I have always regarded the use of HTTP_Referer as a security measure to be rather poor, as it can easily be spoofed. So my sites don't rely on it, although occassionally they may use it to refine error messages.
Cheers >The correct spelling is the American spelling - i.e. cgi.http_referer >even >though my outlook insists on arguing with me and changing it to referrer. > >But as you have discovered, not all browsers send the parameter, because >the >anti-spamming measures adopted by a lot of people block it. This hasn't >been much of a worry until recently. But a site I'm working on has a >rapidly increasing number of users with this problem, and I'm having to >re-write a whole application which relied on http_referer to verify the >user >had access. Computers are increasingly being delivered to users with >personal firewalls installed and that gives rise to the problem. > >IN short, if you're planning an application that's going to need >http_referer, my advice is to re-think it! > >Cheers, >Mike Kear >Windsor, NSW, Australia >AFP WebWorks > > >-----Original Message----- >From: mark brinkworth [mailto:[EMAIL PROTECTED]] >Sent: Sunday, 28 July 2002 1:09 PM >To: CF-Talk >Subject: Re: CGI.HTTP_REFERER > >Some firewalls (such as Norton's - I know this from personal experience), >block or change the http_referer that is sent from the browser to the >server. In the case or Norton, it gets changed to http_weferer, and >consists >of a rather random looking alphabet soup. > >Cheers, >Mark > > > > > >Okay. I'm stumped. I had this whole lovely plan for something I'm >working > >on. It involved looking at the value of CGI.HTTP_REFERER. But that >value > >isn't coming up on my radar. It doesn't matter what browser I use. It's > >just not there. I've tried different spellings (REFERRER, REFERER), >looped > >through every variable available, put a reference without a variable >scope > >prefix, everything. It just doesn't show up. > > > >I understand that the CGI variables returned are based on the server > >configuration. So I guess my entire pile of questions is: > > > >A) Am I doing something simple and obviously stupid? > > > >B) What would I have to do to my server to get it to return this >variable: > >is it on the CFAS side, or on the HTTP-server-software side? > > > >Thanks for any help anyone can give. I need this blasted variable!! > > > >Matthieu > > > > > > > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
