Re: HTTP_REFERER
On Sun, 17 Oct 2004 18:11:05 -0400, Phillip Perry [EMAIL PROTECTED] wrote: Doing this with the HTTP_REFERER variable gives me an error stating that http://www.blah.com/blah/blah.cfm is syntactically incorrect. Don't forget, that sometimes personal firewall software (like Norton Internet Security, my personal nemesis) will strip out the HTTP_REFERER information. In the web logs for one of out sites, we get a lot of none of your business as the referring string, or sometimes the software maker's URL :( -- Kay Smoljak http://kay.smoljak.com/ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: HTTP_REFERER
I use something like this in my application.cfm to check to see if the user is logged in and if not, capture the original URL that they requested and display the login page. CFIF NOT IsDefined(session.loggedIn) CFIF len(cgi.query_string) CFSET initialURL = http://localhost cgi.path_info ? cgi.query_string CFELSE CFSET initialURL = http://localhost cgi.path_info /CFIF CFINCLUDE template=login.cfm CFABORT /CFIF Substitute localhost for your webroot.Then in your login template, you'll have access to the initialURL variable that you can then use to redirect the user to the originally requested page. HTH, Jeff Garza Manager, Phoenix ColdFusion User Group [EMAIL PROTECTED] _ From: Phillip Perry [mailto:[EMAIL PROTECTED] Sent: Sunday, October 17, 2004 3:11 PM To: CF-Talk Subject: HTTP_REFERER Thanks for answering my last question. Too many issues kept coming up so I abandoned using application.cfm for headers and went back to just including templates into each page. Now I have another problem. When I have people log in I want them to go to the page that they wanted to go to right after the login info is confirmed. Doing this with the HTTP_REFERER variable gives me an error stating that http://www.blah.com/blah/blah.cfm is syntactically incorrect. I'm assuming its becuase of all the /'s and :'s and the like. How do I go about doing this? Thanks Phil _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: HTTP_REFERER
I assume you have a page that or snippet that checks for a valid login session, if there isnt one it redirects to a login form? In this portion of code I usually take everything in the cgi.query_string and append it to the redirect so once they login, the login redirect can put the original url variables back in place and send them to the page the initially tried to hit Make sense? So if they hit index.cfm?action="" but werent logged in, they would go to index.cfm?action=""> Then once they submit the form to login they would get redirected to index.cfm?action=""> _ From: Phillip Perry [mailto:[EMAIL PROTECTED] Sent: Sunday, October 17, 2004 6:11 PM To: CF-Talk Subject: HTTP_REFERER Thanks for answering my last question. Too many issues kept coming up so I abandoned using application.cfm for headers and went back to just including templates into each page. Now I have another problem. When I have people log in I want them to go to the page that they wanted to go to right after the login info is confirmed. Doing this with the HTTP_REFERER variable gives me an error stating that http://www.blah.com/blah/blah.cfm is syntactically incorrect. I'm assuming its becuase of all the /'s and :'s and the like. How do I go about doing this? Thanks Phil _ [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=t:4Todays Threads] [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=i:4:181701This Message] [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=s:4Subscription] [HYPERLINK http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=678.598.4Fast Unsubscribe] [HYPERLINK http://www.houseoffusion.com/signin/User Settings] [HYPERLINK https://www.paypal.com/cgi-bin/webscr?amount=item_name=House+of+Fusionbus iness=donations%40houseoffusion.comundefined_quantity=cmd=_xclickDonation s and Support] _ HYPERLINK http://www.houseoffusion.com/banners/view.cfm?bannerid=34 \n --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: HTTP_REFERER
