RE: HTTPS redirections



Indeed they are using http referrers to check if it's a direct link or a
clicked one from another site, please bare in mind that unless you check the
origin, google will be a valid referrer as well as other search engines.

RCT Internet solutions.
http://dir.rct.co.il
http://www.rct.co.il
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Jason Ross
Sent: Saturday, August 25, 2007 12:13 AM
To: anthony@xxxxxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: HTTPS redirections

On 8/24/07, anthony@xxxxxxxxxxxx <anthony@xxxxxxxxxxxx> wrote:
I have noticed how some websites only allow access to a particular
page if a link within the page has been 'clicked' ie. user cannot
paste link address in browser bar to get to desired page.
For security purposes I would like to create a script and achieve
similar results.

I believe that (at least one way) this is done is by checking the
referer header. In PHP this can be accessed via the predefined
variable: $_SERVER['HTTP_REFERER'], other languages should have
similar methods of obtaining this.

AFAIK, there is not a difference between HTTP and HTTPS as far as
this method is concerned.

--
Jason



Relevant Pages

  • Re: Decrypting ad URLs
    ... computer users. ... That's a far more relevant snippet of information. ... What no just came to mind is a trivial part of HTTP: ...
    (sci.crypt)
  • Re: Decrypting ad URLs
    ... savvy computer users. ... That's a far more relevant snippet of information. ... What no just came to mind is a trivial part of HTTP: the GET operation is supposed to be idempotent. ...
    (sci.crypt)
  • Re: communication over http
    ... > their traffic in HTTP, firewalls will get more picky about what HTTP ... > SOAP springs to mind. ... with Indy components but failed, so I'm thinking there must be a RPC ...
    (comp.lang.pascal.delphi.misc)
  • Re: communication over http
    ... > or Remoting in .NET. ... > get past firewall. ... their traffic in HTTP, firewalls will get more picky about what HTTP ... SOAP springs to mind. ...
    (comp.lang.pascal.delphi.misc)
  • Re: Update
    ... Rich Mackin wrote: ... Meanwhile First Great Western and First Great Western Link are both giving ... an HTTP 404 error! ... Mind you, it is 02:14 on day 1 of Greater Western so ...
    (uk.railway)