Mark, Curious, what other method do you use?
Paul Giesenhagen QuillDesign > I have always regarded the use of HTTP_Referer as a security measure to be > rather poor, as it can easily be spoofed. So my sites don't rely on it, > although occassionally they may use it to refine error messages. > > Cheers > > > > >The correct spelling is the American spelling - i.e. cgi.http_referer > >even > >though my outlook insists on arguing with me and changing it to referrer. > > > >But as you have discovered, not all browsers send the parameter, because > >the > >anti-spamming measures adopted by a lot of people block it. This hasn't > >been much of a worry until recently. But a site I'm working on has a > >rapidly increasing number of users with this problem, and I'm having to > >re-write a whole application which relied on http_referer to verify the > >user > >had access. Computers are increasingly being delivered to users with > >personal firewalls installed and that gives rise to the problem. > > > >IN short, if you're planning an application that's going to need > >http_referer, my advice is to re-think it! > > > >Cheers, > >Mike Kear > >Windsor, NSW, Australia > >AFP WebWorks > > > > > >-----Original Message----- > >From: mark brinkworth [mailto:[EMAIL PROTECTED]] > >Sent: Sunday, 28 July 2002 1:09 PM > >To: CF-Talk > >Subject: Re: CGI.HTTP_REFERER > > > >Some firewalls (such as Norton's - I know this from personal experience), > >block or change the http_referer that is sent from the browser to the > >server. In the case or Norton, it gets changed to http_weferer, and > >consists > >of a rather random looking alphabet soup. > > > >Cheers, > >Mark > > > > > > > > > > >Okay. I'm stumped. I had this whole lovely plan for something I'm > >working > > >on. It involved looking at the value of CGI.HTTP_REFERER. But that > >value > > >isn't coming up on my radar. It doesn't matter what browser I use. It's > > >just not there. I've tried different spellings (REFERRER, REFERER), > >looped > > >through every variable available, put a reference without a variable > >scope > > >prefix, everything. It just doesn't show up. > > > > > >I understand that the CGI variables returned are based on the server > > >configuration. So I guess my entire pile of questions is: > > > > > >A) Am I doing something simple and obviously stupid? > > > > > >B) What would I have to do to my server to get it to return this > >variable: > > >is it on the CFAS side, or on the HTTP-server-software side? > > > > > >Thanks for any help anyone can give. I need this blasted variable!! > > > > > >Matthieu > > > > > > > > > > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