Scoped as url ofcourse ; ) Index.cfm?action=""> _ From: Ewok [mailto:[EMAIL PROTECTED] Sent: Sunday, October 17, 2004 9:42 PM To: CF-Talk Subject: RE: HTTP_REFERER I assume you have a page that or snippet that checks for a valid login session, if there isnt one it redirects to a login form? In this portion of code I usually take everything in the cgi.query_string and append it to the redirect so once they login, the login redirect can put the original url variables back in place and send them to the page the initially tried to hit Make sense? So if they hit index.cfm?action="" but werent logged in, they would go to index.cfm?action=""> Then once they submit the form to login they would get redirected to index.cfm?action=""> _ From: Phillip Perry [mailto:[EMAIL PROTECTED] Sent: Sunday, October 17, 2004 6:11 PM To: CF-Talk Subject: HTTP_REFERER Thanks for answering my last question. Too many issues kept coming up so I abandoned using application.cfm for headers and went back to just including templates into each page. Now I have another problem. When I have people log in I want them to go to the page that they wanted to go to right after the login info is confirmed. Doing this with the HTTP_REFERER variable gives me an error stating that http://www.blah.com/blah/blah.cfm is syntactically incorrect. I'm assuming its becuase of all the /'s and :'s and the like. How do I go about doing this? Thanks Phil _ [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=t:4Todays Threads] [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=i:4:181701This Message] [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=s:4Subscription] [HYPERLINK http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=678.598.4Fast Unsubscribe] [HYPERLINK http://www.houseoffusion.com/signin/User Settings] [HYPERLINK https://www.paypal.com/cgi-bin/webscr?amount=item_name=House+of+Fusionbus iness=donations%40houseoffusion.comundefined_quantity=cmd=_xclickDonation s and Support] _ HYPERLINK http://www.houseoffusion.com/banners/view.cfm?bannerid=34 \n --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 _ [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=t:4Todays Threads] [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=i:4:181704This Message] [HYPERLINK http://www.houseoffusion.com/lists.cfm/link=s:4Subscription] [HYPERLINK http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=678.598.4Fast Unsubscribe] [HYPERLINK http://www.houseoffusion.com/signin/User Settings] [HYPERLINK https://www.paypal.com/cgi-bin/webscr?amount=item_name=House+of+Fusionbus iness=donations%40houseoffusion.comundefined_quantity=cmd=_xclickDonation s and Support] _ HYPERLINK http://www.houseoffusion.com/banners/view.cfm?bannerid=44 \n --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: http_referer
FindNoCase(substring, cgi.http_referer) But bear in mind some browsers or client internet security tools might hide the http_referer value. I think Norton Internet Security does. Matthew _ From: Parker, Kevin [mailto:[EMAIL PROTECTED] Sent: Monday, 31 May 2004 2:25 p.m. To: CF-Talk Subject: http_referer Having a little trouble getting the syntax right for checking that a certain page was called from a certain page - can anyone advise please. Can you test that http_referer contains certain information rather than testing the whole string. TIA!!! +++ Kevin Parker Web Services Manager WorkCover Corporation p: 08 8233 2548 e: [EMAIL PROTECTED] w: www.workcover.com +++ This e-mail is intended for the use of the addressee only. It may contain information that is protected by legislated confidentiality and/or is legally privileged. If you are not the intended recipient you are prohibited from disseminating, distributing or copying this e-mail. Any opinion expressed in this e-mail may not necessarily be that of the WorkCover Corporation of South Australia. Although precautions have been taken, the sender cannot warrant that this e-mail or any files transmitted with it are free of viruses or any other defect. If you have received this e-mail in error, please notify the sender immediately by return e-mail and destroy the original e-mail and any copies. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: http_referer
Thanks Matt for the comprehensive reply. I kind of thought that there was a flaw in setting a persistant uuid because cookies can be hijacked etc. On a related note I wonder if using a secure site (https://) can stop cookie hijacking - I have a feeling it can't ? Andrew. I used to create a uuid, store it in a persistent scope, hash it, put that in the hidden form field and then do a comparison on the form post side.I thought this would stop scrapers as they couldn't know the hash source. I threw this out here in another thread and asked if it had holes.Dave Watts pointed out that anyone can visit the form page and take the hidden field and the key pair cookie values.Once they have those and can fake headers they can blow right past pretty much anything but the gif-code thingie, but even that just requires a human to submit. I'd recommend doing all of the tests you can think of.Referrers, request method, hidden fields, input scrubbing, cfqueryparam etc.But I don't think the solution can be made truly ironclad. Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc.http://mysecretbase.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: http_referer
