Link to home
Start Free TrialLog in
Avatar of mehdi
mehdi

asked on

HTTP REFERER is not set..

Hi people,

Not sure where this question should go - but i figure that Apache admins will probably have some clue.

The problem is this.  Target code, needs to check the referer, and is doing so fine.  However, we need to detect when one URL in particular has made the request for the current page.

We are logging the REFERER in the target script, but from the server we actually need to detect, there is no REFERER variable.

Assuming that we have access to change the calling server, and the target server, how can we ensure that the referer comes through ?

Let me know if that needs further explanation.  Your help would be appreciated.

Many thanks in advance.

~~~~~~~~~~~~~~~~~~~~~~~~~~~
The secret lemonade drinker
Avatar of mehdi
mehdi

ASKER

i found this :

http://www.faqts.com/knowledge_base/view.phtml/aid/31/fid/9

so i think i should add that the calling page, is not a link.  Its a script, (search indexer) that makes HTTP requests, something that is not exactly covered by the link above.

Thanks

~~~~~~~~~~~~~~~~~~~~~~~~~~~
The secret lemonade drinker
Avatar of mehdi

ASKER

i found this :

http://www.faqts.com/knowledge_base/view.phtml/aid/31/fid/9

so i think i should add that the calling page, is not a link.  Its a script, (search indexer) that makes HTTP requests, something that is not exactly covered by the link above.

Thanks

~~~~~~~~~~~~~~~~~~~~~~~~~~~
The secret lemonade drinker
Avatar of periwinkle
mehdi -

Do you know what browser is being used?  HTTP_REFERER is not passed by some older browsers....
P.S. this might be of interest to you:

http://www.flora.org/lynx-dev/html/month011998/msg00304.html

In particular:

"Note that Lynx can be configured so that it never sends a Referer header, as is also the case for a number of browsers, so any procedure which depends on that header will be unreliable."
Avatar of mehdi

ASKER

Thanks guys,

There is no browser involved in this situation.  The "thing" making the request is a program.  "The program" happens to be a script on another webserver (lets say a perl script), it works by making HTTP requests to another server... since the requests are HTTP requests, im kind of hoping to be able to identify them from the target box..

The answer may be that the code making the HTTP request has to do somehting to set the REFERER, this is what I dont know.

Are there any "server" specific things needed to send the referer, or is this 'solely' the function of the user-agent ?

Cheers,


Mehdi


~~~~~~~~~~~~~~~~~~~~~~~~~~~
The secret lemonade drinker
ASKER CERTIFIED SOLUTION
Avatar of periwinkle
periwinkle
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
P.S. I would expect that it would be part of the httpd spec:

http://www.w3.org/Protocols/
But mehdi just a question:

If your program sending the query is able to set the referer,
if your script receiving the query check only the referer,

dont you think that someone else can write a program that send the same http_referer to the same URI ???

I think in your case the best solution is simply to secure with an http authentification, no matter with http_referer.

M.