 
LVL 1

Author Comment

by:GorGor1
ID: 2580826
Sorry, really dumb question...Does the 'ar' in 'yourdomain.com.ar' need to be included in the script even if my domain is 'yourdomain.com'?
0
 
LVL 1

Author Comment

by:GorGor1
ID: 2580834
and also, does this script's proper functionality depend on the user's cookies being enabled? (i wouldn't think so)
0
 
LVL 3

Expert Comment

by:guadalupe
ID: 2580852
NO!  Sorry that was left over from a copy paste.  Yo should set the $referer_path to the actual path of the page doing the calling to the script...  THAT MEANS the page of the frameset that is the form not the frameset page!!!!!!!!
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Expert Comment

by:guadalupe
ID: 2580860
No cookies dond have to be enables....

and come to think of it $referer_path should really be called $referer_url or somthing like that just for neatness sake...
0
 
LVL 1

Author Comment

by:GorGor1
ID: 2580985
"THAT MEANS the page of the frameset that is the form not the frameset page!!!!!!!!"

Ok, I have a page "frameset.html" that has the code:

<frameset cols="50%,*">
   <frame name="frame1" src="perlscript.pl">
   <frame name="frame2" src="page.html">
</frameset>

What should the referring page be?  "frameset.html"?  Thanks again.

0
 
LVL 3

Expert Comment

by:guadalupe
ID: 2581106
Ok maybe I got confused... if perlscript.pl is the one which does the HTTP_Referer check then the $referer_path should be frameset.html (Of course with the full URL - http://....)

Other wise I'm not sure and you'll have to explain a little more the exact flow...
0
 
LVL 1

Author Comment

by:GorGor1
ID: 2581126
Thanks, i'll give it a try a little later and let you know...but I'm sure it will work  :o)
0
 
LVL 8

Expert Comment

by:jhurst
ID: 2581543
http_referer is not set by all browsers.  It will usually work.

0
 
LVL 1

Author Comment

by:GorGor1
ID: 2584055
Thanks!  It works great!  I'll just let users know that if they have problems, they'll have to upgrade their browsers.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
binary to char / hexadecimal 5 104
cpan issue 1 61
PERL export multiple query results to a JSON file 1 160
Union rows in array that have common elements 2 89
Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now