HTTPS will only secure the cookies in transit.They'll still be stored in plain text on the user's computer, and may even be sent to the server over plain HTTP if they weren't specifically set with the secure option. However, if you're using a new UUID for each time the form is generated, then the odds of this hole being exploited is acceptably small, at least to me. What are the odds that you'll generate a form, and before the person submits it or a timeout happens some malicious user is going to get both the HTML of the form sent to the user (for the hidden form field) AND their cookie values?About the only chance you've got is packet sniffing, which HTTPS will take care of, and killing the user at their terminal and taking over, which there is no way to prevent. You can also consider mixing other data in the hash, such as the visitor's user agent, or even their IP (though that can get you in trouble if a network has multiple outbound routers). Cheers, barneyb -Original Message- From: Andrew Grosset [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 8:10 PM To: CF-Talk Subject: Re: http_referer Thanks Matt for the comprehensive reply. I kind of thought that there was a flaw in setting a persistant uuid because cookies can be hijacked etc. On a related note I wonder if using a secure site (https://) can stop cookie hijacking - I have a feeling it can't ? Andrew. I used to create a uuid, store it in a persistent scope, hash it, put that in the hidden form field and then do a comparison on the form post side.I thought this would stop scrapers as they couldn't know the hash source. I threw this out here in another thread and asked if it had holes.Dave Watts pointed out that anyone can visit the form page and take the hidden field and the key pair cookie values.Once they have those and can fake headers they can blow right past pretty much anything but the gif-code thingie, but even that just requires a human to submit. I'd recommend doing all of the tests you can think of.Referrers, request method, hidden fields, input scrubbing, cfqueryparam etc.But I don't think the solution can be made truly ironclad. Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc.http://mysecretbase.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: http_referer
I think the point was that when you create the UUID to put in the hidden form field, you also stick it in a persistent variable scope. That way you can compare the submitted UUID with the original value. If they don't match, you know the form has been spoofed and can act accordingly. This method will stop the submission of form data without having actually filled the form, but it wouldn't stop screen-scrapers reading the hidden field as well as the visible ones. For that you'd need one of those type the word you see in the graphic thingies (I know there's a name for them but can never remember it). -- Howard Fore, [EMAIL PROTECTED] On May 10, 2004, at 10:37 PM, Andrew Grosset wrote: I don't follow...couldn't I just copy the uuid and place it in a hidden field in MY form and submit that? Stick a uuid in a hidden field and check that you get the same one back. cgi.http_referer can't be trusted as it can be easily spoofed. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: http_referer
I used to create a uuid, store it in a persistent scope, hash it, put that in the hidden form field and then do a comparison on the form post side.I thought this would stop scrapers as they couldn't know the hash source. I threw this out here in another thread and asked if it had holes.Dave Watts pointed out that anyone can visit the form page and take the hidden field and the key pair cookie values.Once they have those and can fake headers they can blow right past pretty much anything but the gif-code thingie, but even that just requires a human to submit. I'd recommend doing all of the tests you can think of.Referrers, request method, hidden fields, input scrubbing, cfqueryparam etc.But I don't think the solution can be made truly ironclad. Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc.http://mysecretbase.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: http_referer
Stick a uuid in a hidden field and check that you get the same one back. cgi.http_referer can't be trusted as it can be easily spoofed. Andrew Grosset wrote: Is there an alternative to cgi.http_referer when checking that a form submission originated from the form page? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: http_referer
