HTTP_REFERER avoidance?

Discussion in 'ASP General' started by Dave Anderson, Apr 20, 2004.

  1. I have had the misfortune of having to debug a problem with a vendor
    application, and have determined that the problem was caused by the
    existence of the HTTP_REFERER header.

    Assuming I want the user to reach http://server/app.dll?qsinfo, each of the
    following causes the app to function correctly:
    • window.location.replace("http://server/app.dll?qsinfo")
    • <META HTTP-EQUIV="REFRESH" CONTENT="0;URL=http://server/app.dll?qsinfo">
    • window.open("http://server/app.dll?qsinfo")
    • Opening the URL from a bookmark, desktop shortcut, or an application
    other than the browser.

    Each of these causes failure:
    • <A HREF="http://server/app.dll?qsinfo">Go</A>
    • <A HREF="Redirect.asp">Go</A>, where Redirect.asp reads:
    <% Response.Redirect("http://server/app.dll?qsinfo") %>
    • Ditto, but with Server.Transfer()
    • <IFRAME SRC="http://server/app.dll?qsinfo"></IFRAME>

    I suspected early on that the HTTP_REFERER was the culprit, as the
    above divide neatly according to absence or presence of that header.
    Fortunately, Mozilla allows me to confirm this:

    [about:config] --> set network.http.sendRefererHeader = 0


    Now, I am perfectly capable of using a workaround until the vendor fixes the
    problem (my colleagues were happy to run with the META solution, but I find
    it inelegant), but I am left wondering if there were an easier solution
    available to me.

    Is anyone here aware of a means of stripping the HTTP_REFERER header?



    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
     
    Dave Anderson, Apr 20, 2004
    #1
    1. Advertising

  2. Dave Anderson

    Roland Hall Guest

    "Dave Anderson" wrote in message
    news:u$...
    : I have had the misfortune of having to debug a problem with a vendor
    : application, and have determined that the problem was caused by the
    : existence of the HTTP_REFERER header.
    :
    : Assuming I want the user to reach http://server/app.dll?qsinfo, each of
    the
    : following causes the app to function correctly:
    : . window.location.replace("http://server/app.dll?qsinfo")
    : . <META HTTP-EQUIV="REFRESH" CONTENT="0;URL=http://server/app.dll?qsinfo">
    : . window.open("http://server/app.dll?qsinfo")
    : . Opening the URL from a bookmark, desktop shortcut, or an application
    : other than the browser.
    :
    : Each of these causes failure:
    : . <A HREF="http://server/app.dll?qsinfo">Go</A>
    : . <A HREF="Redirect.asp">Go</A>, where Redirect.asp reads:
    : <% Response.Redirect("http://server/app.dll?qsinfo") %>
    : . Ditto, but with Server.Transfer()
    : . <IFRAME SRC="http://server/app.dll?qsinfo"></IFRAME>
    :
    : I suspected early on that the HTTP_REFERER was the culprit, as the
    : above divide neatly according to absence or presence of that header.
    : Fortunately, Mozilla allows me to confirm this:
    :
    : [about:config] --> set network.http.sendRefererHeader = 0
    :
    :
    : Now, I am perfectly capable of using a workaround until the vendor fixes
    the
    : problem (my colleagues were happy to run with the META solution, but I
    find
    : it inelegant), but I am left wondering if there were an easier solution
    : available to me.
    :
    : Is anyone here aware of a means of stripping the HTTP_REFERER header?

    Is this what you're after?
    Remove:
    http://msdn.microsoft.com/library/en-us/act/htm/actml_ref_rem.asp?frame=true
    Reference:
    http://msdn.microsoft.com/library/en-us/act/htm/actml_ref_href.asp?frame=true


    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Apr 20, 2004
    #2
    1. Advertising

  3. Roland Hall wrote:
    >
    >> Is anyone here aware of a means of stripping the HTTP_REFERER header?

    >
    > Is this what you're after?
    > Remove:
    >

    http://msdn.microsoft.com/library/en-us/act/htm/actml_ref_rem.asp?frame=true
    > Reference:
    >

    http://msdn.microsoft.com/library/en-us/act/htm/actml_ref_href.asp?frame=true

    Perhaps I should be more explicit. I want the client to send its request
    without the HTTP_REFERER header. Unless I'm missing something, the ability
    to tweak headers in ACT does not seem to assist me in this.



    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
     
    Dave Anderson, Apr 21, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Elliot M. Rodriguez
    Replies:
    1
    Views:
    644
    bruce barker
    Feb 12, 2004
  2. Philippe Poulard
    Replies:
    0
    Views:
    419
    Philippe Poulard
    Sep 7, 2004
  3. Douglas Alan

    Spam avoidance

    Douglas Alan, Mar 21, 2006, in forum: Python
    Replies:
    4
    Views:
    312
    Neil Schemenauer
    Mar 22, 2006
  4. Frank Cisco

    Most efficient null avoidance

    Frank Cisco, Aug 11, 2009, in forum: Java
    Replies:
    4
    Views:
    446
    Daniel Pitts
    Aug 13, 2009
  5. Barry
    Replies:
    4
    Views:
    366
    Daniel Pitts
    Sep 2, 2009
Loading...

Share This Page