Hey all,
I just ran into a problem accessing a site linked from slashdot,
<http://www.colemanpowermate.com/fuelcell/airgen.shtml>, and got
slammed with an IIS security alert instead of the requested page.
I then found this remark down in the discussions on the slashdot
article:
] Hmmm... if you use Mozilla 0.9.5+ / Netscape 6.2 this doesn't happen
] from the Slashdot-to-Coleman link. I think I know why: Mozilla doesn't
] send HTTP_REFERER. At least, not that I can tell.
I think he had a typo in that first paragraph and it parsed
the exact opposite of what made sense...
] Friday I ran into trouble setting up a weblink to a credit card
] processor for one of our smaller sites. The card processor restricts
] connections based on HTTP_REFERER (great security scheme, no?) and I
] was getting an unexpected error while using Moz. Then I used Konq and
] IE, which worked fine. Testing on my own servers I noticed that Moz
] wasn't sending the header when I POSTED from one server to another.
]
] I don't have time to deal with this, other than to restrict
] Mozilla/Netscape 6.2 browsers from using the shopping cart for this
] site. Sucks.
Mozilla doesn't send HTTP_REFERER? As a web server owner, I
would have to concure that SUCKS if true. I don't use it for security
but I do use it for other things. If that's breaking compatibility
with some sites, that's a definite bug, which I'll plug into bugzilla
later (maybe it's already there). If it's not true, maybe someone
cluefull needs to post a response on the Coleman Fuelcell article.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
