stripping out the base domain from a http_referer header

willa666
willa666 used Ask the Experts™
on
I opened this question but i have an issue with a certain situation.
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/ColdFusion/Q_22601211.html

I need to be able to see if the HTTP_REFFERER is from a certain domain, not just a certain page within this domain.

How can this be done?

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Commented:
You can use list functions to extract different parts of a URL. For example

<cfoutput>
protocol: #listGetAt(CGI.http_referer, 1, "/")#</br>
host (and port if any):   #listGetAt(CGI.http_referer, 2, "/")#
... etc..
</cfoutput>

Author

Commented:
Hey again agx

is this a working poc?
Most Valuable Expert 2015

Commented:
Yep, so long as CGI.http_referer is not an empty string

OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Most Valuable Expert 2015

Commented:
<cfif listLen(CGI.http_referer, "/") gte 2>
<cfoutput>
protocol: #listGetAt(CGI.http_referer, 1, "/")#</br>
host (and port if any):   #listGetAt(CGI.http_referer, 2, "/")#
</cfoutput>
</cfif>

Author

Commented:
I tried this and still no joy

I added the following code to like to itself so the HTTP_REFERER is not empty but still no joy.
<a href="#">link to myself</a>

What should happen when i use this code?

Author

Commented:
I tried this and still no joy

I added the following code to like to itself so the HTTP_REFERER is not empty but still no joy.
<a href="#">link to myself</a>

What should happen when i use this code?

Author

Commented:
I tried this and still no joy

I added the following code to like to itself so the HTTP_REFERER is not empty but still no joy.
<a href="#">link to myself</a>

What should happen when i use this code?
Most Valuable Expert 2015

Commented:
Try this

<cfoutput>
<a href="#CGI.SCRIPT_NAME#">link to myself</a>
</cfoutput>

Author

Commented:
morning mate

Lets take a differnt tack onthis.

I was trying to ues the following code to make sure a user was coming from a page that i difined, it started out with 1 page and then it just kept growing.

Now the code is starting to look messy.
<cfif "http://www.ncl.com/nclweb/agent/cmsPages.html?pageId=ComingSoon" eq #CGI.HTTP_REFERER# or "http://baseDoamin/book/JumpPage.htm" eq #CGI.HTTP_REFERER# or "https://baseDoamin/agent/forgot.cfm" eq #CGI.HTTP_REFERER# or "https://baseDoamin/agent/logout.cfm" eq #CGI.HTTP_REFERER# >
  <!--- No action taken if user has come from baseDoamin.com/ --->
<cfelse>
  <cflocation url="http://anotherDomain/book/JumpPage.htm" >
</cfif>


so now i want to accept every thing from a certain domain.
Most Valuable Expert 2015

Commented:
Morning

Doesn't the previous example give you the host/domain? I get the feeling I'm missing something. Feel free to tell me if I am ;-)  Keep in mind CGI.http_referer is just a string, and we're simply using list functions to grab a portion of that string.  Its nothing as elaborate as a dns lookup, or anything like that.

Take this example: If #CGI.http_referer# was:
http://www.google.com/search?hl=en&q=coldFusion+queries&btnG=Google+Search

The code below says treat the url as a list (delimited by "/") and grab the element in the 2nd list position (ie. "www.google.com")

<cfset referringHost       = "" />
<cfif listLen(CGI.http_referer, "/") gte 2>
      <cfset referringHost = listGetAt(CGI.http_referer, 2, "/")>
</cfif>
<cfoutput>referringHost is: referringHost#</cfoutput>
<cfif referringHost is "www.google.com">
      ... do something
<cfelse>
      ... do something else
</cfif>

Author

Commented:
Hi _agx_

had to drop off trhe grid for a coupl eof days to take care of some biz.

I think i can us this one, i stripped my page back to the bare essecals and it looks good.

I will post an update tommorow! :)

Author

Commented:
Ok so that worked fine for me.

thank you :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial