Solved

Request.ServerVariables("HTTP_REFERER") returns empty value in IE

Posted on 2010-09-09
10
1,587 Views
Last Modified: 2012-05-10
I am trying to find the previous page which redirected to my page using Request.ServerVariables("HTTP_REFERER").

I get a value in Firefox or chrome but it is always empty in IE7+

Is there any work-around for this.

Thanks
Shankar Manickam
0
Comment
Question by:shankarmanickam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33638955
What server language are you using?  Looks like ASP.NET which would put you on IIS.  You should "Request Attention" and get those zones added to your question.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33639044
I see that it's ASP.  For what it's worth, it does work in IE8 on IIS5.0.  You do have to get there from a link on another page.  If you go directly there by typing in the address, there is no referrer.
0
 

Author Comment

by:shankarmanickam
ID: 33639941
The page is redirected from Google.

http://www.google.com/url?q=http//wstest9/MyPage.aspx

This url redirects to the MyPage.aspx. But in MyPage.aspx Request.ServerVariables("HTTP_REFERER") is empty if the redirect happens in the IE.

But Request.ServerVariables("HTTP_REFERER") is equal to http://www.google.com/url?q=http//wstest9/MyPage.aspx in case of Firefox or Chrome.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33640189
This is the essence of what I've found: "when using a javascript based link or redirect, IE doesn't get the referer information."  Apparently, it has always been this way for IE.
0
 

Author Comment

by:shankarmanickam
ID: 33640473
Please provide me some solutions for this.

Thanks
Shankar Manickam.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33641301
The "HTTP_REFERER" is simply not going to be available from IE under that circumstance.  What is your goal in collecting the "HTTP_REFERER"?
0
 

Author Comment

by:shankarmanickam
ID: 33642473
I have to allow acccess to my site only from fixed list of websites.

If they are not coming from the fixed list of website, I should redirect to Unauthorized Users page.


Thanks
Shankar Manickam
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33642742
If they come to your site from a regular link, not javascript or redirect, then the "HTTP_REFERER" will be there in IE.  If you can make sure the allowed websites use regular links, then you can consider a blank "HTTP_REFERER" as unacceptable.  Note also that typing the address of that page directly in the address bar will result in no "HTTP_REFERER" for any browser as will a refresh after they are on the page.

If there is money involved, you should read this page: http://en.wikipedia.org/wiki/Referrer_spoofing  The "HTTP_REFERER" can be faked.
0
 

Author Comment

by:shankarmanickam
ID: 33664756
Is there any alternate for HTTP_REFERER that will get the source URL from which it was redirected.

Thanks
Shankar Manickam.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 33665559
Not that I know of.  In addition, most browsers can turn off the referer field for privacy.  You need to find a different way to limit access to your pages.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question