Solved

browser not sending HTTP_REFERER headers to website

Posted on 2008-06-21
7
3,203 Views
Last Modified: 2013-12-08
I'm trying to sign up for stream my game, but everything I click "New User" I get an error.
I have tried lowering my settings in IE7 to allow everything, windows firewall is off, and i don't have any firewall programs, but i do have a watchguard firewall.


Warning: your browser doesn't send the HTTP_REFERER header to the website.

This can be caused due to your browser, using a proxy server or your firewall.

Please change browser or turn off the use of a proxy

or turn off the 'Deny servers to trace web browsing' in your firewall

and you shouldn't have problems when sending a POST on this website.

Open in new window

0
Comment
Question by:milkyline
  • 4
  • 3
7 Comments
 
LVL 14

Expert Comment

by:agriesser
ID: 21838865
Please go to http://tuxx-home.at/temp/info.php, click on the link and post the results here.
I've written a small script which prints out all the server variables set when accessing this page.
0
 

Author Comment

by:milkyline
ID: 21839015
DOCUMENT_ROOT=/home/tuxx/www/htdocs
GATEWAY_INTERFACE=CGI/1.1
HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-us
HTTP_CONNECTION=Keep-Alive
HTTP_HOST=tuxx-home.at
HTTP_UA_CPU=x86
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648)
PATH=/bin:/usr/bin
QUERY_STRING=clicked
REDIRECT_STATUS=200
REMOTE_ADDR=71.41.221.70
REMOTE_HOST=rrcs-71-41-221-70.se.biz.rr.com
REMOTE_PORT=4541
REQUEST_METHOD=GET
REQUEST_URI=/temp/info.php?clicked
SCRIPT_FILENAME=/home/tuxx/www/htdocs/temp/info.php
SCRIPT_NAME=/temp/info.php
SERVER_ADDR=88.198.57.56
SERVER_ADMIN=office@tuxx-home.at
SERVER_NAME=tuxx-home.at
SERVER_PORT=80
SERVER_PROTOCOL=HTTP/1.1
SERVER_SIGNATURE=
ORIG_SCRIPT_NAME=/temp/info.php
ORIG_SCRIPT_FILENAME=/home/tuxx/www/htdocs/temp/info.php
PHP_SELF=/temp/info.php
REQUEST_TIME=1214085289
argv=Array
argc=1
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21839052
Strange. I see that you did access this site with a Mozilla browser (probably Firefox 1.x), is that true?
That would at least tell us that the problem is not related to IE7.

Have you checked the sendRefererHeader setting in Firefox?
To do this, open the URL "about:config" and search for "network.http.sendRefererHeader". This value should read "1".

Your computer might also be infected by Smitfraud/Zlog, please check that:
http://boards.cexx.org/index.php?topic=15022.msg61952
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:milkyline
ID: 21839200
No, I am useing Internet Explorer 7. I have a portable verson of Firefox 2, but I only used it for some testing, but I went and changed that setting and I still have the same message. I went and ran the clean feature of that program they listed, but that too didn't solve my problem.
0
 
LVL 14

Accepted Solution

by:
agriesser earned 250 total points
ID: 21840119
So to summarize: It doesn't matter wheter you're using IE or Firefox, both browsers don't send the HTTP_REFERER option, is that true?

Then it might really be an issue of your Watchguard Firewall/proxy solution.
I found an article about configuring the outgoing proxy characteristics of this applicance here:
https://www.watchguard.com/support/fireware_howto/83/HTTP_Proxy_OutgoingProxyAction.pdf

Quoting the interesting part:

-----------------------------------------------
Clients use the Referer header to send the address (URI) of the resource from which this request-URI was obtained. In
other words, sometimes when you click on a link, your browser sends information about the site you just came from.
This lets the receiving server gather statistics, optimize caching, trace bad links, and so on. Some users feel it is a
breach of privacy to tell any server what previous site referred the user to visit this site. Some sites do not allow connections
if the Referer field is not present or if the referer is not a certain domain. In addition, many CGI scripts that
run on the web server rely on the Referer header to make sure the HTTP request comes from a previously scripted
event. This is becoming less common as web security professionals realize that the header is easily spoofed. Because
stripping this header causes some connections to break, the rule is disabled by default.
Recommendation:
Keep the defaults unless you are familiar with the header you want to strip and know the consequences if you
strip it. Most request headers the client sends are necessary for the server to know the intentions and the
capabilities of the client.
-------------------------------------------

Could you check this setting on your watchguard firewall?
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21924187
Any updates on this one?
0
 

Author Closing Comment

by:milkyline
ID: 31469462
Helped solve my problem
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now