Re: HTTPS redirections

---

• From: "Jason Ross" <algorythm@xxxxxxxxx>
• Date: Fri, 24 Aug 2007 17:12:56 -0400

---

On 8/24/07, anthony@xxxxxxxxxxxx <anthony@xxxxxxxxxxxx> wrote:

I have noticed how some websites only allow access to a particular
page if a link within the page has been 'clicked' ie. user cannot
paste link address in browser bar to get to desired page.
For security purposes I would like to create a script and achieve
similar results.

I believe that (at least one way) this is done is by checking the
referer header. In PHP this can be accessed via the predefined
variable: $_SERVER['HTTP_REFERER'], other languages should have
similar methods of obtaining this.

AFAIK, there is not a difference between HTTP and HTTPS as far as
this method is concerned.

--
Jason

---

• Follow-Ups:
  • RE: HTTPS redirections
    • From: theog
  • RE: HTTPS redirections
    • From: Sergii Khomenko
  • RE: HTTPS redirections
    • From: whip

• References:
  • HTTPS redirections
    • From: anthony

• Prev by Date: Find policies applied to an AD computer
• Next by Date: How good is IT Security World Conference?
• Previous by thread: HTTPS redirections
• Next by thread: RE: HTTPS redirections
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2007-08