Solved

Need to spoof HTTP_REFERER in via a link

Posted on 2006-06-12
18
1,031 Views
Last Modified: 2013-11-24
I have a need to link to another site, however I do not want that site to know I am refering traffic to them.  I run .asp pages and javascript on my site now, I have looked and the only way I have seen to really do this is based on an article I found on Expert Exchange (http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_21793985.html).  But it was not detailed enough, I know ASP better than Java!!

Ideally here is what I want to happen is;
* Link from asp page with 1 dynamic vairable
* Open a new window
* Mask or remove the HTTP_REFERER
* reusable for several different links on the same page (ie the dymanic variable will change several times in a for next type loop

Here is the way I do it now but it does not spoof the referer (the "#" is to hide the URL from the user);
<a href="#" onClick="window.open('http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

What I want is a real world example of the javascript code (or any other proposed code that works with .asp - NOT .NET!) and the link syntax.
0
Comment
Question by:jloberg
  • 10
  • 6
18 Comments
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
The solution gave there was using JSP or servlet. If you want to use ASP (this is the wrong topic) and javascript you can use the AJAX method.
If I well understand, you want to not displayable to your user the link where you go.
You can use a webserver answering to your question in XML and the AJAX on the client managing these data.
Aiax goes with the activeXObject Microsoft.XMLHTTP, so you can use even a VBscript (if you are more familiar with Microsoft).
Bye, Giant.
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
About Ajax here is a step by step tutorial:
http://www.w3schools.com/ajax/default.asp

Hope this could help you.
Bye, Giant.
0
 

Author Comment

by:jloberg
Comment Utility
I posted in this form because that other post was the closest thing I was able to find to what I needed.  I am not familar with AJAX method.  If that is a solution and can be done in conjunction with ASP and you have the knowledge please provide a solution.

As far as displaying the link I guess in reality that is trivial, I would rather either remove or spoof the HTTP_REFERER compared to hiding the link from the end user.  But I definitely do need it to open in a new windows without the tool bars etc.

If there is a way to do this with Java / Javascript that would be great.  If not please let me know which topic (forum) you feel this should be posted.

Thank You,
Jerry
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
>But I definitely do need it to open in a new windows without the tool bars etc.
You can do this easily checking the mouse click and the CTRL or ALT click.
If you are able to check if these events occurs your problem is solved.
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
Here are many scripts for disable mouse click:
http://www.jsmadeeasy.com/javascripts/DHMTL%20Miscelanious/list_test.asp
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
Here for shift, alt and ctrl detection:
http://www.javascripter.net/faq/ctrl_alt.htm
0
 

Author Comment

by:jloberg
Comment Utility
Still not sure how to do it.  What would it take for you to code the file(s) (from what I saw AJAX will require a file to sit on the server).

The end user should not have to do anything other than click on the link, the script or what ever is needed will do the masking, spoofing of the HTTP_REFERER and opening the new window.

Again if you feel this is in the wrong forum please let m know where you think I should post this.  It does seem like Giant2 does know what it would take to get this to work.  I am looking for a complete working sample as I am not able to figure it own my own.  :(

I have searched the net for over a day and not found a working sample, so I am sure others would benefit from this solution also.
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
With te REFERER you can filter and check what was the root followed by the client. You can detect using VB, for example:
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>
<%
Dim strReferer
strReferer = Request.ServerVariables ("HTTP_REFERER")
If (Right(strReferer, 9) <> "index.htm") and _
  (Right(strReferer, 8) <> "menu.htm") then
    Response.Redirect("index.htm")
Else
%>
<html>

//put here if the check goes well

</html>
<% End If %>

this piece of code check if the request come from index.html or menu.html it redirect the request to index.html
If all goes ok, it follows with the rest of the code.

Hope this could solve your problem.
Bye, Giant.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:jloberg
Comment Utility
Maybe I did not explain it correctly...  

Lets say MY domain is abc.com, I have a link to http://www.somesite.com/testing/topic.asp?SID=1234 (the 1234 would be dynamic as shown in the original post).  I do not want www.somesite.com to know that abc.com was the domain that refered the user to them.  So I either need to 'blank out' the referer or change it to somesite.com.

Does that make sense?  Sorry if my original post was not clear enough on that.
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
As I told before, the EE example you point is referred to a JSP or Servlet. So if you want to use it you must have a JSP or a servlet.
I think you must be clear with onething:
Client click over the button/link.
YourServer receive the request and apply the empty REFERRER, so redirect the request to the other server.
Is this what you neded?
0
 

Author Comment

by:jloberg
Comment Utility
Sorry for the confusion, but yes, the end user (web user) will click on a link that is on the web page I am servering from server 1.  That link will have a link to server 2 and as the user clicks on the link (that the asp page created) I do not want to transfer server 1's referer information.

If this is the wrong forum what forum what for should I be posting it in?  Can the JSP or servlet work with my asp page?  If so then I am ok using JSP or a servlet.  Sorry if I am not being clear, I thought I knew more than I apparently do and I appologize for the frustration I appear to be casuing you!
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
I believe a better topic could be the HTML because to use JSP and Servlet you must have a servlet container (Tomcat, JBoss, etc.) but if you use ASP it's sure you do not have.
0
 

Author Comment

by:jloberg
Comment Utility
Ok, I will try.  So you do not have any proposed solutions that I can award you an acceptable solution for then?
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
I believe the only way is to direct the request passing from your server (not directly link).
I see even this link:
http://www.htmlforums.com/archive/index.php/t-42277.html
agree with me.

So I believe the solution is the one who passes from the server (which open a new URL connection without referer).
Good luck, Giant.
0
 

Accepted Solution

by:
tvtimes earned 100 total points
Comment Utility
Here is a solution although it is not javascript nor .asp, however it will work with .asp.  It is a perl / cgi script that you should be able to run (most web providers who use .asp also offer cgi).

This script does not transmit an HTTP_REFERER (It appears blank).  To give proper credit I did find the script at; http://watson-net.com/download/download.asp?name=Redirector&file=redir.zip

Test the syntax based on the following to a site that verifies if you are 'refered';

<a href="http://www.inet-police.com/cgi-bin/env.cgi"> Traditional Link</a>

<a href="/cgi-bin/redir.pl?url=http://www.inet-police.com/cgi-bin/env.cgi">Anonymous Link</a>


Because this uses a standard "a href", you should be able to use the following (based on your example).  You will need to save the redir.pl file into your cgi-bin folder;

<a href="#" onClick="window.open('/cgi-bin/redir.pl?url=http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

As long as you have cgi abilities this should meet your needs, otherwise based on other responses I think your out of luck.
0
 

Author Comment

by:jloberg
Comment Utility
Yes my host does have CGI abilities.
It is surprising that this seems to be the only solution.
But thanks.

Jerry
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
Sorry not help!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now