Is it not likely that most third-party applications designed to block
ads and/or protect the user's privacy would remove/suppress the Referer
header in the HTTP request, but not filter the form data or suppress the
use of the document.referrer property in JavaScript? If so, MHK's
findings are exactly what should be expected.
Regards,
Marcus Tucker
www.marcustucker.com
-----Original Message-----
Subject: Re: Mystery behind REFERER
From: "Ken Schaefer" <[EMAIL PROTECTED]>
Date: Sun, 29 Sep 2002 17:00:41 +1000
X-Message-Number: 1
a) Request.ServerVariables("HTTP_Referer") is populated from the data in
the HTTP Referer header that is sent by the client to the server. If
there is no data in that variable, then it is because the browser did
not send any to the server.
b) You can tamper with it easily. Here, I use telnet to "simulate" a
HTTP GET request, and populate the HTTP Referer header with any old data
that I
like:
c:\>telnet
telnet>open www.yoursite.com 80
GET / HTTP/1.1
Host: www.yoursite.com
Referer: hahahahaha
[enter]
[enter]
In your logs, the referer will be "hahahahaha"
Cheers
Ken
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "M. H. K." <[EMAIL PROTECTED]>
Subject: Mystery behind REFERER
: Using <script>document.write ("<input type=hidden name=ref value='" +
document.referrer + "'>")</script>
:
: seems to me a better approach than
:
: Using request.ServerVariables to get the REFERER.
:
: In my experiments, I seem to get more referer on the 1st appoach
compared
: to the 2nd.
:
: We know that sometimes "referer" is just not available. I don't mean
the
: bookmark|favoritte origins or straight URLs or some DESKTOP situated
web
: links. I mean the real mystery, that is *sometimes either the web
server's
: or the browser's block this info, although there is a true REFERER.
:
: I'd like to read on this mystery. First of all, is it the servers or
is it
: the browsers that block this info ? and secondly what's the most
effective
: method in your experiments to get the most REFERER possible ( where
there
: is a TRUE referer available )?
:
: And finally I am hearing that it is somehow possible to TAMPER the
referer
: info or the serverVariables("remote_addr"), thus they should not be
: considered as valid securrity measurements. If that's true, how do
they
: get to tamper this info ? There is no ASP code to make this happen.
Then
: what is it ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------
Subject: mouseover effect?
From: Tsiris Alexandros <[EMAIL PROTECTED]>
Date: Mon, 30 Sep 2002 09:26:38 +0300
X-Message-Number: 2
I apologize as this is probably OT.
I have an asp page that briengs back a recordset.
then depending on the value of a certain field, I manipulate the display
of some rows like this:
<TR NAms="NAMES" NB="NB" LastName="LastName" TAX="TAXNO" IDTYPE="IDTYPE"
IDNO="IdNo" Status="Status" <% if rstSearchResults.Fields
("Status").Value <> "EXECUTED" then %> Class="TableLink"><% else
%><Class="DATAROW"><%end if %>
Is there anyway within the above statement that I can include a
onmouseover effect that displays a message when the 'else' condition is
met?
I would like to have a mouseover effect like the ones inherent in
windows applications when you keep your mouse pointer on top of
something and an explanation comes up.
Thank you,
Alexander
---
END OF DIGEST
---
You are currently subscribed to activeserverpages as:
[EMAIL PROTECTED] To unsubscribe send a blank email to
%%email.unsub%%
---
You are currently subscribed to activeserverpages as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