You can't rely on cgi.http_referer.Not all browsers pass it.Either because the software just doesn't, or because the users disable it for privacy reasons. If you really need to pass that across, then I'd suggest creating a hidden field on the previous page containing cgi.Script_Name that gets passed across.That way you're controlling it yourself, and can guarantee the information. Cheers Mike Kear Windsor, NSW, Australia AFP Webworks http://afpwebworks.com _ From: Andrew Grosset [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 May 2004 11:23 AM To: CF-Talk Subject: http_referer Is there an alternative to cgi.http_referer when checking that a form submission originated from the form page? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: http_referer
That's just as easy to spoof as http_referer.Better to do what Jerry suggested and use a UUID in a hidden field that is also stored in the session/client scope for validation on submit. Cheers, barneyb -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 7:26 PM To: CF-Talk Subject: RE: http_referer You can't rely on cgi.http_referer.Not all browsers pass it.Either because the software just doesn't, or because the users disable it for privacy reasons. If you really need to pass that across, then I'd suggest creating a hidden field on the previous page containing cgi.Script_Name that gets passed across.That way you're controlling it yourself, and can guarantee the information. Cheers Mike Kear Windsor, NSW, Australia AFP Webworks http://afpwebworks.com _ From: Andrew Grosset [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 May 2004 11:23 AM To: CF-Talk Subject: http_referer Is there an alternative to cgi.http_referer when checking that a form submission originated from the form page? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: http_referer
I don't follow...couldn't I just copy the uuid and place it in a hidden field in MY form and submit that? Stick a uuid in a hidden field and check that you get the same one back. cgi.http_referer can't be trusted as it can be easily spoofed. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: HTTP_REFERER
I use it. I get an empty string when they use a Bookmark or type in the URL. If they click a link it works. Also I believe you can turn header info off in some browsers. So I use a IsDefined(CGI.HTTP_REFERER) and cfif CGI.HTTP_REFERER IS NOT '' Before outputting it. Rick -Original Message- From: Robert Bailey [mailto:[EMAIL PROTECTED] Sent: Sunday, January 25, 2004 11:18 AM To: CF-Talk Subject: HTTP_REFERER On every one of our CFMX servers(18 of them!), when using this: CFOUTPUT#CGI.HTTP_REFERER#/CFOUTPUT It never returns anything, just an empty string. Anyone have this problem at all? CFMX 6.01 (latest update, some are standard install, some are installed with JRUN), IIS 6, 2003 server _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: HTTP_REFERER
Hi Rick, cgi variables are always defined, you just need to check if they are populated. you could do cfif len(CGI.HTTP_REFERER) Taco Fleur Bloghttp://www.tacofleur.com/index/blog/ http://www.tacofleur.com/index/blog/ Methodology http://www.tacofleur.com/index/methodology/ 0421 851 786 Tell me and I will forget Show me and I will remember Teach me and I will learn -Original Message- From: cfhelp [mailto:[EMAIL PROTECTED] Sent: Monday, 26 January 2004 3:27 AM To: CF-Talk Subject: RE: HTTP_REFERER I use it. I get an empty string when they use a Bookmark or type in the URL. If they click a link it works. Also I believe you can turn header info off in some browsers. So I use a IsDefined(CGI.HTTP_REFERER) and cfif CGI.HTTP_REFERER IS NOT '' Before outputting it. Rick -Original Message- From: Robert Bailey [mailto:[EMAIL PROTECTED] Sent: Sunday, January 25, 2004 11:18 AM To: CF-Talk Subject: HTTP_REFERER On every one of our CFMX servers(18 of them!), when using this: CFOUTPUT#CGI.HTTP_REFERER#/CFOUTPUT It never returns anything, just an empty string. Anyone have this problem at all? CFMX 6.01 (latest update, some are standard install, some are installed with JRUN), IIS 6, 2003 server _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: HTTP_REFERER
I *think* Norton Internet Security also blocks them. -Original Message- From: cfhelp [mailto:[EMAIL PROTECTED] Sent: Monday, 26 January 2004 5:27 a.m. To: CF-Talk Subject: RE: HTTP_REFERER I use it. I get an empty string when they use a Bookmark or type in the URL. If they click a link it works. Also I believe you can turn header info off in some browsers. So I use a IsDefined(CGI.HTTP_REFERER) and cfif CGI.HTTP_REFERER IS NOT '' Before outputting it. Rick -Original Message- From: Robert Bailey [mailto:[EMAIL PROTECTED] Sent: Sunday, January 25, 2004 11:18 AM To: CF-Talk Subject: HTTP_REFERER On every one of our CFMX servers(18 of them!), when using this: CFOUTPUT#CGI.HTTP_REFERER#/CFOUTPUT It never returns anything, just an empty string. Anyone have this problem at all? CFMX 6.01 (latest update, some are standard install, some are installed with JRUN), IIS 6, 2003 server _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: HTTP_REFERER
