Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1007
  • Last Modified:

Coldfusion's CGI.HTTP_REFERER sometimes has missing info.

Hello,

I have recently implemented my own hit counter to my website in the application.cfm file.  So far, it has received over 23,000 entries.  Just by chance I noticed a problem that about 1 out of 1,000 of those entries have the CGI.HTTP_REFERER being returned missing the last character.  So for example it would say the referrer is http://www.mywebsite.com/index.cf without the "m" at the end.  When you try to go to that page it comes up as non existent.  But just to double check all my links, none of my links have the missing m.  It seems it is being lost somewhere in the processing.  Has anyone seen anything like this before?  is there a particular browser that is causing this?  Below is my code:

<cfquery name="Counter" datasource="#datasource#">
      INSERT INTO tblHits(Page, Referrer, Agent, HitTime)
      VALUES('#CGI.PATH_INFO#', '#CGI.HTTP_REFERER#', '#CGI.HTTP_USER_AGENT#', #dateadd("h",2,now())#)
</cfquery>

Since it would take approx 1,000 more hits before i could even expect to see this happen again, any links/resources to confirm your findings would be great *IF* you have them.  I wouldn't want to award a wrong answer since it would take a long time to "test" the solution.

Thanks,
Jeff
0
js_vaughan
Asked:
js_vaughan
1 Solution
 
Tacobell777Commented:
Is the width of the column (allowed character length) long enough or is being truncated?
0
 
Tacobell777Commented:
Personally I have never seen this before. Weird - maybe someone is fooling around with the http headers?
0
 
js_vaughanAuthor Commented:
Tacobell777, its definatly not a length issue.  I am using SQLs nvarchar type with a size of 4000.  Also, its doing this right after the .cfm (or.cf for that matter) so its not even getting to the query string part of the referrer.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
pinaldaveCommented:
never seems something like this...?
Do you have any param at the end of the cmf?param=1
I assume not. Is there any case when there is param and f is missing. Just curious?
--Pinal
0
 
Tacobell777Commented:
only thing I can think of is that someone fooled around with the http headers...
0
 
js_vaughanAuthor Commented:
Pinaldave,

I don't use the term 'param' after any of my strings.  Most of these anomalies come from my page search.cfm.  A typical query string for the search page would look like: search.cfm?search=on&state=IL&City=Chicago.  Four of the occurrences were from my index page which I know for a fact I don't even use query strings with.

Also, I used dreamwaver to search my site and it found 467 occurrences of the term .cfm.  I then did a search for .cf and 467 still came up, so that assures me its not a link problem.

I have tried manually reproducing this problem - I physically typed search.cf in the address bar which produces your typical "page cannot be found" error, then I typed in index.cfm but now the referrer shows us as blank (which is correct).  So as far as I can see its really impossible for those referrers to have .cf at the end cause the pages are nonexistent.  But of course, I have 2 dozen entries staring me in the face with a .cf referrer and I don't know how it got there.

Is http header tinkering really a possibility for the CGI.HTTP_REFERER?  This seems skeptical to me.  The only thing I can think of is a particular type of browser is causing this problem.  We have just started implementing the #CGI.HTTP_USER_AGENT#, we did not use to collect that information, so I don't have enough information yet to rely on that.  Plus from what I have read, it isn’t completely reliable anyways.
0
 
James RodgersWeb Applications DeveloperCommented:
not sure why it's happening but try this in your insert


<cfquery name="Counter" datasource="#datasource#">
     INSERT INTO tblHits(Page, Referrer, Agent, HitTime)
     VALUES(<cfqueryparam value="#CGI.PATH_INFO#" cfsqltype="CF_SQL_VARCHAR"> , <cfqueryparam value="#CGI.HTTP_REFERER#" cfsqltype="CF_SQL_VARCHAR"> ,<cfqueryparam value="#CGI.HTTP_USER_AGENT#" cfsqltype="CF_SQL_VARCHAR">, <cfqueryparam value="#dateadd("h",2,now())#" cfsqltype="CF_SQL_DATE"> )
</cfquery>

0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now