Yes, that was what it was. Norton is not good for everything :) From: Matthew Walker [mailto:[EMAIL PROTECTED] Sent: Sunday, January 25, 2004 4:32 PM To: CF-Talk Subject: RE: HTTP_REFERER I *think* Norton Internet Security also blocks them. -Original Message- From: cfhelp [mailto:[EMAIL PROTECTED] Sent: Monday, 26 January 2004 5:27 a.m. To: CF-Talk Subject: RE: HTTP_REFERER I use it. I get an empty string when they use a Bookmark or type in the URL. If they click a link it works. Also I believe you can turn header info off in some browsers. So I use a IsDefined(CGI.HTTP_REFERER) and cfif CGI.HTTP_REFERER IS NOT '' Before outputting it. Rick -Original Message- From: Robert Bailey [mailto:[EMAIL PROTECTED] Sent: Sunday, January 25, 2004 11:18 AM To: CF-Talk Subject: HTTP_REFERER On every one of our CFMX servers(18 of them!), when using this: CFOUTPUT#CGI.HTTP_REFERER#/CFOUTPUT It never returns anything, just an empty string. Anyone have this problem at all? CFMX 6.01 (latest update, some are standard install, some are installed with JRUN), IIS 6, 2003 server _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: HTTP_REFERER Problem
The referer is only filled in (that is, "extruded" haha) if the user clicks on a hyperlink to get to your site. If you are browsing a site and simply type in a new URL then the referer is blank. Howie Hamlin -- inFusion Project Manager; On-Line Data Solutions, Inc. (631)737-4668 www.CoolFusion.com Please vote for iMS in the Most Innovative category here: *** http://www.sys-con.com/ColdFusion/readerschoice2000/ *** Check out inFusion Mail Server - the world's most configurable email server - Original Message - From: Brian Mitter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 16, 2000 6:39 PM Subject: HTTP_REFERER Problem Hi All, Any IIS wizards out there have any idea why we can never retrieve the HTTP_REFERER variable if the user has come from ANOTHER server/domain? If they come from another page on our server/domain we can retrieve the page in HTTP_REFERER otherwise it is empty. It is turned ON in the logging, is there anywhere else it can be turned off in IIS? Thanks Brian -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: HTTP_REFERER Problem
Yep, I realise that, what I mean though is that the referer is NEVER there, for example I ran a few log files through webtrends and it came up with no referers whatsoever. v.strange! I've checked and in the properties for logging in IIS it is definitely enabled to log the referer. I've ran tests by setting up a link on another server to a page on our server and getting it to display the referer but got nada... If I put this test page with the link on our server though and have it link to another page on our server it does then give the referer... is it possible for the the firewall to strip out the referer or something odd like that? I'm not to "up" on firewalls so dont laugh too hard if that sounds ridiculous! :) I'm clutching at straws here... - Original Message - From: "Howie Hamlin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 17, 2000 12:29 AM Subject: Re: HTTP_REFERER Problem The referer is only filled in (that is, "extruded" haha) if the user clicks on a hyperlink to get to your site. If you are browsing a site and simply type in a new URL then the referer is blank. Howie Hamlin -- inFusion Project Manager; On-Line Data Solutions, Inc. (631)737-4668 www.CoolFusion.com Please vote for iMS in the Most Innovative category here: *** http://www.sys-con.com/ColdFusion/readerschoice2000/ *** Check out inFusion Mail Server - the world's most configurable email server - Original Message - From: Brian Mitter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 16, 2000 6:39 PM Subject: HTTP_REFERER Problem Hi All, Any IIS wizards out there have any idea why we can never retrieve the HTTP_REFERER variable if the user has come from ANOTHER server/domain? If they come from another page on our server/domain we can retrieve the page in HTTP_REFERER otherwise it is empty. It is turned ON in the logging, is there anywhere else it can be turned off in IIS? Thanks Brian --- --- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --- --- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: HTTP_REFERER Problem
I think that's pretty likely. A proxy could strip that stuff out as part of a privacy policy. Would this problem be likely to be at the server end, or the client end? Is this for a client extranet (in which case it would probably be client end) or general Internet (in which case it must be server end)? David Brian Mitter wrote: Yep, I realise that, what I mean though is that the referer is NEVER there, for example I ran a few log files through webtrends and it came up with no referers whatsoever. v.strange! I've checked and in the properties for logging in IIS it is definitely enabled to log the referer. I've ran tests by setting up a link on another server to a page on our server and getting it to display the referer but got nada... If I put this test page with the link on our server though and have it link to another page on our server it does then give the referer... is it possible for the the firewall to strip out the referer or something odd like that? I'm not to "up" on firewalls so dont laugh too hard if that sounds ridiculous! :) I'm clutching at straws here... - Original Message - From: "Howie Hamlin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 17, 2000 12:29 AM Subject: Re: HTTP_REFERER Problem The referer is only filled in (that is, "extruded" haha) if the user clicks on a hyperlink to get to your site. If you are browsing a site and simply type in a new URL then the referer is blank. Howie Hamlin -- inFusion Project Manager; On-Line Data Solutions, Inc. (631)737-4668 www.CoolFusion.com Please vote for iMS in the Most Innovative category here: *** http://www.sys-con.com/ColdFusion/readerschoice2000/ *** Check out inFusion Mail Server - the world's most configurable email server - Original Message - From: Brian Mitter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 16, 2000 6:39 PM Subject: HTTP_REFERER Problem Hi All, Any IIS wizards out there have any idea why we can never retrieve the HTTP_REFERER variable if the user has come from ANOTHER server/domain? If they come from another page on our server/domain we can retrieve the page in HTTP_REFERER otherwise it is empty. It is turned ON in the logging, is there anywhere else it can be turned off in IIS? Thanks Brian --- --- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --- --- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: HTTP_REFERER Problem
Referrer is only available from a hyperlink, this is a built in security feature of the browser to hide the users history from pages that are not specifically linked together. -Original Message- From: Brian Mitter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 16, 2000 6:50 PM To: [EMAIL PROTECTED] Subject: Re: HTTP_REFERER Problem Yep, I realise that, what I mean though is that the referer is NEVER there, for example I ran a few log files through webtrends and it came up with no referers whatsoever. v.strange! I've checked and in the properties for logging in IIS it is definitely enabled to log the referer. I've ran tests by setting up a link on another server to a page on our server and getting it to display the referer but got nada... If I put this test page with the link on our server though and have it link to another page on our server it does then give the referer... is it possible for the the firewall to strip out the referer or something odd like that? I'm not to "up" on firewalls so dont laugh too hard if that sounds ridiculous! :) I'm clutching at straws here... - Original Message - From: "Howie Hamlin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 17, 2000 12:29 AM Subject: Re: HTTP_REFERER Problem The referer is only filled in (that is, "extruded" haha) if the user clicks on a hyperlink to get to your site. If you are browsing a site and simply type in a new URL then the referer is blank. Howie Hamlin -- inFusion Project Manager; On-Line Data Solutions, Inc. (631)737-4668 www.CoolFusion.com Please vote for iMS in the Most Innovative category here: *** http://www.sys-con.com/ColdFusion/readerschoice2000/ *** Check out inFusion Mail Server - the world's most configurable email server - Original Message - From: Brian Mitter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 16, 2000 6:39 PM Subject: HTTP_REFERER Problem Hi All, Any IIS wizards out there have any idea why we can never retrieve the HTTP_REFERER variable if the user has come from ANOTHER server/domain? If they come from another page on our server/domain we can retrieve the page in HTTP_REFERER otherwise it is empty. It is turned ON in the logging, is there anywhere else it can be turned off in IIS? Thanks Brian --- --- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --- --- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
